Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

894 advisories

Loading
Denial of service in ruby-openid Moderate
CVE-2013-1812 was published for ruby-openid (RubyGems) Oct 24, 2017
JSON gem has Improper Input Validation vulnerability High
CVE-2013-0269 was published for json (RubyGems) Oct 24, 2017
activesupport Improper Input Validation vulnerability Moderate
CVE-2013-1856 was published for activesupport (RubyGems) Oct 24, 2017
Improper Input Validation in multi_xml High
CVE-2013-0175 was published for multi_xml (RubyGems) Oct 24, 2017
tdunlap607
Creme Fraiche contains OS Command Injection Critical
CVE-2013-2090 was published for cremefraiche (RubyGems) Oct 24, 2017
Shell command injection in command_wrap High
CVE-2013-1875 was published for command_wrap (RubyGems) Oct 24, 2017
Wicked gem contains Path traversal vulnerability Moderate
CVE-2013-4413 was published for wicked (RubyGems) Oct 24, 2017
actionmailer email address processing causes Denial of service Moderate
CVE-2013-4389 was published for actionmailer (RubyGems) Oct 24, 2017
Sounder Contains Arbitrary Command Execution Vulnerability High
CVE-2013-5647 was published for sounder (RubyGems) Oct 24, 2017
i18n gem Cross-site Scripting vulnerability Moderate
CVE-2013-4492 was published for i18n (RubyGems) Oct 24, 2017
actionpack Path Traversal vulnerability Moderate
CVE-2014-0130 was published for actionpack (RubyGems) Oct 24, 2017
Array data injection vulnerability in activerecord Moderate
CVE-2014-0080 was published for activerecord (RubyGems) Oct 24, 2017
Directory traversal vulnerability in actionpack Moderate
CVE-2014-7829 was published for actionpack (RubyGems) Oct 24, 2017
Active Record contains SQL Injection via improper range quoting High
CVE-2014-3483 was published for activerecord (RubyGems) Oct 24, 2017
rest-client allows local users to obtain sensitive information by reading the log Low
CVE-2015-3448 was published for rest-client (RubyGems) Oct 24, 2017
activesupport vulnerable to Denial of Service via large XML document depth Moderate
CVE-2015-3227 was published for activesupport (RubyGems) Oct 24, 2017
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js Critical
CVE-2015-8857 was published for uglifier (RubyGems) Oct 24, 2017
will_paginate Cross-site Scripting vulnerability Moderate
CVE-2013-6459 was published for will_paginate (RubyGems) Oct 24, 2017
activesupport Cross-site Scripting vulnerability Moderate
CVE-2015-3226 was published for activesupport (RubyGems) Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7580 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7578 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
rack-ssl Cross-site Scripting vulnerability Moderate
CVE-2014-2538 was published for rack-ssl (RubyGems) Oct 24, 2017
Aescrypt does not sufficiently use random values High
CVE-2013-7463 was published for aescrypt (RubyGems) Oct 24, 2017
actionpack is vulnerable to remote bypass authentication Low
CVE-2015-7576 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
actionpack is vulnerable to denial of service because of a wildcard controller route High
CVE-2015-7581 was published for actionpack (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API