GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
960 advisories
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation Critical
CVE-2025-66568 was published for ruby-saml (RubyGems) Dec 8, 2025
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential) Critical
CVE-2025-66567 was published for ruby-saml (RubyGems) Dec 8, 2025
Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values High
CVE-2025-64501 was published for prosemirror_to_html (RubyGems) Nov 6, 2025
Sinatra is vulnerable to ReDoS through ETag header value generation Low
CVE-2025-61921 was published for sinatra (RubyGems) Oct 10, 2025
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing High
CVE-2025-61919 was published for rack (RubyGems) Oct 10, 2025
Rack has a Possible Information Disclosure Vulnerability Moderate
CVE-2025-61780 was published for rack (RubyGems) Oct 10, 2025
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) High
CVE-2025-61772 was published for rack (RubyGems) Oct 7, 2025
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) High
CVE-2025-61771 was published for rack (RubyGems) Oct 7, 2025
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) High
CVE-2025-61770 was published for rack (RubyGems) Oct 7, 2025
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters High
CVE-2025-59830 was published for rack (RubyGems) Sep 25, 2025
REXML has DoS condition when parsing malformed XML file Low
CVE-2025-58767 was published for rexml (RubyGems) Sep 17, 2025
Google Sign-In for Rails allowed redirects to malformed URLs Moderate
CVE-2025-57821 was published for google_sign_in (RubyGems) Aug 27, 2025
Active Storage allowed transformation methods that were potentially unsafe Critical
CVE-2025-24293 was published for activestorage (RubyGems) Aug 14, 2025
Active Record logging vulnerable to ANSI escape injection Moderate
CVE-2025-55193 was published for activerecord (RubyGems) Aug 13, 2025
JWE is missing AES-GCM authentication tag validation in encrypted JWE Critical
CVE-2025-54887 was published for jwe (RubyGems) Aug 7, 2025
Ruby SAML DOS vulnerability with large SAML response Moderate
CVE-2025-54572 was published for ruby-saml (RubyGems) Jul 30, 2025
Withdrawn Advisory: Thor can construct an unsafe shell command from library input. High
CVE-2025-54314 was published for thor (RubyGems) Jul 20, 2025 • withdrawn
Measured is vulnerable to Path Traversal attacks during class initialization Moderate
GHSA-29g5-m8v7-v564 was published for measured (RubyGems) Jul 15, 2025
ProTip! Advisories are also available from the GraphQL API