Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,102 advisories

Loading
YARD static cache reads raw traversal paths before router sanitization Moderate
CVE-2026-49342 was published for yard (RubyGems) Jun 26, 2026
hibrian827 Credited to hibrian827
fluent-plugin-opentelemetry Has Denial of Service (DoS) via Large Payloads and Decompression Bombs in `in_opentelemetry` Moderate
CVE-2026-44163 was published for fluent-plugin-opentelemetry (RubyGems) Jun 26, 2026
fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in `in_s3` Low
CVE-2026-44162 was published for fluent-plugin-s3 (RubyGems) Jun 26, 2026
Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http` High
CVE-2026-44161 was published for fluentd (RubyGems) Jun 26, 2026
everping Credited to everping
Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward` High
CVE-2026-44160 was published for fluentd (RubyGems) Jun 26, 2026
everping Credited to everping
Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API High
CVE-2026-44025 was published for fluentd (RubyGems) Jun 26, 2026
everping Credited to everping
Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder Critical
CVE-2026-44024 was published for fluentd (RubyGems) Jun 26, 2026
everping Credited to everping
Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption Low
CVE-2026-54906 was published for concurrent-ruby (RubyGems) Jun 19, 2026
pranjalithakur Credited to pranjalithakur
Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity Low
CVE-2026-54905 was published for concurrent-ruby (RubyGems) Jun 19, 2026
pranjalithakur Credited to pranjalithakur
Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN` High
CVE-2026-54904 was published for concurrent-ruby (RubyGems) Jun 19, 2026
pranjalithakur Credited to pranjalithakur
Oj: Integer Overflow in Oj.load 2GB String Handling High
CVE-2026-54903 was published for oj (RubyGems) Jun 19, 2026
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback High
CVE-2026-54902 was published for oj (RubyGems) Jun 19, 2026
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking High
CVE-2026-54901 was published for oj (RubyGems) Jun 19, 2026
Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling High
CVE-2026-54900 was published for oj (RubyGems) Jun 19, 2026
Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation High
CVE-2026-54898 was published for oj (RubyGems) Jun 19, 2026
Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close High
CVE-2026-54897 was published for oj (RubyGems) Jun 19, 2026
Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent High
CVE-2026-54896 was published for oj (RubyGems) Jun 19, 2026
Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input High
CVE-2026-54592 was published for oj (RubyGems) Jun 19, 2026
7a6163 Credited to 7a6163
Oj: intern.c form_attr (uninitialized stack read) Moderate
CVE-2026-54500 was published for oj (RubyGems) Jun 19, 2026
7a6163 Credited to 7a6163
Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters High
CVE-2026-54297 was published for faraday (RubyGems) Jun 19, 2026
kocaemre Credited to kocaemre, G-Rath, iBotPeaches, Starfox64, sfriedman-cape, and maikelvdh G-Rath G-Rath
iBotPeaches iBotPeaches Starfox64 Starfox64 sfriedman-cape sfriedman-cape maikelvdh maikelvdh
Oj: Stack Buffer Overflow in Oj.dump via Large Indent High
CVE-2026-54502 was published for oj (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd and yuhang-lab yuhang-lab yuhang-lab
Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle High
CVE-2026-54899 was published for oj (RubyGems) Jun 19, 2026
AlchemyCMS: Unauthenticated nested page API leaks restricted & unpublished content High
GHSA-mqq5-j7w8-2hgh was published for alchemy_cms (RubyGems) Jun 19, 2026
Haxset Credited to Haxset
Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=` Low
GHSA-phwj-rprq-35pp was published for nokogiri (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd
Nokogiri: Possible Use-After-Free in XInclude Processing Low
GHSA-wfpw-mmfh-qq69 was published for nokogiri (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database