Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1mdzNnLTJoM2otcW1tN84AAxPa
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 1 day ago
High
GSA_kwCzR0hTQS02MzI1LTZnMzItN3AzNc4AAxNI
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Ecosystems: rubygems
Packages: flash_tool
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS03NDZnLTNnZnAtaGZod84AAxNH
Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS04OHA4LTR2djUtODJqN84AAxNG
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Ecosystems: rubygems
Packages: xaviershay-dm-rails
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02MzZmLXhtNWotcGo5bc4AAxIx
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS1xOTVoLWNxcnYtOGp2Nc4AAxGB
ExifTool vulnerable to arbitrary code execution
Ecosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS14Z3Y3LXBxcWgtaDJ3Oc4AAxEu
jruby-openssl gem for JRuby fails to do proper certificate validation
Ecosystems: rubygems
Packages: jruby-openssl
Source: GitHub Advisory Database
Published: 10 days ago
Low
GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0
Denial of Service Vulnerability in Rack Content-Disposition parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS1wODR2LTQ1eGotd3dxas4AAxDz
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS1qNmdjLTc5Mm0tcWdtMs4AAxDy
ReDoS based DoS vulnerability in Active Support’s underscore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS05NDQ1LTRjcjYtMzM2cs4AAxDx
Open Redirect Vulnerability in Action Pack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS01Nzl3LTIyajQtNDc0Oc4AAxDw
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS04eHd3LXgzZzMtNmpjds4AAxDv
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS1ocTdwLWozNzctNnY2M84AAxDu
SQL Injection Vulnerability via ActiveRecord comments
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt
Denial of service via header parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs
Denial of service via multipart parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalID
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS12bTc0LWo0d3EtODJ4as4AAxBY
Sisimai Inefficient Regular Expression Complexity vulnerability
Ecosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS1wcGhmLWdmcm0tdjMycs4AAxAx
Code injection in ruby git
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 12 days ago
Critical
GSA_kwCzR0hTQS04NWdmLXdyNjctZjgzd84AAw_f
curupira is vulnerable to SQL injection
Ecosystems: rubygems
Packages: curupira
Source: GitHub Advisory Database
Published: 13 days ago
Critical
GSA_kwCzR0hTQS1yYzQyLWpnaGYtdnI4Zs4AAw-0
Integer overflow in publify_core
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1xM3JtLWY1MjctZ2h4as4AAw-1
Publify Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS03OXdxLWc0djktZ2ZqNM4AAw-2
Publify Core does not strip metadata from images
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 15 days ago
High
GSA_kwCzR0hTQS1wZnByLTM0NjMtYzZqaM4AAw1C
ruby-git has potential remote code execution vulnerability
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1wMzNxLTRoNG0tajk5NM4AAwy7
Inline SVG vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: inline_svg
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS12Zjk5LXh3MjYtODZnNc4AAwwE
PgHero Allows Information Disclosure Through EXPLAIN Feature
Ecosystems: rubygems
Packages: pghero
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS01cHE3LTUybWctaHI0Ms4AAwuQ
httparty has multipart/form-data request tampering vulnerability
Ecosystems: rubygems
Packages: httparty
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS0zOTlwLXZxMjgtNWhnOM4AAwre
keynote Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: keynote
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS04cXdoLXJtNmMtanY5Ns4AAwnZ
Oxidized Web vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: oxidized-web
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03NGhjLTU3bTUtODNjaM4AAwgl
text_helpers uses web link to untrusted target with window.opener access
Ecosystems: rubygems
Packages: text_helpers
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS00d2hmLXJteDUtOGZyds4AAwZi
active_attr Improper Resource Shutdown or Release vulnerability
Ecosystems: rubygems
Packages: active_attr
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ycmZjLTdnOHAtOTlxOM4AAwSi
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05aDlnLTkzZ2MtNjIzaM4AAwSh
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tY3ZmLTJxMm0teDcybc4AAwSg
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS01eDc5LXc4MmYtZ3c4d84AAwSf
