Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

300 advisories

Loading
Katello SQL Injection vulnerabilities High
CVE-2016-3072 was published for katello (RubyGems) May 14, 2022
RubyGems vulnerable to DNS hijack attack High
CVE-2015-3900 was published for rubygems-update (RubyGems) May 14, 2022
RubyGems Improper Input Validation vulnerability High
CVE-2017-0900 was published for rubygems-update (RubyGems) May 14, 2022
RubyGems Deserialization of Untrusted Data vulnerability High
CVE-2018-1000074 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Logstash Logs Sensitive Information High
CVE-2016-1000221 was published for logstash-core (RubyGems) May 14, 2022
Asciidoctor Infinite Loop vulnerability High
CVE-2018-18385 was published for asciidoctor (RubyGems) May 13, 2022
Insecure Permissions in Phusion Passenger High
CVE-2018-12027 was published for passenger (RubyGems) May 13, 2022
Incorrect Access Control in Phusion Passenger High
CVE-2018-12028 was published for passenger (RubyGems) May 13, 2022
RubyGems Infinite Loop vulnerability High
CVE-2018-1000075 was published for org.jruby:jruby-stdlib (RubyGems) May 13, 2022
RubyGems may allow a maliciously crafted gem to overwrite files High
CVE-2017-0901 was published for rubygems-update (RubyGems) May 13, 2022
RubyGems has Origin Validation Error vulnerability High
CVE-2017-0902 was published for rubygems-update (RubyGems) May 13, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability High
CVE-2017-2667 was published for hammer_cli_foreman (RubyGems) May 13, 2022
Gem in a Box vulnerable to Cross-site Request Forgery High
CVE-2017-14683 was published for geminabox (RubyGems) May 13, 2022
RubyGems Link Following vulnerability High
CVE-2018-1000073 was published for org.jruby:jruby-stdlib (RubyGems) May 13, 2022
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution High
CVE-2015-3649 was published for open-uri-cached (RubyGems) May 13, 2022
mixlib-archive Path Traversal vulnerability High
CVE-2017-1000026 was published for mixlib-archive (RubyGems) May 13, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities High
CVE-2017-16932 was published for nokogiri (RubyGems) May 13, 2022
omniauth-facebook Improper Authentication vulnerability High
CVE-2013-4593 was published for omniauth-facebook (RubyGems) May 5, 2022
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
WEBrick Denial of Service Vulnerability High
CVE-2008-4310 was published for webrick (RubyGems) May 2, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack High
CVE-2012-6685 was published for nokogiri (RubyGems) Apr 23, 2022
jhutchings1
RubyGems passenger gem allows remote attackers to delete files High
CVE-2012-6135 was published for passenger (RubyGems) Apr 23, 2022
jasnow
SQL injection in blazer High
CVE-2022-29498 was published for blazer (RubyGems) Apr 22, 2022
tdunlap607
Denial of Service (DoS) in Nokogiri on JRuby High
GHSA-gx8x-g87m-h5q6 was published for nokogiri (RubyGems) Apr 11, 2022
Out-of-bounds Write in zlib affects Nokogiri High
GHSA-v6gp-9mmm-c6p5 was published for nokogiri (RubyGems) Apr 11, 2022
ProTip! Advisories are also available from the GraphQL API