Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Advisories
Loading...
Moderate
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 1 day ago
GSA_kwCzR0hTQS1mdzNnLTJoM2otcW1tN84AAxPa
Improper neutralization of `noscript` element content may allow XSS in SanitizeEcosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 1 day ago
High
Ecosystems: rubygems
Packages: flash_tool
Source: GitHub Advisory Database
Published: 2 days ago
GSA_kwCzR0hTQS02MzI1LTZnMzItN3AzNc4AAxNI
flash_tool Gem for Ruby File Download Handling Arbitrary Command ExecutionEcosystems: rubygems
Packages: flash_tool
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Published: 2 days ago
GSA_kwCzR0hTQS03NDZnLTNnZnAtaGZod84AAxNH
Devise Gem for Ruby Unauthorized Access Using Remember Me CookieEcosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
Ecosystems: rubygems
Packages: xaviershay-dm-rails
Source: GitHub Advisory Database
Published: 2 days ago
GSA_kwCzR0hTQS04OHA4LTR2djUtODJqN84AAxNG
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process tableEcosystems: rubygems
Packages: xaviershay-dm-rails
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 5 days ago
GSA_kwCzR0hTQS02MzZmLXhtNWotcGo5bc4AAxIx
Several quadratic complexity bugs may lead to denial of service in CommonmarkerEcosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 5 days ago
High
Ecosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 9 days ago
GSA_kwCzR0hTQS1xOTVoLWNxcnYtOGp2Nc4AAxGB
ExifTool vulnerable to arbitrary code executionEcosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
Ecosystems: rubygems
Packages: jruby-openssl
Source: GitHub Advisory Database
Published: 10 days ago
GSA_kwCzR0hTQS14Z3Y3LXBxcWgtaDJ3Oc4AAxEu
jruby-openssl gem for JRuby fails to do proper certificate validationEcosystems: rubygems
Packages: jruby-openssl
Source: GitHub Advisory Database
Published: 10 days ago
Low
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0
Denial of Service Vulnerability in Rack Content-Disposition parsingEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
Low
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS1wODR2LTQ1eGotd3dxas4AAxDz
ReDoS based DoS vulnerability in Action DispatchEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 days ago
Low
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS1qNmdjLTc5Mm0tcWdtMs4AAxDy
ReDoS based DoS vulnerability in Active Support’s underscoreEcosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS05NDQ1LTRjcjYtMzM2cs4AAxDx
Open Redirect Vulnerability in Action PackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 days ago
Low
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS01Nzl3LTIyajQtNDc0Oc4AAxDw
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapterEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 days ago
Low
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS04eHd3LXgzZzMtNmpjds4AAxDv
ReDoS based DoS vulnerability in Action DispatchEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 days ago
High
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS1ocTdwLWozNzctNnY2M84AAxDu
SQL Injection Vulnerability via ActiveRecord commentsEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 days ago
Low
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt
Denial of service via header parsing in RackEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
Low
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs
Denial of service via multipart parsing in RackEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
Low
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalIDEcosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
Ecosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: 12 days ago
GSA_kwCzR0hTQS12bTc0LWo0d3EtODJ4as4AAxBY
Sisimai Inefficient Regular Expression Complexity vulnerabilityEcosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: 12 days ago
High
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 12 days ago
GSA_kwCzR0hTQS1wcGhmLWdmcm0tdjMycs4AAxAx
Code injection in ruby gitEcosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 12 days ago
Critical
Ecosystems: rubygems
Packages: curupira
Source: GitHub Advisory Database
Published: 13 days ago
GSA_kwCzR0hTQS04NWdmLXdyNjctZjgzd84AAw_f
