Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

832 advisories

Gitaly Insufficient Session Expiration vulnerability Low
CVE-2020-13353 was published for gitaly (RubyGems) May 24, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party Critical
CVE-2019-17268 was published for omniauth-weibo-oauth2 (RubyGems) May 24, 2022
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
Nokogiri implementation of libxslt vulnerable to heap corruption High
CVE-2019-5815 was published for nokogiri (RubyGems) May 24, 2022
Katello cleartext password storage issue Low
CVE-2019-14825 was published for katello (RubyGems) May 24, 2022
Missing Initialization of Resource in Apache Arrow High
CVE-2019-12410 was published for pyarrow (RubyGems) May 24, 2022
Missing Initialization of Resource in Apache Arrow High
CVE-2019-12408 was published for pyarrow (RubyGems) May 24, 2022
jiajie-chen-havas
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability High
CVE-2019-18197 was published for nokogiri (RubyGems) May 24, 2022
Devise Token Auth vulnerable to Cross-site Scripting Moderate
CVE-2019-16751 was published for devise_token_auth (RubyGems) May 24, 2022
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation High
CVE-2019-7615 was published for elastic-apm (RubyGems) May 24, 2022
libxslt Type Confusion vulnerability that affects Nokogiri High
CVE-2019-13118 was published for nokogiri (RubyGems) May 24, 2022
Uninitialized read in Nokogiri gem High
CVE-2019-13117 was published for nokogiri (RubyGems) May 24, 2022
Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability Moderate
CVE-2019-10226 was published for fat_free_crm (RubyGems) May 24, 2022 withdrawn
steveyken
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
Publify vulnerable to cross site scripting Critical
CVE-2022-1811 was published for publify_core (RubyGems) May 24, 2022
Nokogiri Improperly Handles Unexpected Data Type High
CVE-2022-29181 was published for nokogiri (RubyGems) May 23, 2022
agustingianni
Insecure PRNG use in random_password_generator High
CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022
Integer Overflow or Wraparound in libxml2 affects Nokogiri High
GHSA-cgx6-hpwq-fhv5 was published for nokogiri (RubyGems) May 18, 2022
Publify vulnerable to DoS attack High
CVE-2014-3211 was published for publify_core (RubyGems) May 17, 2022
openshift-origin-node Improper Input Validation vulnerability Moderate
CVE-2014-0084 was published for openshift-origin-node (RubyGems) May 17, 2022
Spree does not properly restrict the use of a hash to provide values for a model's attributes Moderate
CVE-2008-7310 was published for spree (RubyGems) May 17, 2022
Spree uses a hardcoded hash value Moderate
CVE-2008-7311 was published for spree (RubyGems) May 17, 2022
Chef Improper Access Control vulnerability Moderate
CVE-2010-5142 was published for chef (RubyGems) May 17, 2022
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles Moderate
CVE-2013-2506 was published for spree_auth_devise (RubyGems) May 17, 2022
ProTip! Advisories are also available from the GraphQL API