Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

rubygems Security Advisories

Loading...
Low
GSA_kwCzR0hTQS04eHd3LXgzZzMtNmpjds4AAxDv
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ocTdwLWozNzctNnY2M84AAxDu
SQL Injection Vulnerability via ActiveRecord comments
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt
Denial of service via header parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs
Denial of service via multipart parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalID
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12bTc0LWo0d3EtODJ4as4AAxBY
Sisimai Inefficient Regular Expression Complexity vulnerability
Ecosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wcGhmLWdmcm0tdjMycs4AAxAx
Code injection in ruby git
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04NWdmLXdyNjctZjgzd84AAw_f
curupira is vulnerable to SQL injection
Ecosystems: rubygems
Packages: curupira
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yYzQyLWpnaGYtdnI4Zs4AAw-0
Integer overflow in publify_core
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03OXdxLWc0djktZ2ZqNM4AAw-2
Publify Core does not strip metadata from images
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1xM3JtLWY1MjctZ2h4as4AAw-1
Publify Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wZnByLTM0NjMtYzZqaM4AAw1C
ruby-git has potential remote code execution vulnerability
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wMzNxLTRoNG0tajk5NM4AAwy7
Inline SVG vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: inline_svg
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS12Zjk5LXh3MjYtODZnNc4AAwwE
PgHero Allows Information Disclosure Through EXPLAIN Feature
Ecosystems: rubygems
Packages: pghero
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01cHE3LTUybWctaHI0Ms4AAwuQ
httparty has multipart/form-data request tampering vulnerability
Ecosystems: rubygems
Packages: httparty
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zOTlwLXZxMjgtNWhnOM4AAwre
keynote Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: keynote
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04cXdoLXJtNmMtanY5Ns4AAwnZ
Oxidized Web vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: oxidized-web
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03NGhjLTU3bTUtODNjaM4AAwgl
text_helpers uses web link to untrusted target with window.opener access
Ecosystems: rubygems
Packages: text_helpers
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00d2hmLXJteDUtOGZyds4AAwZi
active_attr Improper Resource Shutdown or Release vulnerability
Ecosystems: rubygems
Packages: active_attr
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ycmZjLTdnOHAtOTlxOM4AAwSi
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05aDlnLTkzZ2MtNjIzaM4AAwSh
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tY3ZmLTJxMm0teDcybc4AAwSg
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS01eDc5LXc4MmYtZ3c4d84AAwSf
Inefficient Regular Expression Complexity in rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zeDhyLXg2eHAtcTR2bc4AAwSe
Uncontrolled Recursion in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yMjhnLTk0OHItODNneM4AAwSd
Improper neutralization of data URIs may allow XSS in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00ODZmLWhqajktOXZoaM4AAwSc
Inefficient Regular Expression Complexity in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xdjRxLW1yNXItcXByas4AAwNH
Unchecked return value from xmlTextReaderExpand
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yeDh4LWptcnAtcGh4d84AAwGK
Sinatra vulnerable to Reflected File Download attack
Ecosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zeGc4LWNjOGYtOXd2Ms4AAv9V
Unsanitized input leading to code injection in Dalli
Ecosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS12YzQ3LTZycWctYzdmNc4AAv82
HTTP response splitting in CGI
Ecosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1mcHBxLW1qNzYtZnBqMs4AAvrA
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0ycWM2LW1jdnctOTJjd84AAvaT
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wNzVjLTV4M2gtY3hjZ84AAvNV
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNGg1LTNocjQtajNnMs4AAvKm
protobuf-java has a potential Denial of Service issue
