Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,611
NuGet
638
pip
3,209
Pub
10
RubyGems
853
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
The rack-cors rubygem may allow directory traveral Moderate
CVE-2019-18978 was published for rack-cors (RubyGems) Nov 15, 2019
Sinatra Path Traversal vulnerability Moderate
CVE-2018-7212 was published for sinatra (RubyGems) Feb 20, 2018
Tempfile on Windows path traversal vulnerability High
CVE-2021-28966 was published for tmpdir (RubyGems) May 6, 2021
TZInfo relative path traversal vulnerability allows loading of arbitrary files High
CVE-2022-31163 was published for tzinfo (RubyGems) Jul 21, 2022
kratob
Arbitrary file write in actionpack-page_caching gem Critical
CVE-2020-8159 was published for actionpack-page_caching (RubyGems) May 13, 2020
sprockets vulnerable to Path Traversal Moderate
CVE-2014-7819 was published for sprockets (RubyGems) Oct 24, 2017
mixlib-archive Path Traversal vulnerability High
CVE-2017-1000026 was published for mixlib-archive (RubyGems) May 13, 2022
RubyGems may allow a maliciously crafted gem to overwrite files High
CVE-2017-0901 was published for rubygems-update (RubyGems) May 13, 2022
RubyGems Path Traversal vulnerability Moderate
CVE-2018-1000079 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Path traversal when MessageBus::Diagnostics is enabled Moderate
CVE-2021-43840 was published for message_bus (RubyGems) Dec 17, 2021
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Wicked gem contains Path traversal vulnerability Moderate
CVE-2013-4413 was published for wicked (RubyGems) Oct 24, 2017
Arbitrary file read vulnerability in yard server High
CVE-2017-17042 was published for yard (RubyGems) Dec 21, 2017
actionpack Path Traversal vulnerability Moderate
CVE-2014-0130 was published for actionpack (RubyGems) Oct 24, 2017
Path Traversal in Action View High
CVE-2019-5418 was published for actionview (RubyGems) Mar 13, 2019
actionpack vulnerable to Path Traversal Moderate
CVE-2014-7818 was published for actionpack (RubyGems) Oct 24, 2017
Directory traversal vulnerability in actionpack Moderate
CVE-2014-7829 was published for actionpack (RubyGems) Oct 24, 2017
Rack Vulnerable to Path Traversal Moderate
CVE-2013-0262 was published for rack (RubyGems) Oct 24, 2017
Directory traversal vulnerability in RubyZip Critical
CVE-2017-5946 was published for rubyzip (RubyGems) Oct 24, 2017
tdunlap607
Directory traversal in Rack::Directory app bundled with Rack High
CVE-2020-8161 was published for rack (RubyGems) Jul 6, 2020
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
archive-tar-minitar and minitar vulnerable to Path Traversal High
CVE-2016-10173 was published for archive-tar-minitar (RubyGems) Oct 24, 2017
Sprockets path traversal leads to information leak High
CVE-2018-3760 was published for sprockets (RubyGems) Jun 20, 2018
kurt-r2c
Mongrel vulnerable to directory traversal via double-encoded sequences Moderate
CVE-2007-6612 was published for mongrel (RubyGems) May 1, 2022
Mail Gem Path Traversal vulnerability Moderate
CVE-2012-2139 was published for mail (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API