Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

105 advisories

Loading
Backdoor / Malicious code Critical
GHSA-q2hm-gx3f-h63q was published for lita-coin (RubyGems) Feb 23, 2021 withdrawn
Authentication Bypass by CSRF Weakness Critical
GHSA-5629-8855-gf4g was published for solidus_core (RubyGems) Nov 18, 2021
oliverchang
active-support impersonates 'activesupport' gem Critical
CVE-2018-3779 was published for active-support (RubyGems) Aug 13, 2018
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
OS Command Injection in awesome spawn Critical
CVE-2014-0156 was published for awesome_spawn (RubyGems) Jul 1, 2022
BenK0lin
Integer overflow in publify_core Critical
CVE-2022-1812 was published for publify_core (RubyGems) Jan 14, 2023
festivaltts4r allows arbitrary command execution Critical
CVE-2016-10194 was published for festivaltts4r (RubyGems) Oct 24, 2017
paperclip Server-Side Request Forgery vulnerability Critical
CVE-2017-0889 was published for paperclip (RubyGems) Jan 22, 2018
Arbitrary file write in dragonfly Critical
CVE-2021-33473 was published for dragonfly (RubyGems) Jun 3, 2022
Improper handling of double quotes in file name in Diffy in Windows environment Critical
CVE-2022-33127 was published for diffy (RubyGems) Jun 24, 2022
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value Critical
CVE-2020-36599 was published for omniauth (RubyGems) Aug 19, 2022
gsimoesr
Arbitrary file write in actionpack-page_caching gem Critical
CVE-2020-8159 was published for actionpack-page_caching (RubyGems) May 13, 2020
Active Record RCE bug with Serialized Columns Critical
CVE-2022-32224 was published for activerecord (RubyGems) Jul 12, 2022
Fluentd Escape Sequence Injection Vulnerability Critical
CVE-2017-10906 was published for fluentd (RubyGems) May 13, 2022
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party Critical
CVE-2019-17268 was published for omniauth-weibo-oauth2 (RubyGems) May 24, 2022
smalruby and smalruby-editor vulnerable to OS Command Injection Critical
CVE-2017-2096 was published for smalruby (RubyGems) May 13, 2022
RubyGems Improper Verification of Cryptographic Signature vulnerability Critical
CVE-2018-1000076 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
RubyGems Code Injection vulnerability Critical
CVE-2017-0899 was published for rubygems-update (RubyGems) May 13, 2022
RubyGems vulnerable to Deserialization of Untrusted Data Critical
CVE-2017-0903 was published for rubygems-update (RubyGems) May 13, 2022
Code injection in pdf_info Critical
CVE-2022-36231 was published for pdf_info (RubyGems) Feb 24, 2023
Nokogiri vulnerable to libxslt protection mechanism bypass Critical
CVE-2019-11068 was published for nokogiri (RubyGems) May 13, 2022
Possible code injection vulnerability in Rails / Active Storage Critical
CVE-2022-21831 was published for activestorage (RubyGems) Mar 8, 2022
sergey-alekseev
karo Metacharacter Handling Remote Command Execution Critical
CVE-2014-10075 was published for karo (RubyGems) May 14, 2022
jasnow
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js Critical
CVE-2015-8857 was published for uglifier (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API