Inefficient Regular Expression Complexity in rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zeDhyLXg2eHAtcTR2bc4AAwSe
Uncontrolled Recursion in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yMjhnLTk0OHItODNneM4AAwSd
Improper neutralization of data URIs may allow XSS in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS00ODZmLWhqajktOXZoaM4AAwSc
Inefficient Regular Expression Complexity in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS1xdjRxLW1yNXItcXByas4AAwNH
Unchecked return value from xmlTextReaderExpand
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS0yeDh4LWptcnAtcGh4d84AAwGK
Sinatra vulnerable to Reflected File Download attack
Ecosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0zeGc4LWNjOGYtOXd2Ms4AAv9V
Unsanitized input leading to code injection in Dalli
Ecosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS12YzQ3LTZycWctYzdmNc4AAv82
HTTP response splitting in CGI
Ecosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS1mcHBxLW1qNzYtZnBqMs4AAvrA
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS05Y2hyLTRmamgtNXJnd84AAvjh
Cross-site Scripting in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0ycWM2LW1jdnctOTJjd84AAvaT
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wNzVjLTV4M2gtY3hjZ84AAvNV
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oNGg1LTNocjQtajNnMs4AAvKm
protobuf-java has a potential Denial of Service issue
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-javalite, google-protobuf, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1tZ3Z2LTVteHAteHE2N84AAvJx
SQLite3 addresses vulnerability in packaged version of libsqlite
Ecosystems: rubygems
Packages: sqlite3
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00cXc0LWpwcDQtOGd2cM4AAu97
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS04OGN2LW1qMjQtOHczcc4AAu96
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
Ecosystems: rubygems
Packages: arr-pm
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS1xY3F2LTM4amctMnI0M84AAuzt
Pageflow vulnerable to insecure direct object reference in membership update endpoint
Ecosystems: rubygems
Packages: pageflow
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS13cnJ3LWNycDgtOTc5cc4AAuzs
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
Ecosystems: rubygems
Packages: pageflow
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1yaHd4LWhqeDIteDRxcs4AAuuA
PDFKit vulnerable to Command Injection
Ecosystems: rubygems
Packages: pdfkit
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1wbTU1LXFmeHItaDI0N84AAuFx
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Ecosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zM3doLXc0bTctYzZyOM4AAt8F
update_by_case before 0.1.3 can be vulnerable to sql injection
Ecosystems: rubygems
Packages: update_by_case
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jYzhjLTI2cmotdjJ2eM4AAt2Q
administrate vulnerable to Cross-Site Request Forgery
Ecosystems: rubygems
Packages: administrate
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS01Y20yLTloOGMtcnZmeM4AAtkK
TZInfo relative path traversal vulnerability allows loading of arbitrary files
Ecosystems: rubygems
Packages: tzinfo
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1majJ3LXFtanAtM3Jqbc4AAtaY
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog
Ecosystems: rubygems
Packages: gollum
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0zaGhjLXFwNXYtOXAyas4AAtT8
Active Record RCE bug with Serialized Columns
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 7 months ago
High
GSA_kwCzR0hTQS05NzdjLTYzeHEtY2d3M84AAtG0
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
Ecosystems: rubygems
Packages: opensearch-ruby
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01bTQ4LWMzN3gtZjc5Ms4AAtDY
Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data
Ecosystems: rubygems
Packages: ember-source
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1xcHF3LW1jODUtcXZtOc4AAtDn
OS Command Injection in awesome spawn
Ecosystems: rubygems
Packages: awesome_spawn
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03M3ByLWc2amotNWhjOc4AAtBO
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
Ecosystems: rubygems
Packages: ruby-mysql
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wZzh2LWc0eHEtaHd3Oc4AAs-c
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS01d3c5LTlxcDIteDUyNM4AAs80
Improper handling of double quotes in file name in Diffy in Windows environment
Ecosystems: rubygems
Packages: diffy
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1nMjh4LXBncjMtcXF4Ns4AArmr
