Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

365 advisories

Loading
espeak-ruby allows arbitrary command execution Critical
CVE-2016-10193 was published for espeak-ruby (RubyGems) Oct 24, 2017
tdunlap607
ActiveRecord in Ruby on Rails allows database-query bypass High
CVE-2016-6317 was published for activerecord (RubyGems) Oct 24, 2017
Active Record subject to strong parameters protection bypass High
CVE-2014-3514 was published for activerecord (RubyGems) Oct 24, 2017
actionpack allows bypass of database-query restrictions Moderate
CVE-2013-6417 was published for actionpack (RubyGems) Oct 24, 2017
CORS Token Disclosure in crumb Moderate
CVE-2014-7193 was published for crumb (npm) Oct 24, 2017
Active Record Improper Access Control Moderate
CVE-2015-7577 was published for activerecord (RubyGems) Oct 24, 2017
Web Console (Ruby gem) contains whitelisted_ips bypass Moderate
CVE-2015-3224 was published for web-console (RubyGems) Oct 24, 2017
ActiveRecord vulnerable to modification of protected model attributes Moderate
CVE-2013-0276 was published for activerecord (RubyGems) Oct 24, 2017
Active Record allows bypassing of database-query restrictions Moderate
CVE-2013-0155 was published for activerecord (RubyGems) Oct 24, 2017
Action Pack contains database-query restrictions bypass Moderate
CVE-2012-2660 was published for actionpack (RubyGems) Oct 24, 2017
gollum and gollum-lib allow remote authenticated users to execute arbitrary code High
CVE-2014-9489 was published for gollum (RubyGems) Nov 16, 2017
Incorrect handling of CORS preflight request headers in hapi Moderate
CVE-2015-9236 was published for hapi (npm) Jun 7, 2018
Arbitrary code using "crafted image file" approach affecting Pillow High
CVE-2016-9190 was published for Pillow (pip) Jul 12, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2016-8629 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2 High
CVE-2016-4464 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018
High severity vulnerability that affects org.apache.hbase:hbase High
CVE-2015-1836 was published for org.apache.hbase:hbase (Maven) Oct 18, 2018
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request Critical
CVE-2016-4800 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
Improper Access Control in activejob High
CVE-2018-16476 was published for activejob (RubyGems) Dec 5, 2018
Improper Access Control in commons-fileupload Critical
CVE-2016-1000031 was published for commons-fileupload:commons-fileupload (Maven) Dec 21, 2018
rendertron can remotely shut down Chrome instance High
CVE-2017-18353 was published for rendertron (npm) Jan 4, 2019
Sails before 0.12.7 vulnerable to Broken CORS High
CVE-2016-10549 was published for sails (npm) Feb 18, 2019
Authentication Bypass in Devise Moderate
CVE-2019-16109 was published for devise (RubyGems) Sep 11, 2019
Incorrect Access Control vulnerability in api-platform/core Moderate
CVE-2019-1000011 was published for api-platform/core (Composer) Oct 14, 2019
ProTip! Advisories are also available from the GraphQL API