GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
406 advisories
request_store has Incorrect Default Permissions
Moderate
CVE-2024-43791
was published
for
request_store
(RubyGems)
Aug 23, 2024
fugit parse and parse_nat stall on lengthy input
Moderate
CVE-2024-43380
was published
for
fugit
(RubyGems)
Aug 19, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
RailsAdmin Cross-site Scripting vulnerability in the list view
Moderate
CVE-2024-39308
was published
for
rails_admin
(RubyGems)
Jul 8, 2024
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Moderate
CVE-2024-39316
was published
for
rack
(RubyGems)
Jul 3, 2024
Missing security headers in Action Pack on non-HTML responses
Moderate
CVE-2024-28103
was published
for
actionpack
(RubyGems)
Jun 4, 2024
ActionText ContentAttachment can Contain Unsanitized HTML
Moderate
CVE-2024-32464
was published
for
actiontext
(RubyGems)
Jun 4, 2024
Kaminari Insecure File Permissions Vulnerability
Moderate
CVE-2024-32978
was published
for
kaminari
(RubyGems)
May 28, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
Moderate
CVE-2024-32887
was published
for
sidekiq
(RubyGems)
Apr 26, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Moderate
CVE-2024-29034
was published
for
carrierwave
(RubyGems)
Mar 25, 2024
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Moderate
CVE-2023-51774
was published
for
json-jwt
(RubyGems)
Feb 29, 2024
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Moderate
CVE-2024-25126
was published
for
rack
(RubyGems)
Feb 28, 2024
ProTip!
Advisories are also available from the
GraphQL API