curupira is vulnerable to SQL injectionEcosystems: rubygems
Packages: curupira
Source: GitHub Advisory Database
Published: 13 days ago
Critical
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 15 days ago
GSA_kwCzR0hTQS1yYzQyLWpnaGYtdnI4Zs4AAw-0
Integer overflow in publify_coreEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 15 days ago
Critical
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 15 days ago
GSA_kwCzR0hTQS1xM3JtLWY1MjctZ2h4as4AAw-1
Publify Improper Input Validation vulnerabilityEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 15 days ago
GSA_kwCzR0hTQS03OXdxLWc0djktZ2ZqNM4AAw-2
Publify Core does not strip metadata from imagesEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 15 days ago
High
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 19 days ago
GSA_kwCzR0hTQS1wZnByLTM0NjMtYzZqaM4AAw1C
ruby-git has potential remote code execution vulnerabilityEcosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
Ecosystems: rubygems
Packages: inline_svg
Source: GitHub Advisory Database
Published: 22 days ago
GSA_kwCzR0hTQS1wMzNxLTRoNG0tajk5NM4AAwy7
Inline SVG vulnerable to Cross-site ScriptingEcosystems: rubygems
Packages: inline_svg
Source: GitHub Advisory Database
Published: 22 days ago
High
Ecosystems: rubygems
Packages: pghero
Source: GitHub Advisory Database
Published: 24 days ago
GSA_kwCzR0hTQS12Zjk5LXh3MjYtODZnNc4AAwwE
PgHero Allows Information Disclosure Through EXPLAIN FeatureEcosystems: rubygems
Packages: pghero
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
Ecosystems: rubygems
Packages: httparty
Source: GitHub Advisory Database
Published: 26 days ago
GSA_kwCzR0hTQS01cHE3LTUybWctaHI0Ms4AAwuQ
httparty has multipart/form-data request tampering vulnerabilityEcosystems: rubygems
Packages: httparty
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
Ecosystems: rubygems
Packages: keynote
Source: GitHub Advisory Database
Published: 29 days ago
GSA_kwCzR0hTQS0zOTlwLXZxMjgtNWhnOM4AAwre
keynote Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: keynote
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
Ecosystems: rubygems
Packages: oxidized-web
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS04cXdoLXJtNmMtanY5Ns4AAwnZ
Oxidized Web vulnerable to Cross-site ScriptingEcosystems: rubygems
Packages: oxidized-web
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: rubygems
Packages: text_helpers
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS03NGhjLTU3bTUtODNjaM4AAwgl
text_helpers uses web link to untrusted target with window.opener accessEcosystems: rubygems
Packages: text_helpers
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: rubygems
Packages: active_attr
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS00d2hmLXJteDUtOGZyds4AAwZi
active_attr Improper Resource Shutdown or Release vulnerabilityEcosystems: rubygems
Packages: active_attr
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1ycmZjLTdnOHAtOTlxOM4AAwSi
Possible XSS vulnerability with certain configurations of rails-html-sanitizerEcosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS05aDlnLTkzZ2MtNjIzaM4AAwSh
Possible XSS vulnerability with certain configurations of rails-html-sanitizerEcosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1tY3ZmLTJxMm0teDcybc4AAwSg
Improper neutralization of data URIs may allow XSS in rails-html-sanitizerEcosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS01eDc5LXc4MmYtZ3c4d84AAwSf
Inefficient Regular Expression Complexity in rails-html-sanitizerEcosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS0zeDhyLXg2eHAtcTR2bc4AAwSe
Uncontrolled Recursion in LoofahEcosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS0yMjhnLTk0OHItODNneM4AAwSd
Improper neutralization of data URIs may allow XSS in LoofahEcosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS00ODZmLWhqajktOXZoaM4AAwSc
Inefficient Regular Expression Complexity in LoofahEcosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1xdjRxLW1yNXItcXByas4AAwNH
Unchecked return value from xmlTextReaderExpandEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS0yeDh4LWptcnAtcGh4d84AAwGK
Sinatra vulnerable to Reflected File Download attackEcosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Published: about 2 months ago
