GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,023
Composer 5,079
Erlang 39
GitHub Actions 38
Go 2,750
Maven 6,167
npm 4,351
NuGet 765
pip 4,114
Pub 12
RubyGems 960
Rust 1,069
Swift 45

Unreviewed advisories

All unreviewed 280,495

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

765

960

Unreviewed advisories

All unreviewed

5,000+

15 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing High

CVE-2025-61919 was published for rack (RubyGems) Oct 10, 2025

Credited to Pirikara, jeremyevans, and ioquatix

Rack has a Possible Information Disclosure Vulnerability Moderate

CVE-2025-61780 was published for rack (RubyGems) Oct 10, 2025

Credited to leahneukirchen, jeremyevans, matthewd, and ioquatix

Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) High

CVE-2025-61772 was published for rack (RubyGems) Oct 7, 2025

Credited to kwkr, jeremyevans, and ioquatix

Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) High

CVE-2025-61771 was published for rack (RubyGems) Oct 7, 2025

Credited to kwkr, jeremyevans, and ioquatix

Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) High

CVE-2025-61770 was published for rack (RubyGems) Oct 7, 2025

Credited to kwkr, ioquatix, and jeremyevans

Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters High

CVE-2025-59830 was published for rack (RubyGems) Sep 25, 2025

Credited to kwkr, jeremyevans, and ioquatix

Rack has an Unbounded-Parameter DoS in Rack::QueryParser High

CVE-2025-46727 was published for rack (RubyGems) May 8, 2025

Credited to TaiPhung217, jeremyevans, and ioquatix

Rack session gets restored after deletion Moderate

CVE-2025-46336 was published for rack-session (RubyGems) May 8, 2025

Credited to stengineering0, jeremyevans, and ioquatix

Rack session gets restored after deletion Moderate

CVE-2025-32441 was published for rack (RubyGems) May 8, 2025

Credited to stengineering0, jeremyevans, and ioquatix

Local File Inclusion in Rack::Static High

CVE-2025-27610 was published for rack (RubyGems) Mar 10, 2025

Credited to Masamuneee, jeremyevans, and ioquatix

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Moderate

CVE-2025-27111 was published for rack (RubyGems) Mar 4, 2025

Credited to Masamuneee, ioquatix, and jeremyevans

Possible Log Injection in Rack::CommonLogger Moderate

CVE-2025-25184 was published for rack (RubyGems) Feb 12, 2025

Credited to HexSave, jeremyevans, ioquatix, taketo1113, nick-f, vladimir-mencl-eresearch, lostapathy, matthewbjones, and lfittl

rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter High

CVE-2024-35231 was published for rack-contrib (RubyGems) May 28, 2024

Credited to Sim4n6 and ioquatix

protocol-http1 HTTP Request/Response Smuggling vulnerability Moderate

CVE-2023-38697 was published for protocol-http1 (RubyGems) Aug 3, 2023

Credited to mukeran, chenjj, and ioquatix

Puma's Keepalive Connections Causing Denial Of Service High

CVE-2021-29509 was published for puma (RubyGems) May 18, 2021

Credited to MSP-Greg, wjordan, and ioquatix

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

15 advisories