Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
Nokogiri XSLT transform has a memory leak Moderate
GHSA-v2fc-qm4h-8hqv was published for nokogiri (RubyGems) May 6, 2026
Captainjack-kor Credited to Captainjack-kor and flavorjones flavorjones flavorjones
Nokogiri CSS selector tokenizer has regular expression backtracking High
GHSA-c4rq-3m3g-8wgx was published for nokogiri (RubyGems) May 6, 2026
colby-swandale Credited to colby-swandale and flavorjones flavorjones flavorjones
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow Low
CVE-2025-6494 was published for nokogiri (RubyGems) Jun 23, 2025 withdrawn
flavorjones Credited to flavorjones
Nokogiri gem, via libxml, is affected by DoS vulnerabilities High
CVE-2017-15412 was published for nokogiri (RubyGems) May 14, 2022
espen Credited to espen, mattyr, flavorjones, staticintlucas, thomasthaddeus, BaerMitUmlaut, and dlackty mattyr mattyr
flavorjones flavorjones staticintlucas staticintlucas thomasthaddeus thomasthaddeus BaerMitUmlaut BaerMitUmlaut dlackty dlackty
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database