Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

25 advisories

Loading
apollo_upload_server has Denial of Service vulnerability Moderate
CVE-2021-39880 was published for apollo_upload_server (RubyGems) May 24, 2022
jasnow
karo Metacharacter Handling Remote Command Execution Critical
CVE-2014-10075 was published for karo (RubyGems) May 14, 2022
jasnow
RubyGems Improper Input Validation vulnerability Moderate
CVE-2015-4020 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
RubyGems does not verify SSL certificate Moderate
CVE-2012-2126 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
RubyGems HTTPS to HTTP redirect Moderate
CVE-2012-2125 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module High
CVE-2020-7385 was published for metasploit-framework (RubyGems) May 24, 2022
jasnow
Authentication Bypass by CSRF Weakness Critical
GHSA-gpqc-4pp7-5954 was published for spree_auth_devise (RubyGems) Nov 18, 2021
jasnow
Authentication Bypass by CSRF Weakness Critical
GHSA-8xfw-5q82-3652 was published for spree_auth_devise (RubyGems) Nov 18, 2021
jasnow
Authentication Bypass by CSRF Weakness Critical
GHSA-6mqr-q86q-6gwr was published for spree_auth_devise (RubyGems) Nov 18, 2021
jasnow tdunlap607
Rails activerecord gem has Improper Input Validation vulnerability Moderate
CVE-2010-3933 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
Improper Input Validation in actionpack Moderate
CVE-2008-7248 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
Cross site scripting in actionpack Rubygem Moderate
CVE-2011-1497 was published for actionpack (RubyGems) Apr 22, 2022
jhutchings1 jasnow
Nokogiri vulnerable to DoS while parsing XML documents Moderate
CVE-2013-6460 was published for nokogiri (RubyGems) May 5, 2022
jasnow
Nokogiri vulnerable to DoS while parsing XML entities Moderate
CVE-2013-6461 was published for nokogiri (RubyGems) May 5, 2022
jasnow
Bundler may install gems from a different source than expected Moderate
CVE-2013-0334 was published for bundler (RubyGems) May 5, 2022
jasnow
codders-dataset Process Table Local Plaintext Credential Disclosure High
CVE-2014-4991 was published for codders-dataset (RubyGems) May 14, 2022
jasnow
RubyGems passenger gem allows remote attackers to delete files High
CVE-2012-6135 was published for passenger (RubyGems) Apr 23, 2022
jasnow
rails Cross-site Scripting vulnerability Moderate
CVE-2011-2197 was published for actionpack (RubyGems) Oct 24, 2017
tdunlap607 jasnow
Cross site scripting that affects rails Moderate
CVE-2009-3009 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
Rails ActiveRecord gem vulnerable to SQL injection High
CVE-2008-4094 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
actionpack Cross-Site Request Forgery vulnerability Moderate
CVE-2011-0447 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
Cross-site Scripting vulnerability in i18n translations helper method Moderate
CVE-2011-4319 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
Rails actionpack gem vulnerable to Cross-site Scripting Moderate
CVE-2011-0446 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
actionpack and activesupport vulnerable to information leaks Moderate
CVE-2009-3086 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
URI gem has ReDoS vulnerability Moderate
CVE-2023-36617 was published for uri (RubyGems) Jun 29, 2023
jasnow maxfelsher-cgi
ProTip! Advisories are also available from the GraphQL API