Low
Ecosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS0zeGc4LWNjOGYtOXd2Ms4AAv9V
Unsanitized input leading to code injection in DalliEcosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Published: 2 months ago
High
Ecosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS12YzQ3LTZycWctYzdmNc4AAv82
HTTP response splitting in CGIEcosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Published: 2 months ago
Low
Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1mcHBxLW1qNzYtZnBqMs4AAvrA
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Published: 3 months ago
Low
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS05Y2hyLTRmamgtNXJnd84AAvjh
Cross-site Scripting in actionpackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS0ycWM2LW1jdnctOTJjd84AAvaT
Update bundled libxml2 to v2.10.3 to resolve multiple CVEsEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS1wNzVjLTV4M2gtY3hjZ84AAvNV
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpointEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-javalite, google-protobuf, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS1oNGg1LTNocjQtajNnMs4AAvKm
protobuf-java has a potential Denial of Service issueEcosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-javalite, google-protobuf, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Published: 4 months ago
Low
Ecosystems: rubygems
Packages: sqlite3
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS1tZ3Z2LTVteHAteHE2N84AAvJx
SQLite3 addresses vulnerability in packaged version of libsqliteEcosystems: rubygems
Packages: sqlite3
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS00cXc0LWpwcDQtOGd2cM4AAu97
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of serviceEcosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 4 months ago
High
Ecosystems: rubygems
Packages: arr-pm
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS04OGN2LW1qMjQtOHczcc4AAu96
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.Ecosystems: rubygems
Packages: arr-pm
Source: GitHub Advisory Database
Published: 4 months ago
High
Ecosystems: rubygems
Packages: pageflow
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1xY3F2LTM4amctMnI0M84AAuzt
Pageflow vulnerable to insecure direct object reference in membership update endpointEcosystems: rubygems
Packages: pageflow
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: rubygems
Packages: pageflow
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS13cnJ3LWNycDgtOTc5cc4AAuzs
Pageflow vulnerable to sensitive user data extraction via Ransack query injectionEcosystems: rubygems
Packages: pageflow
Source: GitHub Advisory Database
Published: 5 months ago
Critical
Ecosystems: rubygems
Packages: pdfkit
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1yaHd4LWhqeDIteDRxcs4AAuuA
PDFKit vulnerable to Command InjectionEcosystems: rubygems
Packages: pdfkit
Source: GitHub Advisory Database
Published: 5 months ago
Critical
Ecosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1wbTU1LXFmeHItaDI0N84AAuFx
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` valueEcosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: rubygems
Packages: update_by_case
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS0zM3doLXc0bTctYzZyOM4AAt8F
update_by_case before 0.1.3 can be vulnerable to sql injectionEcosystems: rubygems
Packages: update_by_case
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: rubygems
Packages: administrate
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1jYzhjLTI2cmotdjJ2eM4AAt2Q
administrate vulnerable to Cross-Site Request ForgeryEcosystems: rubygems
Packages: administrate
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: rubygems
Packages: tzinfo
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS01Y20yLTloOGMtcnZmeM4AAtkK
TZInfo relative path traversal vulnerability allows loading of arbitrary filesEcosystems: rubygems
Packages: tzinfo
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: rubygems
Packages: gollum
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS1majJ3LXFtanAtM3Jqbc4AAtaY
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialogEcosystems: rubygems
Packages: gollum
Source: GitHub Advisory Database
Published: 7 months ago
