GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
982 advisories
Unauthenticated Spree Commerce users can access all guest addresses
High
CVE-2026-25758
was published
for
spree_api
(RubyGems)
Feb 5, 2026
Unauthenticated Spree Commerce users can view completed guest orders by Order ID
High
CVE-2026-25757
was published
for
spree_storefront
(RubyGems)
Feb 5, 2026
Decidim's private data exports can lead to data leaks
High
CVE-2025-65017
was published
for
decidim
(RubyGems)
Feb 3, 2026
AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper
Moderate
CVE-2026-23885
was published
for
alchemy_cms
(RubyGems)
Jan 21, 2026
openc3-api Vulnerable to Unauthenticated Remote Code Execution
Critical
CVE-2025-68271
was published
for
openc3
(RubyGems)
Jan 13, 2026
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
High
CVE-2025-68696
was published
for
httparty
(RubyGems)
Dec 23, 2025
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
Moderate
CVE-2025-68113
was published
for
altcha
(RubyGems)
Dec 16, 2025
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Critical
CVE-2025-66568
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Critical
CVE-2025-66567
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
High
CVE-2025-64501
was published
for
prosemirror_to_html
(RubyGems)
Nov 6, 2025
Sinatra is vulnerable to ReDoS through ETag header value generation
Low
CVE-2025-61921
was published
for
sinatra
(RubyGems)
Oct 10, 2025
ProTip!
Advisories are also available from the
GraphQL API