Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

153 advisories

Loading
Rails Active Support has a possible XSS vulnerability in SafeBuffer#% Moderate
CVE-2026-33170 was published for activesupport (RubyGems) Mar 23, 2026
Avo has a XSS vulnerability on `return_to` param Moderate
CVE-2026-33209 was published for avo (RubyGems) Mar 18, 2026
timwis Credited to timwis
Trix has a Stored XSS vulnerability through serialized attributes Moderate
GHSA-qmpg-8xg6-ph5q was published for action_text-trix (RubyGems) Mar 12, 2026
Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href Moderate
CVE-2026-25500 was published for rack (RubyGems) Feb 17, 2026
thesmartshadow Credited to thesmartshadow, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Trix has a stored XSS vulnerability through its attachment attribute Moderate
GHSA-g9jg-w8vm-g96v was published for action_text-trix (RubyGems) Dec 31, 2025
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds Moderate
CVE-2024-45594 was published for decidim-meetings (RubyGems) Nov 13, 2024
whotwagner Credited to whotwagner
camaleon_cms affected by cross site scripting Moderate
CVE-2024-48652 was published for camaleon_cms (RubyGems) Oct 23, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`) Moderate
CVE-2024-43795 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p- Credited to p-
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) Moderate
GHSA-75j2-9gmc-m855 was published for camaleon_cms (RubyGems) Sep 25, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) Moderate
GHSA-8fx8-3rg2-79xw was published for camaleon_cms (RubyGems) Sep 23, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) Moderate
GHSA-r9cr-qmfw-pmrc was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert Credited to texpert
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor Moderate
CVE-2024-39910 was published for decidim (RubyGems) Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log Moderate
CVE-2024-32034 was published for decidim-admin (RubyGems) Sep 16, 2024
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024 withdrawn
metametadata Credited to metametadata
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024 withdrawn
alexeyNeklesa-idt Credited to alexeyNeklesa-idt, metametadata, and eoftedal metametadata metametadata
eoftedal eoftedal
Decidim cross-site scripting (XSS) in the admin panel Moderate
CVE-2024-27095 was published for decidim-admin (RubyGems) Jul 10, 2024
Decidim cross-site scripting (XSS) in the pagination Moderate
CVE-2024-32469 was published for decidim (RubyGems) Jul 10, 2024
PatrickHimler Credited to PatrickHimler
RailsAdmin Cross-site Scripting vulnerability in the list view Moderate
CVE-2024-39308 was published for rails_admin (RubyGems) Jul 8, 2024
mshibuya Credited to mshibuya
ActionText ContentAttachment can Contain Unsanitized HTML Moderate
CVE-2024-32464 was published for actiontext (RubyGems) Jun 4, 2024
ooooooo-q Credited to ooooooo-q
Trix Editor Arbitrary Code Execution Vulnerability Moderate
CVE-2024-34341 was published for actiontext (RubyGems) May 7, 2024
chadlwilson Credited to chadlwilson
Sidekiq vulnerable to a Reflected XSS in Queues Web Page Moderate
CVE-2024-32887 was published for sidekiq (RubyGems) Apr 26, 2024
UmerAdeemCheema Credited to UmerAdeemCheema
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n Credited to a-zara-n
Cross Site Scripting vulnerability in Contribsys Sidekiq Moderate
CVE-2023-46950 was published for sidekiq-unique-jobs (RubyGems) Mar 1, 2024
YARD's default template vulnerable to Cross-site Scripting in generated frames.html Moderate
CVE-2024-27285 was published for yard (RubyGems) Feb 28, 2024
avivkeller Credited to avivkeller
Rails has possible XSS Vulnerability in Action Controller Moderate
CVE-2024-26143 was published for actionpack (RubyGems) Feb 27, 2024
ooooooo-q Credited to ooooooo-q, yoshizawa-masatoshi, postmodern, and stdedos yoshizawa-masatoshi yoshizawa-masatoshi
postmodern postmodern stdedos stdedos
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database