Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

891 advisories

Loading
Ruby-SAML Improper Authentication vulnerability High
CVE-2017-11428 was published for ruby-saml (RubyGems) Jul 5, 2019
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Cross-site Scripting in Sidekiq Moderate
CVE-2021-30151 was published for sidekiq (RubyGems) Oct 6, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox High
CVE-2021-20259 was published for foreman_fog_proxmox (RubyGems) Jun 10, 2021
Code injection in Narou High
CVE-2021-35514 was published for narou (RubyGems) Jul 2, 2021
A potential Denial of Service issue in protobuf-java High
CVE-2021-22569 was published for com.google.protobuf:protobuf-java (RubyGems) Jan 7, 2022
Denial of service in sidekiq High
CVE-2022-23837 was published for sidekiq (RubyGems) Jan 27, 2022
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
net-ldap has weak salt when generating passwords Moderate
CVE-2014-0083 was published for net-ldap (RubyGems) May 24, 2022
OS Command Injection in awesome spawn Critical
CVE-2014-0156 was published for awesome_spawn (RubyGems) Jul 1, 2022
BenK0lin
Several quadratic complexity bugs may lead to denial of service in Commonmarker Moderate
GHSA-636f-xm5j-pj9m was published for commonmarker (RubyGems) Jan 24, 2023
Integer overflow in publify_core Critical
CVE-2022-1812 was published for publify_core (RubyGems) Jan 14, 2023
Cross-site scripting in padrino-contrib Moderate
CVE-2019-16145 was published for padrino-contrib (RubyGems) Sep 23, 2019
HTTP Request Smuggling in goliath High
CVE-2020-7671 was published for goliath (RubyGems) May 24, 2021
festivaltts4r allows arbitrary command execution Critical
CVE-2016-10194 was published for festivaltts4r (RubyGems) Oct 24, 2017
Prototype Pollution in chartkick High
CVE-2019-18841 was published for chartkick (RubyGems) Dec 2, 2019
paperclip Server-Side Request Forgery vulnerability Critical
CVE-2017-0889 was published for paperclip (RubyGems) Jan 22, 2018
Sinatra Path Traversal vulnerability Moderate
CVE-2018-7212 was published for sinatra (RubyGems) Feb 20, 2018
radiant vulnerable to Cross-site Scripting Moderate
CVE-2018-7261 was published for radiant (RubyGems) Jul 27, 2018
Improper Certificate Validation in TweetStream Moderate
CVE-2020-24393 was published for tweetstream (RubyGems) Apr 13, 2021
ldap_fluff authentication bypass Moderate
CVE-2012-5604 was published for ldap_fluff (RubyGems) May 14, 2022
omniauth-facebook Improper Authentication vulnerability High
CVE-2013-4593 was published for omniauth-facebook (RubyGems) May 5, 2022
Camaleon CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2021-25969 was published for camaleon_cms (RubyGems) May 24, 2022
Authlogic Information Exposure vulnerability Moderate
CVE-2012-6497 was published for authlogic (RubyGems) May 14, 2022
kajam allows local users to obtain sensitive information by listing the process High
CVE-2014-4999 was published for kajam (RubyGems) May 14, 2022
ProTip! Advisories are also available from the GraphQL API