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-javalite, google-protobuf, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1tZ3Z2LTVteHAteHE2N84AAvJx
SQLite3 addresses vulnerability in packaged version of libsqlite
Ecosystems: rubygems
Packages: sqlite3
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00cXc0LWpwcDQtOGd2cM4AAu97
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS04OGN2LW1qMjQtOHczcc4AAu96
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
Ecosystems: rubygems
Packages: arr-pm
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xY3F2LTM4amctMnI0M84AAuzt
Pageflow vulnerable to insecure direct object reference in membership update endpoint
Ecosystems: rubygems
Packages: pageflow
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS13cnJ3LWNycDgtOTc5cc4AAuzs
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
Ecosystems: rubygems
Packages: pageflow
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yaHd4LWhqeDIteDRxcs4AAuuA
PDFKit vulnerable to Command Injection
Ecosystems: rubygems
Packages: pdfkit
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wbTU1LXFmeHItaDI0N84AAuFx
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Ecosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zM3doLXc0bTctYzZyOM4AAt8F
update_by_case before 0.1.3 can be vulnerable to sql injection
Ecosystems: rubygems
Packages: update_by_case
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jYzhjLTI2cmotdjJ2eM4AAt2Q
administrate vulnerable to Cross-Site Request Forgery
Ecosystems: rubygems
Packages: administrate
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS01Y20yLTloOGMtcnZmeM4AAtkK
TZInfo relative path traversal vulnerability allows loading of arbitrary files
Ecosystems: rubygems
Packages: tzinfo
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNmdqLTZqanEtaDhnOc4AAtcw
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Ecosystems: nuget, rubygems, maven, npm
Packages: jQuery.UI.Combined, jquery-ui-rails, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1majJ3LXFtanAtM3Jqbc4AAtaY
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog
Ecosystems: rubygems
Packages: gollum
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zaGhjLXFwNXYtOXAyas4AAtT8
Active Record RCE bug with Serialized Columns
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS05NzdjLTYzeHEtY2d3M84AAtG0
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
Ecosystems: rubygems
Packages: opensearch-ruby
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01bTQ4LWMzN3gtZjc5Ms4AAtDY
Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data
Ecosystems: rubygems
Packages: ember-source
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xcHF3LW1jODUtcXZtOc4AAtDn
OS Command Injection in awesome spawn
Ecosystems: rubygems
Packages: awesome_spawn
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03M3ByLWc2amotNWhjOc4AAtBO
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
Ecosystems: rubygems
Packages: ruby-mysql
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wZzh2LWc0eHEtaHd3Oc4AAs-c
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01d3c5LTlxcDIteDUyNM4AAs80
Improper handling of double quotes in file name in Diffy in Windows environment
Ecosystems: rubygems
Packages: diffy
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1nMjh4LXBncjMtcXF4Ns4AArmr
Octokit gem published with world-writable files
Ecosystems: rubygems
Packages: octokit
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yNnFqLWNyMjctcjVjNM4AArmq
Octopoller gem published with world-writable files
Ecosystems: rubygems
Packages: octopoller
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NHFtLWhyZ3AtcGdyOc4AAreP
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect
Ecosystems: rubygems
Packages: mechanize
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01YzVmLTd2ZnEtMzczMs4AArZl
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
Ecosystems: rubygems
Packages: jmespath
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01ZzRyLTJxaHgtdnFmbc4AArZZ
Use of Uninitialized Variable in trilogy
Ecosystems: rubygems
Packages: trilogy
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1majM0LWpoangteG12ds4AArUb
