Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

rubygems omniauth-saml Security Advisories

Browse all Security Advisories for rubygems omniauth-saml

Loading...
Critical
GSA_kwCzR0hTQS1jdnA4LTVyOGctZmh2cc4AA_eZ
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
Ecosystems: rubygems
Packages: omniauth-saml
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 1 month ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk0aG0tOHE2NS1ybXht
OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal
Ecosystems: rubygems
Packages: omniauth-saml
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: over 5 years ago
Statistics
Advisories: 20,301
Packages: 8,913
Repositories: 2
Ecosystems: 12
Filter by Package
actionpack 58 nokogiri 43 rubygems-update 25 puppet 23 rack 23 activerecord 21 activesupport 14 publify_core 14 passenger 13 camaleon_cms 13 puma 12 actionview 12 rails 11 decidim 11 fat_free_crm 10 jquery-rails 9 bootstrap 9 twbs/bootstrap 9 org.webjars:bootstrap 9 bootstrap 9 bootstrap 9 rails-html-sanitizer 9 org.webjars.npm:jquery 8 jquery 8 bootstrap-sass 8 jQuery 7 org.jruby:jruby-stdlib 7 jquery-ui 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 jquery-ui-rails 7 bootstrap.sass 7 katello 6 doorkeeper 6 ember-source 6 loofah 6 rexml 6 grpc 5 grpcio 5 spree_auth_devise 5 commonmarker 5 bootstrap-sass 5 bundler 5 sidekiq 5 spree 5 webrick 5 fluentd 4 mail 4 dragonfly 4 rails_admin 4 sinatra 4 activestorage 4 ruby-saml 4 avo 4 sanitize 4 carrierwave 4 devise 4 gollum 3 json-jwt 3 rdoc 3 rest-client 3 git 3 decidim-admin 3 openssl 3 openc3 3 chartkick 3 io.grpc:grpc-protobuf 3 decidim-core 3 spina 3 yard 3 cgi 3 devise-two-factor 3 private_address_check 3 phlex 3 geminabox 3 com.google.protobuf:protobuf-java 3 com.google.protobuf:protobuf-kotlin 3 rubyzip 3 activeadmin 3 resque 3 rack-cors 3 google-protobuf 3 omniauth 3 secure_headers 2 sidekiq-unique-jobs 2 net-ldap 2 pyarrow 2 omniauth-saml 2 sprockets 2 field_test 2 httparty 2 uri 2 VladTheEnterprising 2 pageflow 2 @openc3/tool-common 2 view_component 2 openc3 2 echor 2 paperclip 2 twitter-bootstrap-rails 2 json 2 bson 2 pdfkit 2 com.google.protobuf:protobuf-kotlin-lite 2 facter 2 kaminari 2 com.google.protobuf:protobuf-javalite 2 radiant 2 redcarpet 2 faye 2 pghero 2 mini_magick 2 org.webjars.npm:bootstrap 2 red-arrow 2 kramdown 2 solidus_core 2 git-fastclone 2 logstash-core 2 i18n 2 omniauth-facebook 2 qiita-markdown 2 solidus_frontend 2 decidim-templates 2 actiontext 2 administrate 2 yajl-ruby 2 ox 2 mapbox.js 2 mapbox-rails 2 safemode 2 mechanize 2 cocoapods-downloader 2 sup 2 ruby-openid 2 user_agent_parser 2 paratrooper-newrelic 1 text_helpers 1 stringio 1 sqlite-vec 1 jmespath 1 trilogy 1 sentry-raven 1 easymon 1 Bootstrap.Less 1 django 1 ruby_parser 1 gtk2 1 ruby-mysql 1 rubocop 1 encoded_id-rails 1 rotp 1 stimulus_reflex 1 @turbo-boost/commands 1 stimulus_reflex 1 turbo_boost-commands 1 image_processing 1 discordrb 1 diffy 1 recurly 1 md2pdf 1 fog-dragonfly 1 gitaly 1 sounder 1 sqlite-vec 1 date 1 sqlite-vec 1 sqlite-vec 1 active_attr 1 octopoller 1 em-imap 1 opensearch-ruby 1 netaddr 1 goliath 1 moped 1 sisimai 1 exiftool_vendored 1 globalid 1 solidus_api 1 uglify-js 1 uglifier 1 paratrooper-pingdom 1 sfpagent 1 ldoce 1 omniauth-oauth2 1 random_password_generator 1 rake 1 gollum-lib 1 uap-core 1 bibtex-ruby 1 handlebars 1 bootstrap-wysihtml5-rails 1 ruby_parser-legacy 1 haml 1 simple_form 1 mysql-binuuid-rails 1 simple_captcha2 1 marginalia 1 time 1 strong_password 1 datagrid 1