GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
55 advisories
Filter by severity
Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API
High
CVE-2026-44025
was published
for
fluentd
(RubyGems)
Jun 26, 2026
Rack::Static prefix matching can expose unintended files under the static root
High
CVE-2026-34785
was published
for
rack
(RubyGems)
Apr 2, 2026
URI Credential Leakage Bypass over CVE-2025-27221
Low
CVE-2025-61594
was published
for
uri
(RubyGems)
Dec 30, 2025
http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2015-1828
was published
for
http
(RubyGems)
Mar 13, 2018
Rails has possible Sensitive Session Information Leak in Active Storage
Moderate
CVE-2024-26144
was published
for
activestorage
(RubyGems)
Feb 27, 2024
Decidim's private data exports can lead to data leaks
High
CVE-2025-65017
was published
for
decidim
(RubyGems)
Feb 3, 2026
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
Moderate
CVE-2015-1840
was published
for
jquery-rails
(RubyGems)
Oct 24, 2017
Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles
High
GHSA-96qw-h329-v5rg
was published
for
shakapacker
(RubyGems)
Jan 8, 2026
URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+
Low
CVE-2025-27221
was published
for
uri
(RubyGems)
Mar 3, 2025
Rack has a Possible Information Disclosure Vulnerability
Moderate
CVE-2025-61780
was published
for
rack
(RubyGems)
Oct 10, 2025
Moderate severity vulnerability that affects rails
Moderate
CVE-2007-5379
was published
for
rails
(RubyGems)
Oct 24, 2017
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
High
CVE-2024-46987
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Information disclosure issue in Active Resource
High
CVE-2020-8151
was published
for
activeresource
(RubyGems)
May 21, 2020
Decidim vulnerable to data disclosure through the embed feature
Moderate
CVE-2024-27090
was published
for
decidim
(RubyGems)
Jul 10, 2024
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
Potential CSV export data leak
High
CVE-2023-50448
was published
for
activeadmin
(RubyGems)
Dec 15, 2023
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Moderate
CVE-2015-2179
was published
for
xaviershay-dm-rails
(RubyGems)
Jan 26, 2023
Logstash Logs Sensitive Information
High
CVE-2016-1000221
was published
for
logstash-core
(RubyGems)
May 14, 2022
Logstash Logs Sensitive Information
Moderate
CVE-2016-10362
was published
for
logstash-core
(RubyGems)
May 13, 2022
Exposure of Sensitive Information in bio-basespace-sdk
Moderate
CVE-2013-7111
was published
for
bio-basespace-sdk
(RubyGems)
Oct 24, 2017
Kcapifony gem for Ruby places database user passwords on the command line
High
CVE-2014-5001
was published
for
kcapifony
(RubyGems)
Jul 23, 2018
brbackup exposes database password to unauthorized users
High
CVE-2014-5004
was published
for
brbackup
(RubyGems)
Mar 5, 2018
actionpack and activesupport vulnerable to information leaks
Moderate
CVE-2009-3086
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Decidim vulnerable to sensitive data disclosure
High
CVE-2023-34090
was published
for
decidim
(RubyGems)
Jul 11, 2023
newrelic_rpm Gem Discloses Sensitive Information
Moderate
CVE-2013-0284
was published
for
newrelic_rpm
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API