GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
909 advisories
URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+
Low
CVE-2025-27221
was published
for
uri
(RubyGems)
Mar 3, 2025
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Moderate
CVE-2025-27111
was published
for
rack
(RubyGems)
Mar 4, 2025
Local File Inclusion in Rack::Static
High
CVE-2025-27610
was published
for
rack
(RubyGems)
Mar 10, 2025
graphql allows remote code execution when loading a crafted GraphQL schema
Critical
CVE-2025-27407
was published
for
graphql
(RubyGems)
Mar 12, 2025
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
High
CVE-2025-25293
was published
for
ruby-saml
(RubyGems)
Mar 12, 2025
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)
High
CVE-2025-25291
was published
for
ruby-saml
(RubyGems)
Mar 12, 2025
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
High
CVE-2025-25292
was published
for
ruby-saml
(RubyGems)
Mar 12, 2025
ProTip!
Advisories are also available from the
GraphQL API