Critical
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS0zaGhjLXFwNXYtOXAyas4AAtT8
Active Record RCE bug with Serialized ColumnsEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 7 months ago
High
Ecosystems: rubygems
Packages: opensearch-ruby
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS05NzdjLTYzeHEtY2d3M84AAtG0
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserializationEcosystems: rubygems
Packages: opensearch-ruby
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
Ecosystems: rubygems
Packages: ember-source
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS01bTQ4LWMzN3gtZjc5Ms4AAtDY
Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied DataEcosystems: rubygems
Packages: ember-source
Source: GitHub Advisory Database
Published: 7 months ago
Critical
Ecosystems: rubygems
Packages: awesome_spawn
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS1xcHF3LW1jODUtcXZtOc4AAtDn
OS Command Injection in awesome spawnEcosystems: rubygems
Packages: awesome_spawn
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
Ecosystems: rubygems
Packages: ruby-mysql
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS03M3ByLWc2amotNWhjOc4AAtBO
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysqlEcosystems: rubygems
Packages: ruby-mysql
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS1wZzh2LWc0eHEtaHd3Oc4AAs-c
Rails::Html::Sanitizer vulnerable to Cross-site ScriptingEcosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 7 months ago
Critical
Ecosystems: rubygems
Packages: diffy
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS01d3c5LTlxcDIteDUyNM4AAs80
Improper handling of double quotes in file name in Diffy in Windows environmentEcosystems: rubygems
Packages: diffy
Source: GitHub Advisory Database
Published: 7 months ago
Low
Ecosystems: rubygems
Packages: octokit
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1nMjh4LXBncjMtcXF4Ns4AArmr
Octokit gem published with world-writable filesEcosystems: rubygems
Packages: octokit
Source: GitHub Advisory Database
Published: 8 months ago
Low
Ecosystems: rubygems
Packages: octopoller
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS0yNnFqLWNyMjctcjVjNM4AArmq
Octopoller gem published with world-writable filesEcosystems: rubygems
Packages: octopoller
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: mechanize
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS02NHFtLWhyZ3AtcGdyOc4AAreP
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirectEcosystems: rubygems
Packages: mechanize
Source: GitHub Advisory Database
Published: 8 months ago
Critical
Ecosystems: rubygems
Packages: jmespath
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS01YzVmLTd2ZnEtMzczMs4AArZl
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferableEcosystems: rubygems
Packages: jmespath
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: trilogy
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS01ZzRyLTJxaHgtdnFmbc4AArZZ
Use of Uninitialized Variable in trilogyEcosystems: rubygems
Packages: trilogy
Source: GitHub Advisory Database
Published: 8 months ago
Critical
Ecosystems: rubygems
Packages: dragonfly
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1majM0LWpoangteG12ds4AArUb
Arbitrary file write in dragonflyEcosystems: rubygems
Packages: dragonfly
Source: GitHub Advisory Database
Published: 8 months ago
Low
Ecosystems: rubygems
Packages: solidus_backend
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS04NjM5LXF4NTYtcjQyOM4AArTb
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backendEcosystems: rubygems
Packages: solidus_backend
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW
Denial of Service Vulnerability in Rack Multipart ParsingEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 8 months ago
Critical
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV
Possible shell escape sequence injection vulnerability in RackEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS14Nzh2LTRmdmotcmc5as4AArLe
Camaleon CMS Stored Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS13bWg5LXgyOGotYzZncs4AArK6
Cross site scripting in publifyEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS00Mzh4LTJwOXYtZzhoOc4AArCm