Arbitrary file write in dragonfly
Ecosystems: rubygems
Packages: dragonfly
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04NjM5LXF4NTYtcjQyOM4AArTb
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Ecosystems: rubygems
Packages: solidus_backend
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW
Denial of Service Vulnerability in Rack Multipart Parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV
Possible shell escape sequence injection vulnerability in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14Nzh2LTRmdmotcmc5as4AArLe
Camaleon CMS Stored Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13bWg5LXgyOGotYzZncs4AArK6
Cross site scripting in publify
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00Mzh4LTJwOXYtZzhoOc4AArCm
Camaleon CMS Insufficient Session Expiration vulnerability
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zaDd2LXdxdzctZmYyOM4AArCV
Cross site scripting in publify
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xd2dtLW14bTQtM3EyY84AAq_4
net-ldap has weak salt when generating passwords
Ecosystems: rubygems
Packages: net-ldap
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yMncyLWg2cjgtM3I1M84AAqXz
Camaleon CMS vulnerable to Uncaught Exception
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12eDZwLXE0Z2oteDZ4eM4AAqWr
Camaleon CMS vulnerable to Server-Side Request Forgery
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13NnB2LWM3NTctNnJncs4AAqLL
apollo_upload_server has Denial of Service vulnerability
Ecosystems: rubygems
Packages: apollo_upload_server
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01OWdwLXFxbTctY3c0as4AApYf
Nokogiri has vulnerable dependencies on libxml2 and libxslt
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yNTRqLW1tYzUtcWhweM4AApCM
Smashing Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: smashing
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qdzlmLWhoNDktY3ZwOc4AAoiz
Nokogiri contains libxml Out-of-bounds Write vulnerability
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12NGY4LTI4NDctcndtN84AAoiI
Nokogiri Implements libxml2 version vulnerable to use-after-free
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yODZ2LXBjZjUtMjVyY84AAof1
Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14Z3d3LWg5OGYtMjRxZs4AAoS0
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
Ecosystems: rubygems
Packages: metasploit-framework
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tbW1tLWNoamYtam12d84AAmp5
Gitaly Insufficient Session Expiration vulnerability
Ecosystems: rubygems
Packages: gitaly
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nd2ZnLWNxbWctY2Y4Zs4AAmJ3
WEBRick vulnerable to HTTP Request/Response Smuggling
Ecosystems: rubygems
Packages: webrick
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12cjIyLTQzZ2otcngzZs4AAjgN
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
Ecosystems: rubygems
Packages: omniauth-weibo-oauth2
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tNDRyLWd2NnEtOWo5cs4AAjWq
papercrop does not properly handle crop input
Ecosystems: rubygems
Packages: papercrop
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12bWZ4LWdjZnEtd3ZtMs4AAi6z
Nokogiri implementation of libxslt vulnerable to heap corruption
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tNHdoLTg0OGotOXcycs4AAixg
Katello cleartext password storage issue
Ecosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1janc0LTJ3OXItcjhtds4AAinR
Missing Initialization of Resource in Apache Arrow
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04Y3cyLWp2NWMtYzgyNc4AAina
Missing Initialization of Resource in Apache Arrow
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yNDJ4LTdjbTYtNHc4as4AAid7
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tdnFyLXI3NmMtd201Zs4AAiIZ
Devise Token Auth vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: devise_token_auth
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zNWoyLXA4ZmgteDk2Ns4AAhfV
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
Ecosystems: rubygems
Packages: elastic-apm
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jZjQ2LTZ4eGgtcGM3Nc4AAhJV
libxslt Type Confusion vulnerability that affects Nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00aG05LTg0NGotam14cM4AAhJW
