GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Trix allows Cross-site Scripting via `javascript:` url in a link
Moderate
CVE-2025-21610
was published
for
trix
(npm)
Jan 3, 2025
Active Record logging vulnerable to ANSI escape injection
Moderate
CVE-2025-55193
was published
for
activerecord
(RubyGems)
Aug 13, 2025
Active Storage allowed transformation methods that were potentially unsafe
Critical
CVE-2025-24293
was published
for
activestorage
(RubyGems)
Aug 14, 2025
Rack::Static prefix matching can expose unintended files under the static root
High
CVE-2026-34785
was published
for
rack
(RubyGems)
Apr 2, 2026
Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing
Moderate
CVE-2026-32762
was published
for
rack
(RubyGems)
Apr 2, 2026
Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads
High
CVE-2026-34829
was published
for
rack
(RubyGems)
Apr 2, 2026
Rack::Request accepts invalid Host characters, enabling host allowlist bypass
Moderate
CVE-2026-34835
was published
for
rack
(RubyGems)
Apr 2, 2026
ProTip!
Advisories are also available from the
GraphQL API