Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,030
Erlang
29
GitHub Actions
17
Go
1,837
Maven
5,000+
npm
3,575
NuGet
634
pip
3,161
Pub
10
RubyGems
849
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal Low
GHSA-qwf7-rv77-fcr3 was published for iodine (RubyGems) Jan 4, 2024 withdrawn
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal High
CVE-2023-38337 was published for rswag (RubyGems) Jul 15, 2023
TZInfo relative path traversal vulnerability allows loading of arbitrary files High
CVE-2022-31163 was published for tzinfo (RubyGems) Jul 21, 2022
kratob
RubyGems Path Traversal vulnerability Moderate
CVE-2018-1000079 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
RubyGems may allow a maliciously crafted gem to overwrite files High
CVE-2017-0901 was published for rubygems-update (RubyGems) May 13, 2022
mixlib-archive Path Traversal vulnerability High
CVE-2017-1000026 was published for mixlib-archive (RubyGems) May 13, 2022
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Mongrel vulnerable to directory traversal via double-encoded sequences Moderate
CVE-2007-6612 was published for mongrel (RubyGems) May 1, 2022
Path traversal when MessageBus::Diagnostics is enabled Moderate
CVE-2021-43840 was published for message_bus (RubyGems) Dec 17, 2021
Tempfile on Windows path traversal vulnerability High
CVE-2021-28966 was published for tmpdir (RubyGems) May 6, 2021
Directory traversal in Rack::Directory app bundled with Rack High
CVE-2020-8161 was published for rack (RubyGems) Jul 6, 2020
Arbitrary file write in actionpack-page_caching gem Critical
CVE-2020-8159 was published for actionpack-page_caching (RubyGems) May 13, 2020
The rack-cors rubygem may allow directory traveral Moderate
CVE-2019-18978 was published for rack-cors (RubyGems) Nov 15, 2019
Malicious URL drafting attack against iodines static file server may allow path traversal Low
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
Path Traversal vulnerability that affects yard High
CVE-2019-1020001 was published for yard (RubyGems) Jul 2, 2019
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
Path Traversal in Action View High
CVE-2019-5418 was published for actionview (RubyGems) Mar 13, 2019
Sprockets path traversal leads to information leak High
CVE-2018-3760 was published for sprockets (RubyGems) Jun 20, 2018
kurt-r2c
Sinatra Path Traversal vulnerability Moderate
CVE-2018-7212 was published for sinatra (RubyGems) Feb 20, 2018
Arbitrary file read vulnerability in yard server High
CVE-2017-17042 was published for yard (RubyGems) Dec 21, 2017
Mail Gem Path Traversal vulnerability Moderate
CVE-2012-2139 was published for mail (RubyGems) Oct 24, 2017
Wicked gem contains Path traversal vulnerability Moderate
CVE-2013-4413 was published for wicked (RubyGems) Oct 24, 2017
Puppet vulnerable to Path Traversal Low
CVE-2012-3865 was published for puppet (RubyGems) Oct 24, 2017
Rack Vulnerable to Path Traversal Moderate
CVE-2013-0262 was published for rack (RubyGems) Oct 24, 2017
actionpack Path Traversal vulnerability Moderate
CVE-2014-0130 was published for actionpack (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API