Camaleon CMS Insufficient Session Expiration vulnerabilityEcosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS0zaDd2LXdxdzctZmYyOM4AArCV
Cross site scripting in publifyEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: net-ldap
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1xd2dtLW14bTQtM3EyY84AAq_4
net-ldap has weak salt when generating passwordsEcosystems: rubygems
Packages: net-ldap
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1yMncyLWg2cjgtM3I1M84AAqXz
Camaleon CMS vulnerable to Uncaught ExceptionEcosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS12eDZwLXE0Z2oteDZ4eM4AAqWr
Camaleon CMS vulnerable to Server-Side Request ForgeryEcosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: smashing
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS0yNTRqLW1tYzUtcWhweM4AApCM
Smashing Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: smashing
Source: GitHub Advisory Database
Published: 8 months ago
Low
Ecosystems: rubygems
Packages: gitaly
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1tbW1tLWNoamYtam12d84AAmp5
Gitaly Insufficient Session Expiration vulnerabilityEcosystems: rubygems
Packages: gitaly
Source: GitHub Advisory Database
Published: 8 months ago
Critical
Ecosystems: rubygems
Packages: omniauth-weibo-oauth2
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS12cjIyLTQzZ2otcngzZs4AAjgN
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third partyEcosystems: rubygems
Packages: omniauth-weibo-oauth2
Source: GitHub Advisory Database
Published: 8 months ago
Critical
Ecosystems: rubygems
Packages: papercrop
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1tNDRyLWd2NnEtOWo5cs4AAjWq
papercrop does not properly handle crop inputEcosystems: rubygems
Packages: papercrop
Source: GitHub Advisory Database
Published: 8 months ago
Low
Ecosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1tNHdoLTg0OGotOXcycs4AAixg
Katello cleartext password storage issueEcosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1janc0LTJ3OXItcjhtds4AAinR
Missing Initialization of Resource in Apache ArrowEcosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS04Y3cyLWp2NWMtYzgyNc4AAina
Missing Initialization of Resource in Apache ArrowEcosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1nbWc1LXIzYzQtM2ZtOc4AAg9y
Fat Free CRM Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1jMjczLWM2dmctNHB2Nc4AAgd6
Improper Access Control in publifyEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
Critical
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS0zaHd4LWM2Y3AtcTk3Ms4AAgdi
Cross site scripting in publifyEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS14aDI5LXIydzUtd3g4bc4AAgdN
Nokogiri Improperly Handles Unexpected Data TypeEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: rubygems
Packages: random_password_generator
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS1nZ2Z4LWg5eGotNXY5Y84AAgak
Insecure PRNG use in random_password_generatorEcosystems: rubygems
Packages: random_password_generator
Source: GitHub Advisory Database
Published: 9 months ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS1jZ3g2LWhwd3EtZmh2Nc4AAgZn
Integer Overflow or Wraparound in libxml2 affects NokogiriEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS03aDQ4LW0zcnctdnIyN84AAft6
Spree does not properly restrict the use of a hash to provide values for a model's attributesEcosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS1nNDY2LTU3Z2gtY3Fmd84AAfty
Spree uses a hardcoded hash valueEcosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
Ecosystems: rubygems
Packages: spree_auth_devise
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS1qcDU3LTlqMzctNTQ3Ns4AAfSa
spree_auth_devise allows remote authenticated users to assign arbitrary roles to themselvesEcosystems: rubygems
Packages: spree_auth_devise
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
Ecosystems: rubygems
Packages: sup
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS01ZjJwLTZ2anYtMnEybc4AAe3F
Sup Code Injection vulnerabilityEcosystems: rubygems
Packages: sup
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS1nODk3LWNnZmMtN3E4ds4AAe1L
Fat Free CRM has fixed token valueEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS1tY3ZxLTd4anEtNDZ4Ns4AAe1M
