Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

300 advisories

Loading
Dragonfly Code Injection vulnerability High
CVE-2013-1756 was published for dragonfly (RubyGems) Oct 24, 2017
actionpack Improper Input Validation vulnerability High
CVE-2013-0156 was published for actionpack (RubyGems) Oct 24, 2017
crack does not properly restrict casts of string values High
CVE-2013-1800 was published for crack (RubyGems) Oct 24, 2017
Thumbshooter vulnerable to Code Injection High
CVE-2013-1898 was published for thumbshooter (RubyGems) Oct 24, 2017
fastreader Gem for Ruby URI Handling Arbitrary Command Injection High
CVE-2013-2615 was published for fastreader (RubyGems) Oct 24, 2017
extlib does not properly restrict casts of string values High
CVE-2013-1802 was published for extlib (RubyGems) Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection High
CVE-2013-2616 was published for mini_magick (RubyGems) Oct 24, 2017
rgpg Code Injection vulnerability High
CVE-2013-4203 was published for rgpg (RubyGems) Oct 24, 2017
Curl Gem insufficient URL escaping command injection High
CVE-2013-2617 was published for curl (RubyGems) Oct 24, 2017
Improper Input Validation in multi_xml High
CVE-2013-0175 was published for multi_xml (RubyGems) Oct 24, 2017
tdunlap607
JSON gem has Improper Input Validation vulnerability High
CVE-2013-0269 was published for json (RubyGems) Oct 24, 2017
High severity vulnerability that affects thin High
CVE-2009-3287 was published for thin (RubyGems) Oct 24, 2017
High severity vulnerability that affects rails. High
CVE-2006-4112 was published for rails (RubyGems) Oct 24, 2017
Ruby on Rails vulnerable to code injection High
CVE-2006-4111 was published for rails (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2011-2930 was published for activerecord (RubyGems) Oct 24, 2017
actionpack allows remote attackers to bypass intended access restrictions High
CVE-2011-0449 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
activerecord vulnerable to SQL Injection High
CVE-2012-2695 was published for activerecord (RubyGems) Oct 24, 2017
Remote code execution in rwiki High
CVE-2006-2582 was published for rwiki (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2011-0448 was published for activerecord (RubyGems) Oct 24, 2017
tdunlap607
Rails ActiveRecord gem vulnerable to SQL injection High
CVE-2008-4094 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
Mail Gem Improper Input Validation vulnerability High
CVE-2012-2140 was published for mail (RubyGems) Oct 24, 2017
gollum and gollum-lib allow remote authenticated users to execute arbitrary code High
CVE-2014-9489 was published for gollum (RubyGems) Nov 16, 2017
Ox gem crashes due to a crafted input High
CVE-2017-15928 was published for ox (RubyGems) Nov 21, 2017
yajl-ruby gem Denial of Service vulnerability High
CVE-2017-16516 was published for yajl-ruby (RubyGems) Nov 28, 2017
tdunlap607
private_address_check contains Incomplete List of Disallowed Inputs High
CVE-2017-0909 was published for private_address_check (RubyGems) Nov 30, 2017
ProTip! Advisories are also available from the GraphQL API