Uninitialized read in Nokogiri gem
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jMjczLWM2dmctNHB2Nc4AAgd6
Publify has Improper Access Controls
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zaHd4LWM2Y3AtcTk3Ms4AAgdi
Publify vulnerable to cross site scripting
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14aDI5LXIydzUtd3g4bc4AAgdN
Nokogiri Improperly Handles Unexpected Data Type
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nZ2Z4LWg5eGotNXY5Y84AAgak
Insecure PRNG use in random_password_generator
Ecosystems: rubygems
Packages: random_password_generator
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jZ3g2LWhwd3EtZmh2Nc4AAgZn
Integer Overflow or Wraparound in libxml2 affects Nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12cTc0LTk1ODMtaHJtNM4AAgUu
Publify vulnerable to DoS attack
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03NTZtLTNxZjItaHA1OM4AAgTU
openshift-origin-node Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: openshift-origin-node
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03aDQ4LW0zcnctdnIyN84AAft6
Spree does not properly restrict the use of a hash to provide values for a model's attributes
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNDY2LTU3Z2gtY3Fmd84AAfty
Spree uses a hardcoded hash value
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mNjhtLXEyNnItNjRmNs4AAfmQ
Chef Improper Access Control vulnerability
Ecosystems: rubygems
Packages: chef
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qcDU3LTlqMzctNTQ3Ns4AAfSa
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles
Ecosystems: rubygems
Packages: spree_auth_devise
Source: GitHub Advisory Database
Published: almost 2 years ago
Statistics
Advisories: 17,213
Packages: 7,992
Repositories: 285
Ecosystems: 12
Filter by Package
actionpack 57 nokogiri 42 rubygems-update 25 puppet 23 rack 22 activerecord 21 activesupport 14 publify_core 14 passenger 13 actionview 12 rails 11 puma 11 fat_free_crm 10 jquery-rails 10 jquery 9 rails-html-sanitizer 9 org.webjars.npm:jquery 9 jQuery 8 jquery-ui 7 jQuery.UI.Combined 7 jquery-ui-rails 7 decidim 7 org.webjars.npm:jquery-ui 7 org.jruby:jruby-stdlib 7 camaleon_cms 6 loofah 6 doorkeeper 6 ember-source 6 spree 5 katello 5 bundler 5 commonmarker 5 spree_auth_devise 5 sidekiq 4 carrierwave 4 grpc 4 grpcio 4 webrick 4 sinatra 4 avo 4 sanitize 4 activestorage 4 devise 4 dragonfly 4 fluentd 4 mail 4 rest-client 3 bootstrap 3 bootstrap 3 gollum 3 omniauth 3 cgi 3 ruby-saml 3 resque 3 geminabox 3 yard 3 json-jwt 3 rubyzip 3 openssl 3 chartkick 3 decidim-core 3 rdoc 3 rack-cors 3 io.grpc:grpc-protobuf 3 private_address_check 3 git 3 rails_admin 3 paperclip 2 devise-two-factor 2 pdfkit 2 i18n 2 solidus_frontend 2 cocoapods-downloader 2 pghero 2 user_agent_parser 2 faye 2 field_test 2 mechanize 2 redcarpet 2 decidim-templates 2 httparty 2 VladTheEnterprising 2 omniauth-facebook 2 twitter-bootstrap-rails 2 mini_magick 2 sprockets 2 qiita-markdown 2 bootstrap-sass 2 solidus_core 2 ruby-openid 2 spina 2 view_component 2 mapbox-rails 2 uri 2 echor 2 secure_headers 2 yajl-ruby 2 mapbox.js 2 activeadmin 2 radiant 2 safemode 2 logstash-core 2 facter 2 git-fastclone 2 json 2 kramdown 2 bson 2 net-ldap 2 administrate 2 ox 2 google-protobuf 2 pageflow 2 sup 2 com.google.protobuf:protobuf-kotlin 2 com.google.protobuf:protobuf-java 2 red-arrow 2 pyarrow 2 twitter-stream 1 discordrb 1 pysha3 1 sha3 1 github.com/pubnub/go/v7 1 cap-strap 1 keynote 1 mongrel 1 com.pubnub:pubnub 1 ruby-jss 1 com.pubnub:pubnub-kotlin 1 rack-mini-profiler 1 pubnub 1 unpoly-rails 1 smalruby 1 hiera 1 mcollective-client 1 wicked 1 actionmailer 1 kelredd-pruview 1 smalruby-editor 1 diffy 1 awesome_spawn 1 pubnub/pubnub 1 pubnub 1 pubnub 1 active-support 1 solidus_backend 1 rubocop 1 ruby-mysql 1 gtk2 1 rotp 1 ruby_parser 1 stringio 1 github.com/github/hub 1 Pubnub 1 github.com/pubnub/go/v5 1 better_errors 1 hub 1 @turbo-boost/commands 1 github.com/pubnub/go/v6 1 websocket-extensions 1 turbo_boost-commands 1 github.com/pubnub/go 1 railties 1 foreman_ansible 1 gitlab-grit 1 geokit-rails 1 multi_xml 1 bindata 1 oxidized-web 1 message_bus 1 shrine 1 omniauth-auth0 1 papercrop 1 spree_api 1 omniauth-apple 1 date 1 audited 1 govuk_tech_docs 1 cremefraiche 1 rgpg 1 asciidoctor 1 oauth 1 point-cli 1 openshift-origin-node 1 clockwork_web 1 lean-ruport 1 flash_tool 1 tweetstream 1 ftpd 1 trestle-auth 1 decidim-system 1 sounder 1 decidim-admin 1 devise_invitable 1 sqlite3-ruby 1 curupira 1 thin 1 pubnub 1 trilogy 1 jmespath 1 recurly 1
