Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

11 advisories

Loading
active-support impersonates 'activesupport' gem Critical
CVE-2018-3779 was published for active-support (RubyGems) Aug 13, 2018
festivaltts4r allows arbitrary command execution Critical
CVE-2016-10194 was published for festivaltts4r (RubyGems) Oct 24, 2017
karo Metacharacter Handling Remote Command Execution Critical
CVE-2014-10075 was published for karo (RubyGems) May 14, 2022
jasnow
Use of Insufficiently Random Values in Railties Allows Remote Code Execution Critical
CVE-2019-5420 was published for railties (RubyGems) Mar 13, 2019
Git-fastclone passes user modifiable strings directly to a shell command Critical
CVE-2015-8969 was published for git-fastclone (RubyGems) Aug 15, 2018
PDFKit vulnerable to Command Injection Critical
CVE-2022-25765 was published for pdfkit (RubyGems) Sep 10, 2022
wonda-tea-coffee kiafaldorius
colorscore Command Injection vulnerability Critical
CVE-2015-7541 was published for colorscore (RubyGems) Oct 24, 2017
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
geokit-rails Command Injection vulnerability Critical
CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution Critical
CVE-2013-2513 was published for flash_tool (RubyGems) Jan 26, 2023
Command Injection in sequenceserver Critical
CVE-2024-42360 was published for sequenceserver (RubyGems) Aug 13, 2024
drpowell tadast
ProTip! Advisories are also available from the GraphQL API