Octokit gem published with world-writable files
Ecosystems: rubygems
Packages: octokit
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS0yNnFqLWNyMjctcjVjNM4AArmq
Octopoller gem published with world-writable files
Ecosystems: rubygems
Packages: octopoller
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02NHFtLWhyZ3AtcGdyOc4AAreP
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect
Ecosystems: rubygems
Packages: mechanize
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS01YzVmLTd2ZnEtMzczMs4AArZl
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
Ecosystems: rubygems
Packages: jmespath
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01ZzRyLTJxaHgtdnFmbc4AArZZ
Use of Uninitialized Variable in trilogy
Ecosystems: rubygems
Packages: trilogy
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1majM0LWpoangteG12ds4AArUb
Arbitrary file write in dragonfly
Ecosystems: rubygems
Packages: dragonfly
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS04NjM5LXF4NTYtcjQyOM4AArTb
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Ecosystems: rubygems
Packages: solidus_backend
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW
Denial of Service Vulnerability in Rack Multipart Parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV
Possible shell escape sequence injection vulnerability in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS14Nzh2LTRmdmotcmc5as4AArLe
Camaleon CMS Stored Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13bWg5LXgyOGotYzZncs4AArK6
Cross site scripting in publify
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS00Mzh4LTJwOXYtZzhoOc4AArCm
Camaleon CMS Insufficient Session Expiration vulnerability
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zaDd2LXdxdzctZmYyOM4AArCV
Cross site scripting in publify
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xd2dtLW14bTQtM3EyY84AAq_4
net-ldap has weak salt when generating passwords
Ecosystems: rubygems
Packages: net-ldap
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1yMncyLWg2cjgtM3I1M84AAqXz
Camaleon CMS vulnerable to Uncaught Exception
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12eDZwLXE0Z2oteDZ4eM4AAqWr
Camaleon CMS vulnerable to Server-Side Request Forgery
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0yNTRqLW1tYzUtcWhweM4AApCM
Smashing Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: smashing
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS1tbW1tLWNoamYtam12d84AAmp5
Gitaly Insufficient Session Expiration vulnerability
Ecosystems: rubygems
Packages: gitaly
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS12cjIyLTQzZ2otcngzZs4AAjgN
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
Ecosystems: rubygems
Packages: omniauth-weibo-oauth2
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1tNDRyLWd2NnEtOWo5cs4AAjWq
papercrop does not properly handle crop input
Ecosystems: rubygems
Packages: papercrop
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS1tNHdoLTg0OGotOXcycs4AAixg
Katello cleartext password storage issue
Ecosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1janc0LTJ3OXItcjhtds4AAinR
Missing Initialization of Resource in Apache Arrow
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS04Y3cyLWp2NWMtYzgyNc4AAina
Missing Initialization of Resource in Apache Arrow
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1nbWc1LXIzYzQtM2ZtOc4AAg9y
Fat Free CRM Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jMjczLWM2dmctNHB2Nc4AAgd6
Improper Access Control in publify
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS0zaHd4LWM2Y3AtcTk3Ms4AAgdi
Cross site scripting in publify
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS14aDI5LXIydzUtd3g4bc4AAgdN
Nokogiri Improperly Handles Unexpected Data Type
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1nZ2Z4LWg5eGotNXY5Y84AAgak
Insecure PRNG use in random_password_generator
Ecosystems: rubygems
Packages: random_password_generator
Source: GitHub Advisory Database
Published: 9 months ago
High
GSA_kwCzR0hTQS1jZ3g2LWhwd3EtZmh2Nc4AAgZn
Integer Overflow or Wraparound in libxml2 affects Nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS03aDQ4LW0zcnctdnIyN84AAft6
Spree does not properly restrict the use of a hash to provide values for a model's attributes
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1nNDY2LTU3Z2gtY3Fmd84AAfty
Spree uses a hardcoded hash value
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1qcDU3LTlqMzctNTQ3Ns4AAfSa
spree_auth_devise allows remote authenticated users to assign arbitrary roles to themselves
