Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

300 advisories

Loading
Ruby-saml allows attackers to perform XML signature wrapping attacks High
CVE-2016-5697 was published for ruby-saml (RubyGems) Aug 21, 2018
High severity vulnerability that affects espeak-ruby High
GHSA-w655-w578-99pq was published for espeak-ruby (RubyGems) Aug 21, 2018 withdrawn
Nokogiri subject to DoS via libxml2 vulnerability High
CVE-2015-5312 was published for nokogiri (RubyGems) Aug 21, 2018
High severity vulnerability that affects activerecord High
GHSA-hm48-76wh-q86v was published for activerecord (RubyGems) Aug 21, 2018 withdrawn
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability High
CVE-2015-4619 was published for spina (RubyGems) Aug 28, 2018
Ruby-ffi has a DLL loading issue High
CVE-2018-1000201 was published for ffi (RubyGems) Aug 31, 2018
Denial of service or RCE from libxml2 and libxslt High
CVE-2015-8806 was published for nokogiri (RubyGems) Sep 17, 2018
Jekyll allows attackers to access arbitrary files by specifying a symlink High
CVE-2018-17567 was published for jekyll (RubyGems) Sep 28, 2018
Rack vulnerable to Denial of Service High
CVE-2018-16470 was published for rack (RubyGems) Nov 15, 2018
Improper Access Control in activejob High
CVE-2018-16476 was published for activejob (RubyGems) Dec 5, 2018
Nokogiri NULL Pointer Dereference High
CVE-2018-14404 was published for nokogiri (RubyGems) Jan 17, 2019
High severity vulnerability that affects many_versioned_gem High
GHSA-hhxm-4f85-rgr8 was published for many_versioned_gem (RubyGems) Feb 5, 2019 withdrawn
Denial of Service Vulnerability in Action View High
CVE-2019-5419 was published for actionview (RubyGems) Mar 13, 2019
Path Traversal in Action View High
CVE-2019-5418 was published for actionview (RubyGems) Mar 13, 2019
Improper Certificate Validation in chloride High
CVE-2018-6517 was published for chloride (RubyGems) Mar 25, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase High
CVE-2015-9284 was published for omniauth (RubyGems) May 29, 2019
G-Rath eugeneius
RubyGems Escape sequence injection vulnerability in api response handling High
CVE-2019-8323 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in gem owner High
CVE-2019-8322 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in verbose High
CVE-2019-8321 was published for rubygems-update (RubyGems) Jun 20, 2019
Code injection in RubyGems High
CVE-2019-8324 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection in errors High
CVE-2019-8325 was published for rubygems-update (RubyGems) Jun 20, 2019
Path Traversal vulnerability that affects yard High
CVE-2019-1020001 was published for yard (RubyGems) Jul 2, 2019
Ruby-SAML Improper Authentication vulnerability High
CVE-2017-11428 was published for ruby-saml (RubyGems) Jul 5, 2019
OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal High
CVE-2017-11430 was published for omniauth-saml (RubyGems) Jul 5, 2019
ProTip! Advisories are also available from the GraphQL API