Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads High
CVE-2026-34829 was published for rack (RubyGems) Apr 2, 2026
th4s1s Credited to th4s1s, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters High
CVE-2026-34827 was published for rack (RubyGems) Apr 2, 2026
TaiPhung217 Credited to TaiPhung217, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack::Static prefix matching can expose unintended files under the static root High
CVE-2026-34785 was published for rack (RubyGems) Apr 2, 2026
th4s1s Credited to th4s1s, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack has a Directory Traversal via Rack:Directory High
CVE-2026-22860 was published for rack (RubyGems) Feb 17, 2026
Masamuneee Credited to Masamuneee, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing High
CVE-2025-61919 was published for rack (RubyGems) Oct 10, 2025
Pirikara Credited to Pirikara, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) High
CVE-2025-61772 was published for rack (RubyGems) Oct 7, 2025
kwkr Credited to kwkr, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) High
CVE-2025-61771 was published for rack (RubyGems) Oct 7, 2025
kwkr Credited to kwkr, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) High
CVE-2025-61770 was published for rack (RubyGems) Oct 7, 2025
kwkr Credited to kwkr, ioquatix, and jeremyevans ioquatix ioquatix
jeremyevans jeremyevans
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters High
CVE-2025-59830 was published for rack (RubyGems) Sep 25, 2025
kwkr Credited to kwkr, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack has an Unbounded-Parameter DoS in Rack::QueryParser High
CVE-2025-46727 was published for rack (RubyGems) May 8, 2025
TaiPhung217 Credited to TaiPhung217, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Local File Inclusion in Rack::Static High
CVE-2025-27610 was published for rack (RubyGems) Mar 10, 2025
Masamuneee Credited to Masamuneee, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database