Fat Free CRM contains Cross-site Request Forgery vulnerablilitiesEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 9 months ago
Filter by Severity
Filter by Ecosystem
Filter by Package
actionpack
51
nokogiri
24
activerecord
22
rails
20
rack
16
puppet
13
rails-html-sanitizer
12
actionview
12
publify_core
12
fat_free_crm
11
activesupport
10
puma
9
passenger
8
loofah
6
doorkeeper
6
ember-source
6
rubygems-update
6
spree
5
camaleon_cms
5
spree_auth_devise
5
devise
4
dragonfly
4
mail
4
safemode
4
rubyzip
4
katello
4
sinatra
4
cgi
3
rails_admin
3
private_address_check
3
gollum
3
rest-client
3
sanitize
3
paperclip
3
sprockets
3
activestorage
3
fluentd
3
commonmarker
3
git
3
chartkick
3
omniauth
3
bundler
3
secure_headers
2
rdoc
2
redcarpet
2
carrierwave
2
mechanize
2
solidus_frontend
2
yajl-ruby
2
faye
2
bson
2
git-fastclone
2
colorscore
2
json-jwt
2
field_test
2
yard
2
ruby-openid
2
espeak-ruby
2
httparty
2
web-console
2
kramdown
2
pageflow
2
activemodel
2
red-arrow
2
pyarrow
2
rack-cors
2
bootstrap
2
ruby-saml
2
VladTheEnterprising
2
minitar
2
rack-mini-profiler
2
archive-tar-minitar
2
sidekiq
2
qiita-markdown
2
net-ldap
2
mini_magick
2
pdfkit
2
json
2
omniauth-facebook
2
i18n
2
sup
2
administrate
2
devise-two-factor
2
bootstrap-sass
2
cocoapods-downloader
2
ox
2
pghero
2
google-protobuf
2
com.google.protobuf:protobuf-kotlin
2
com.google.protobuf:protobuf-java
2
festivaltts4r
2
solidus_core
2
radiant
2
user_agent_parser
1
airbrake-ruby
1
view_component
1
matestack-ui-core
1
curl
1
geocoder
1
faye-websocket
1
bibtex-ruby
1
solidus_api
1
activeresource
1
personnummer
1
gibbon
1
ldoce
1
rgpg
1
dependabot-omnibus
1
dependabot-common
1
active-support
1
sounder
1
wicked
1
shrine
1
diffy
1
kubeclient
1
mcollective-client
1
pgsync
1
trilogy
1
goliath
1
em-http-request
1
em-imap
1
iodine
1
blazer
1
fog-dragonfly
1
newrelic_rpm
1
solidus_backend
1
narou
1
railties
1
netaddr
1
update_by_case
1
kelredd-pruview
1
cremefraiche
1
actionmailer
1
padrino-contrib
1
better_errors
1
ciborg
1
clearance
1
show_in_browser
1
cap-strap
1
lawn-login
1
brbackup
1
ruby-jss
1
excon
1
simple_captcha2
1
solidus_auth_devise
1
datagrid
1
date
1
message_bus
1
marginalia
1
samlr
1
multi_xml
1
lynx
1
simple_form
1
inline_svg
1
oxidized-web
1
rack-ssl
1
webbynode
1
paranoid2
1
omniauth-saml
1
slanger
1
foreman_ansible
1
sqlite3-ruby
1
crack
1
asciidoctor-include-ext
1
redcloth
1
active_attr
1
recurly
1
tmpdir
1
actionpack-page_caching
1
random_password_generator
1
csv-safe
1
jmespath
1
doorkeeper-openid_connect
1
chloride
1
gollum-lib
1
jquery-ui-rails
1
mixlib-archive
1
smalruby-editor
1
command_wrap
1
jquery-ui
1
smalruby
1
xapian-core
1
kafo
1
sorcery
1
paratrooper-pingdom
1
point-cli
1
octopoller
1
hammer_cli_foreman
1
features
1
aescrypt
1
sqlite3
1
smashing
1
ccsv
1
omniauth-weibo-oauth2
1
ldap_fluff
1
xaviershay-dm-rails
1
authlogic
1
kajam
1
rwiki
1
easymon
1
many_versioned_gem
1
mysql-binuuid-rails
1
rbovirt
1
karteek-docsplit
1
gtk2
1
tweetstream
1
gyazo
1
sfpagent
1
flash_tool
1
ftpd
1
gon
1
arabic-prawn
1
chartkick
1
rack-protection
1
consul
1
ffi
1
openssl
1
com.google.protobuf:protobuf-kotlin-lite
1
rake
1
ruby_parser-legacy
1
omniauth-oauth2
1
curupira
1
asciidoctor
1
gitaly
1
jruby-openssl
1
smart_proxy_dynflow
1
spina
1
redis-store
1
papercrop
1
foreman_fog_proxmox
1
activerecord-session_store
1
gemirro
1
rubocop
1
devise_masquerade
1
bindata
1
rexml
1
text_helpers
1
thumbshooter
1
oauth
1
cocaine
1
fastreader
1
sprout
1
restforce
1
sensu
1
tzinfo
1
will_paginate
1
image_processing
1
extlib
1
thin
1
jekyll
1
rexical
1
paratrooper-newrelic
1
http
1
keynote
1
rails_multisite
1
strong_password
1
reel
1
cron_parser
1
coin_base
1
blockchain_wallet
1
awesome-bot
1
doge-coin
1
capistrano-colors
1
bitcoin_vanity
1
coming-soon
1
omniauth_amazon
1
cairo
1
geminabox
1
webrick
1
backup-agoddard
1
opensearch-ruby
1
moped
1
backup_checksum
1
bio-basespace-sdk
1
com.google.protobuf:protobuf-javalite
1
awesome_spawn
1
nori
1
md2pdf
1
devise_invitable
1
exiftool_vendored
1
websocket-extensions
1
lita-coin
1
sentry-raven
1
grape
1
jquery-rails
1
activejob
1
haml
1
kcapifony
1
globalid
1
lean-ruport
1
arr-pm
1
addressable
1
kaminari
1
trestle-auth
1
dalli
1
ruby-mysql
1
agoo
1
delayed_job_web
1
hiera
1
facter
1