GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
892 advisories
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Moderate
CVE-2023-51774
was published
for
json-jwt
(RubyGems)
Feb 29, 2024
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Moderate
CVE-2024-25126
was published
for
rack
(RubyGems)
Feb 28, 2024
Rack has possible DoS Vulnerability with Range Header
Low
CVE-2024-26141
was published
for
rack
(RubyGems)
Feb 28, 2024
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Low
CVE-2024-26146
was published
for
rack
(RubyGems)
Feb 28, 2024
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Moderate
CVE-2024-27285
was published
for
yard
(RubyGems)
Feb 28, 2024
Rails has possible Sensitive Session Information Leak in Active Storage
Moderate
CVE-2024-26144
was published
for
activestorage
(RubyGems)
Feb 27, 2024
Rails has possible XSS Vulnerability in Action Controller
Moderate
CVE-2024-26143
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Low
CVE-2024-26142
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Rack CORS Middleware has Insecure File Permissions
Moderate
CVE-2024-27456
was published
for
rack-cors
(RubyGems)
Feb 26, 2024
Cross-site scripting (XSS) in the dynamic file uploads
Moderate
CVE-2023-51447
was published
for
decidim
(RubyGems)
Feb 20, 2024
Possibility to circumvent the invitation token expiry period
Moderate
CVE-2023-48220
was published
for
decidim
(RubyGems)
Feb 20, 2024
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Moderate
GHSA-xc9x-jj77-9p9j
was published
for
nokogiri
(RubyGems)
Feb 5, 2024
Cross-site scripting (XSS) in Action messages on Avo
Moderate
CVE-2024-22411
was published
for
avo
(RubyGems)
Jan 17, 2024
avo vulnerable to stored cross-site scripting (XSS) in key_value field
High
CVE-2024-22191
was published
for
avo
(RubyGems)
Jan 16, 2024
Devise-Two-Factor vulnerable to brute force attacks
Moderate
CVE-2024-0227
was published
for
devise-two-factor
(RubyGems)
Jan 12, 2024
•
withdrawn
Puma HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2024-21647
was published
for
puma
(RubyGems)
Jan 8, 2024
view_component Cross-site Scripting vulnerability
Moderate
CVE-2024-21636
was published
for
view_component
(RubyGems)
Jan 4, 2024
ProTip!
Advisories are also available from the
GraphQL API