GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,303
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,116 advisories
Filter by severity
Decidim: Push subscriptions can be abused for server-side requests
Moderate
CVE-2026-45573
was published
for
decidim-core
(RubyGems)
Jul 13, 2026
Decidim: HTML content blocks allow stored script execution
Moderate
CVE-2026-45572
was published
for
decidim-core
(RubyGems)
Jul 13, 2026
Decidim: CSV census record endpoints improper authorization
Moderate
CVE-2026-45415
was published
for
decidim-verifications
(RubyGems)
Jul 13, 2026
Decidim: JWT-backed authentication can be replayed across organizations
High
CVE-2026-45414
was published
for
decidim
(RubyGems)
Jul 13, 2026
Decidim: Verification documents can be downloaded through reusable links
High
CVE-2026-45378
was published
for
decidim-verifications
(RubyGems)
Jul 13, 2026
Decidim: Private exports can be downloaded through reusable links
Moderate
CVE-2026-45377
was published
for
decidim-core
(RubyGems)
Jul 13, 2026
Decidim: Admin user search allows SQL injection through similarity-based sorting
Moderate
CVE-2026-45376
was published
for
decidim-admin
(RubyGems)
Jul 13, 2026
Decidim: Verification admins can access supplied IDs from other organizations
Moderate
CVE-2026-45330
was published
for
decidim-verifications
(RubyGems)
Jul 13, 2026
Decidim: Forms admin question editor lacks authorization
Moderate
CVE-2026-45086
was published
for
decidim-demographics
(RubyGems)
Jul 13, 2026
Excon does not redact additional sensitive/risky headers when following redirects
Moderate
CVE-2026-54171
was published
for
excon
(RubyGems)
Jul 10, 2026
Secure Headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input
Moderate
CVE-2026-54163
was published
for
secure_headers
(RubyGems)
Jul 10, 2026
Avo: Direct attachment upload endpoint lacks upload authorization and bypasses field-level upload policy
Moderate
CVE-2026-53769
was published
for
avo
(RubyGems)
Jul 9, 2026
Ruby CSS Parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`
High
CVE-2026-53727
was published
for
css_parser
(RubyGems)
Jul 9, 2026
pay-rails/pay: non-constant-time HMAC comparison in Paddle Billing webhook signature verifier
High
GHSA-mjgf-xj26-9qf9
was published
for
pay
(RubyGems)
Jul 1, 2026
YARD static cache reads raw traversal paths before router sanitization
Moderate
CVE-2026-49342
was published
for
yard
(RubyGems)
Jun 26, 2026
fluent-plugin-opentelemetry Has Denial of Service (DoS) via Large Payloads and Decompression Bombs in `in_opentelemetry`
Moderate
CVE-2026-44163
was published
for
fluent-plugin-opentelemetry
(RubyGems)
Jun 26, 2026
fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in `in_s3`
Low
CVE-2026-44162
was published
for
fluent-plugin-s3
(RubyGems)
Jun 26, 2026
Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
High
CVE-2026-44161
was published
for
fluentd
(RubyGems)
Jun 26, 2026
Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`
High
CVE-2026-44160
was published
for
fluentd
(RubyGems)
Jun 26, 2026
Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API
High
CVE-2026-44025
was published
for
fluentd
(RubyGems)
Jun 26, 2026
Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder
Critical
CVE-2026-44024
was published
for
fluentd
(RubyGems)
Jun 26, 2026
Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
Low
CVE-2026-54906
was published
for
concurrent-ruby
(RubyGems)
Jun 19, 2026
Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
Low
CVE-2026-54905
was published
for
concurrent-ruby
(RubyGems)
Jun 19, 2026
Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`
High
CVE-2026-54904
was published
for
concurrent-ruby
(RubyGems)
Jun 19, 2026
Oj: Integer Overflow in Oj.load 2GB String Handling
High
CVE-2026-54903
was published
for
oj
(RubyGems)
Jun 19, 2026
ProTip!
Advisories are also available from the
GraphQL API