GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
450 advisories
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2015-3226
was published
for
activesupport
(RubyGems)
Oct 24, 2017
URI gem has ReDoS vulnerability
Moderate
CVE-2023-36617
was published
for
uri
(RubyGems)
Jun 29, 2023
XSS in the `of` option of the `.position()` util in jquery-ui
Moderate
CVE-2021-41184
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Moderate
CVE-2025-27111
was published
for
rack
(RubyGems)
Mar 4, 2025
Puma HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2024-21647
was published
for
puma
(RubyGems)
Jan 8, 2024
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Moderate
CVE-2022-32209
was published
for
rails-html-sanitizer
(RubyGems)
Jun 25, 2022
Possible Log Injection in Rack::CommonLogger
Moderate
CVE-2025-25184
was published
for
rack
(RubyGems)
Feb 12, 2025
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.
Moderate
CVE-2021-43809
was published
for
bundler
(RubyGems)
Dec 8, 2021
Ruby SAML DOS vulnerability with large SAML response
Moderate
CVE-2025-54572
was published
for
ruby-saml
(RubyGems)
Jul 30, 2025
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
components/jquery
(RubyGems)
Apr 29, 2020
Rack has a Possible Information Disclosure Vulnerability
Moderate
CVE-2025-61780
was published
for
rack
(RubyGems)
Oct 10, 2025
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API