Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,092
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,414
Swift
61
Unreviewed advisories
All unreviewed
5,000+

89 advisories

Loading
Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption Low
CVE-2026-54906 was published for concurrent-ruby (RubyGems) Jun 19, 2026
pranjalithakur Credited to pranjalithakur
Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity Low
CVE-2026-54905 was published for concurrent-ruby (RubyGems) Jun 19, 2026
pranjalithakur Credited to pranjalithakur
Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=` Low
GHSA-phwj-rprq-35pp was published for nokogiri (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd
Nokogiri: Possible Use-After-Free in XInclude Processing Low
GHSA-wfpw-mmfh-qq69 was published for nokogiri (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd
Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime Low
GHSA-p67v-3w7g-wjg7 was published for nokogiri (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd
Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type Low
GHSA-wjv4-x9w8-wm3h was published for nokogiri (RubyGems) Jun 19, 2026
Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes Low
GHSA-9cv2-cfxc-v4v2 was published for nokogiri (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247 Low
GHSA-8678-w3jw-xfc2 was published for nokogiri (RubyGems) Jun 19, 2026
bilerden Credited to bilerden
Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception Low
GHSA-5v8h-3h3q-446p was published for nokogiri (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd
Net::IMAP: Denial of Service via incomplete raw argument validation Low
CVE-2026-47241 was published for net-imap (RubyGems) Jun 9, 2026
fg0x0 Credited to fg0x0
Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping Low
CVE-2026-33637 was published for faraday (RubyGems) May 18, 2026
Pirikara Credited to Pirikara
net-imap has quadratic complexity when reading response literals Low
CVE-2026-42245 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID Low
GHSA-9pm8-vwc5-w2hm was published for fat_free_crm (RubyGems) Apr 14, 2026
bgeesaman Credited to bgeesaman
Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController) Low
GHSA-53p3-c7vp-4mcc was published for action_text-trix (RubyGems) Mar 29, 2026
Loofah has improper detection of disallowed URIs via `allowed_uri?` Low
GHSA-2j22-pr5w-6gq8 was published for loofah (RubyGems) Mar 26, 2026
Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests Low
CVE-2026-33658 was published for activestorage (RubyGems) Mar 25, 2026
Rails has a possible XSS vulnerability in its Action View tag helpers Low
CVE-2026-33168 was published for actionview (RubyGems) Mar 23, 2026
Rails has a possible XSS vulnerability in its Action Pack debug exceptions Low
CVE-2026-33167 was published for actionpack (RubyGems) Mar 23, 2026
Improper detection of disallowed URIs by Loofah `allowed_uri?` Low
GHSA-46fp-8f5p-pf2m was published for loofah (RubyGems) Mar 18, 2026
Bitcoinrb Vulnerable to Command injection via RPC Low
GHSA-q66h-m87m-j2q6 was published for bitcoinrb (RubyGems) Feb 10, 2026
URI Credential Leakage Bypass over CVE-2025-27221 Low
CVE-2025-61594 was published for uri (RubyGems) Dec 30, 2025
Sinatra is vulnerable to ReDoS through ETag header value generation Low
CVE-2025-61921 was published for sinatra (RubyGems) Oct 10, 2025
dentarg Credited to dentarg
REXML has DoS condition when parsing malformed XML file Low
CVE-2025-58767 was published for rexml (RubyGems) Sep 17, 2025
sofiaaberegg Credited to sofiaaberegg
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow Low
CVE-2025-6494 was published for nokogiri (RubyGems) Jun 23, 2025 withdrawn
flavorjones Credited to flavorjones
sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow Low
CVE-2025-6490 was published for nokogiri (RubyGems) Jun 22, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database