Filter by Repository
https://github.com/rails/rails 53 https://github.com/sparklemotion/nokogiri 31 https://github.com/rubygems/rubygems 18 https://github.com/rack/rack 17 https://github.com/puppetlabs/puppet 15 https://github.com/publify/publify 13 https://github.com/puma/puma 11 https://github.com/jquery/jquery 10 https://github.com/phusion/passenger 10 https://github.com/rails/rails-html-sanitizer 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/decidim/decidim 8 https://github.com/jquery/jquery-ui 6 https://github.com/flavorjones/loofah 6 https://github.com/doorkeeper-gem/doorkeeper 6 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/solidusio/solidus 5 https://github.com/rgrove/sanitize 4 https://github.com/owen2345/camaleon-cms 4 https://github.com/mikel/mail 4 https://github.com/markevans/dragonfly 4 https://github.com/sinatra/sinatra 4 https://github.com/ruby/openssl 4 https://github.com/avo-hq/avo 4 https://github.com/carrierwaveuploader/carrierwave 4 https://github.com/fluent/fluentd 4 https://github.com/grpc/grpc 4 https://github.com/rubyzip/rubyzip 3 https://github.com/ruby-git/ruby-git 3 https://github.com/rubygems/rubygems.org 3 https://github.com/rest-client/rest-client 3 https://github.com/resque/resque 3 https://github.com/cyu/rack-cors 3 https://github.com/spree/spree 3 https://github.com/geminabox/geminabox 3 https://github.com/gollum/gollum 3 https://github.com/gjtorikian/commonmarker 3 https://github.com/jtdowney/private_address_check 3 https://github.com/Katello/katello 3 https://github.com/lsegal/yard 3 https://github.com/twbs/bootstrap 3 https://github.com/ruby/webrick 2 https://github.com/ruby/uri 2 https://github.com/ruby/rdoc 2 https://github.com/activeadmin/activeadmin 2 https://github.com/ruby-ldap/ruby-net-ldap 2 https://github.com/ankane/chartkick 2 https://github.com/ankane/field_test 2 https://github.com/ankane/pghero 2 https://github.com/brianmario/yajl-ruby 2 https://github.com/increments/qiita-markdown 2 https://github.com/CocoaPods/cocoapods-downloader 2 https://github.com/codevise/pageflow 2 https://github.com/github/cmark-gfm 2 https://github.com/emberjs/ember.js 2 https://github.com/faye/faye 2 https://github.com/jnunemaker/httparty 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/plataformatec/devise 2 https://github.com/mongodb/bson-ruby 2 https://github.com/mperham/sidekiq 2 https://github.com/gettalong/kramdown 2 https://github.com/openid/ruby-openid 2 https://github.com/omniauth/omniauth 2 https://github.com/ohler55/ox 2 https://github.com/nov/json-jwt 2 https://github.com/vmg/redcarpet 2 https://github.com/sparklemotion/mechanize 2 https://github.com/twitter/secure_headers 2 https://github.com/square/git-fastclone 2 https://github.com/tinfoil/devise-two-factor 2 https://github.com/sup-heliotrope/sup 2 https://github.com/svenfuchs/i18n 2 https://github.com/thoughtbot/paperclip 2 https://github.com/svenfuchs/safemode 2 https://github.com/sidekiq/sidekiq 2 https://gitlab.com/gitlab-org/cves 2 https://github.com/github/view_component 1 https://github.com/github/trilogy 1 https://github.com/github/hub 1 https://github.com/kaminari/kaminari 1 https://github.com/twbs/bootstrap-sass 1 https://github.com/theforeman/ldap_fluff 1 https://github.com/getsentry/raven-ruby 1 https://github.com/geokit/geokit-rails 1 https://github.com/tzinfo/tzinfo 1 https://github.com/gazay/gon 1 https://github.com/fnando/svg_optimizer 1 https://github.com/ua-parser/uap-core 1 https://github.com/flori/json 1 https://github.com/ua-parser/uap-ruby 1 https://github.com/ffi/ffi 1 https://github.com/faye/websocket-extensions-ruby 1 https://github.com/faye/faye-websocket-ruby 1 https://github.com/unpoly/unpoly-rails 1 https://github.com/theforeman/foreman_fog_proxmox 1 https://github.com/ViewComponent/view_component 