Ecosystems: rubygems
Packages: spree_auth_devise
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01ZjJwLTZ2anYtMnEybc4AAe3F
Sup Code Injection vulnerability
Ecosystems: rubygems
Packages: sup
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1nODk3LWNnZmMtN3E4ds4AAe1L
Fat Free CRM has fixed token value
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1tY3ZxLTd4anEtNDZ4Ns4AAe1M
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 9 months ago
Filter by Package
actionpack 51 nokogiri 24 activerecord 22 rails 20 rack 16 puppet 13 rails-html-sanitizer 12 actionview 12 publify_core 12 fat_free_crm 11 activesupport 10 puma 9 passenger 8 loofah 6 doorkeeper 6 ember-source 6 rubygems-update 6 spree 5 camaleon_cms 5 spree_auth_devise 5 devise 4 dragonfly 4 mail 4 safemode 4 rubyzip 4 katello 4 sinatra 4 cgi 3 rails_admin 3 private_address_check 3 gollum 3 rest-client 3 sanitize 3 paperclip 3 sprockets 3 activestorage 3 fluentd 3 commonmarker 3 git 3 chartkick 3 omniauth 3 bundler 3 secure_headers 2 rdoc 2 redcarpet 2 carrierwave 2 mechanize 2 solidus_frontend 2 yajl-ruby 2 faye 2 bson 2 git-fastclone 2 colorscore 2 json-jwt 2 field_test 2 yard 2 ruby-openid 2 espeak-ruby 2 httparty 2 web-console 2 kramdown 2 pageflow 2 activemodel 2 red-arrow 2 pyarrow 2 rack-cors 2 bootstrap 2 ruby-saml 2 VladTheEnterprising 2 minitar 2 rack-mini-profiler 2 archive-tar-minitar 2 sidekiq 2 qiita-markdown 2 net-ldap 2 mini_magick 2 pdfkit 2 json 2 omniauth-facebook 2 i18n 2 sup 2 administrate 2 devise-two-factor 2 bootstrap-sass 2 cocoapods-downloader 2 ox 2 pghero 2 google-protobuf 2 com.google.protobuf:protobuf-kotlin 2 com.google.protobuf:protobuf-java 2 festivaltts4r 2 solidus_core 2 radiant 2 user_agent_parser 1 airbrake-ruby 1 view_component 1 matestack-ui-core 1 curl 1 geocoder 1 faye-websocket 1 bibtex-ruby 1 solidus_api 1 activeresource 1 personnummer 1 gibbon 1 ldoce 1 rgpg 1 dependabot-omnibus 1 dependabot-common 1 active-support 1 sounder 1 wicked 1 shrine 1 diffy 1 kubeclient 1 mcollective-client 1 pgsync 1 trilogy 1 goliath 1 em-http-request 1 em-imap 1 iodine 1 blazer 1 fog-dragonfly 1 newrelic_rpm 1 solidus_backend 1 narou 1 railties 1 netaddr 1 update_by_case 1 kelredd-pruview 1 cremefraiche 1 actionmailer 1 padrino-contrib 1 better_errors 1 ciborg 1 clearance 1 show_in_browser 1 cap-strap 1 lawn-login 1 brbackup 1 ruby-jss 1 excon 1 simple_captcha2 1 solidus_auth_devise 1 datagrid 1 date 1 message_bus 1 marginalia 1 samlr 1 multi_xml 1 lynx 1 simple_form 1 inline_svg 1 oxidized-web 1 rack-ssl 1 webbynode 1 paranoid2 1 omniauth-saml 1 slanger 1 foreman_ansible 1 sqlite3-ruby 1 crack 1 asciidoctor-include-ext 1 redcloth 1 active_attr 1 recurly 1 tmpdir 1 actionpack-page_caching 1 random_password_generator 1 csv-safe 1 jmespath 1 doorkeeper-openid_connect 1 chloride 1 gollum-lib 1 jquery-ui-rails 1 mixlib-archive 1 smalruby-editor 1 command_wrap 1 jquery-ui 1 smalruby 1 xapian-core 1 kafo 1 sorcery 1 paratrooper-pingdom 1 point-cli 1 octopoller 1 hammer_cli_foreman 1 features 1 aescrypt 1 sqlite3 1 smashing 1 ccsv 1 omniauth-weibo-oauth2 1 ldap_fluff 1 xaviershay-dm-rails 1 authlogic 1 kajam 1 rwiki 1 easymon 1 many_versioned_gem 1 mysql-binuuid-rails 1 rbovirt 1 karteek-docsplit 1 gtk2 1 tweetstream 1 gyazo 1 sfpagent 1 flash_tool 1 ftpd 1 gon 1 arabic-prawn 1 chartkick 1 rack-protection 1 consul 1 ffi 1 openssl 1 com.google.protobuf:protobuf-kotlin-lite 1 rake 1 ruby_parser-legacy 1 omniauth-oauth2 1 curupira 1 asciidoctor 1 gitaly 1 jruby-openssl 1 smart_proxy_dynflow 1 spina 1 redis-store 1 papercrop 1 foreman_fog_proxmox 1 activerecord-session_store 1 gemirro 1 rubocop 1 devise_masquerade 1 bindata 1 rexml 1 text_helpers 1 thumbshooter 1 oauth 1 cocaine 1 fastreader 1 sprout 1 restforce 1 sensu 1 tzinfo 1 will_paginate 1 image_processing 1 extlib 1 thin 1 jekyll 1 rexical 1 paratrooper-newrelic 1 http 1 keynote 1 rails_multisite 1 strong_password 1 reel 1 cron_parser 1 coin_base 1 blockchain_wallet 1 awesome-bot 1 doge-coin 1 capistrano-colors 1 bitcoin_vanity 1 coming-soon 1 omniauth_amazon 1 cairo 1 geminabox 1 webrick 1 backup-agoddard 1 opensearch-ruby 1 moped 1 backup_checksum 1 bio-basespace-sdk 1 com.google.protobuf:protobuf-javalite 1 awesome_spawn 1 nori 1 md2pdf 1 devise_invitable 1 exiftool_vendored 1 websocket-extensions 1 lita-coin 1 sentry-raven 1 grape 1 jquery-rails 1 activejob 1 haml 1 kcapifony 1 globalid 1 lean-ruport 1 arr-pm 1 addressable 1 kaminari 1 trestle-auth 1 dalli 1 ruby-mysql 1 agoo 1 delayed_job_web 1 hiera 1 facter 1