1 https://github.com/exiftool-rb/exiftool_vendored.rb 1 https://github.com/excon/excon 1 https://github.com/evan/ccsv 1 https://github.com/jnunemaker/crack 1 https://github.com/jmespath/jmespath.rb 1 https://github.com/jirutka/asciidoctor-include-ext 1 https://github.com/jgarber/redcloth 1 https://github.com/jekyll/jekyll 1 https://github.com/janko/image_processing 1 https://github.com/jamesmartin/inline_svg 1 https://github.com/thoughtbot/cocaine 1 https://github.com/inukshuk/bibtex-ruby 1 https://github.com/jordansissel/ruby-arr-pm 1 https://github.com/josh/rack-ssl 1 https://github.com/thoughtbot/clearance 1 https://github.com/imsebao/404team 1 https://github.com/igrigorik/em-http-request 1 https://github.com/hopsoft/turbo_boost-commands 1 https://github.com/thoughtbot/administrate 1 https://github.com/heartcombo/devise 1 https://github.com/haml/haml 1 https://github.com/halostatue/minitar 1 https://github.com/Gurpartap/aescrypt 1 https://github.com/tigris/open-uri-cached 1 https://github.com/theforeman/smart_proxy_dynflow 1 https://github.com/GNOME/libxml2 1 https://github.com/TrestleAdmin/trestle-auth 1 https://github.com/binarylogic/authlogic 1 https://github.com/BetterErrors/better_errors 1 https://github.com/beenhero/omniauth-weibo-oauth2 1 https://github.com/bdmac/strong_password 1 https://github.com/bbatsov/rubocop 1 https://github.com/basecamp/marginalia 1 https://github.com/basecamp/easymon 1 https://github.com/aws/aws-sdk-ruby 1 https://github.com/zendesk/samlr 1 https://github.com/auth0/omniauth-auth0 1 https://github.com/asteinhauser/fat_free_crm 1 https://github.com/asciidoctor/asciidoctor 1 https://github.com/ankane/pgsync 1 https://github.com/zenspider/ruby_parser-legacy 1 https://github.com/zvory/csv-safe 1 https://github.com/ankane/clockwork_web 1 https://github.com/ankane/chartkick.js 1 https://gitlab.com/2013/11 1 https://github.com/ankane/blazer 1 https://github.com/amro/gibbon 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/alexreisner/geocoder 1 https://github.com/AlchemyCMS/alchemy_cms 1 https://github.com/airbrake/airbrake-ruby 1 https://github.com/ahorner/text-helpers 1 https://github.com/affix/CVE-2022-36231 1 https://github.com/adamzaninovich/sounder 1 https://github.com/elastic/logstash 1 https://github.com/elastic/apm-agent-ruby 1 https://github.com/ejschmitt/delayed_job_web 1 https://github.com/dspinhirne/netaddr-rb 1 https://github.com/doorkeeper-gem/doorkeeper-openid_connect 1 https://github.com/voloko/twitter-stream 1 https://github.com/dmendel/bindata 1 https://github.com/discourse/rails_multisite 1 https://github.com/discourse/message_bus 1 https://github.com/denkGroot/Spina 1 https://github.com/dejan/espeak-ruby 1 https://github.com/wconrad/ftpd 1 https://github.com/datamapper/extlib 1 https://github.com/webbynode/webbynode 1 https://github.com/ConradIrwin/em-imap 1 https://github.com/collectiveidea/audited 1 https://github.com/whiteleaf7/narou 1 https://github.com/codders/dataset 1 https://github.com/wycats/handlebars.js 1 https://github.com/chef/mixlib-archive 1 https://github.com/cgriego/active_attr 1 https://github.com/XKCP/XKCP 1 https://github.com/camilova/activerecord-update-by-case 1 https://github.com/bvsatyaram/random_password_generator 1 https://github.com/bundler/bundler 1 https://github.com/ytti/oxidized-web 1 https://github.com/boazsegev/iodine 1 https://github.com/rmagick/rmagick 1 https://github.com/sisimai/rb-sisimai 1 https://github.com/rf-/keynote 1 https://github.com/restforce/restforce 1 https://github.com/Smashing/smashing 1 https://github.com/resque/resque-scheduler 1 https://github.com/Snorby/snorby 1 https://github.com/redis-store/redis-store 1 https://github.com/recurly/recurly-client-ruby 1 https://github.com/rdoc/rdoc 1 https://github.com/rcook/rgpg 1 https://github.com/rapid7/metasploit-framework 1 https://github.com/rails/web-console 1 https://github.com/rails/sprockets 1 https://github.com/socketry/protocol-http1 1 https://github.com/Sorcery/sorcery 1 https://github.com/rails/kredis 1 https://github.com/rails/jquery-rails 1 https://github.com/rails/globalid 1 https://github.com/railsdog/spree 1 https://github.com/railsadminteam/rails_admin 1