Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

885 advisories

Loading
Rails has possible XSS Vulnerability in Action Controller Moderate
CVE-2024-26143 was published for actionpack (RubyGems) Feb 27, 2024
ooooooo-q yoshizawa-masatoshi
postmodern stdedos
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch Low
CVE-2024-26142 was published for actionpack (RubyGems) Feb 27, 2024
SValkanov yoshizawa-masatoshi
postmodern
Rack CORS Middleware has Insecure File Permissions Moderate
CVE-2024-27456 was published for rack-cors (RubyGems) Feb 26, 2024
guiferrpereira joaomarcos96
Cross-site scripting (XSS) in the dynamic file uploads Moderate
CVE-2023-51447 was published for decidim (RubyGems) Feb 20, 2024
ctrgrb ahukkanen
Possibility to circumvent the invitation token expiry period Moderate
CVE-2023-48220 was published for decidim (RubyGems) Feb 20, 2024
ahukkanen ctrgrb
Possible CSRF attack at questionnaire templates preview Moderate
CVE-2023-47635 was published for decidim-templates (RubyGems) Feb 20, 2024
Race condition in Endorsements Low
CVE-2023-47634 was published for decidim (RubyGems) Feb 20, 2024
microstudi alecslupu
andreslucena
XSS sidekiq-unique-jobs UI server vulnerability High
CVE-2024-25122 was published for sidekiq-unique-jobs (RubyGems) Feb 13, 2024
pboling Earlopain
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062 Moderate
GHSA-xc9x-jj77-9p9j was published for nokogiri (RubyGems) Feb 5, 2024
yoshizawa-masatoshi lumaxis
Cross-site scripting (XSS) in Action messages on Avo Moderate
CVE-2024-22411 was published for avo (RubyGems) Jan 17, 2024
stevegeek tamaloa
avo vulnerable to stored cross-site scripting (XSS) in key_value field High
CVE-2024-22191 was published for avo (RubyGems) Jan 16, 2024
Mys7ic FLX-0x00
tamaloa
Devise-Two-Factor vulnerable to brute force attacks Moderate
CVE-2024-0227 was published for devise-two-factor (RubyGems) Jan 12, 2024 withdrawn
bsedat
Puma HTTP Request/Response Smuggling vulnerability Moderate
CVE-2024-21647 was published for puma (RubyGems) Jan 8, 2024
bartekn
view_component Cross-site Scripting vulnerability Moderate
CVE-2024-21636 was published for view_component (RubyGems) Jan 4, 2024
BlakeWilliams camertron
Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High
GHSA-4553-hq82-8654 was published for encoded_id-rails (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability Moderate
GHSA-g47j-3m2m-74qv was published for httparty (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption High
GHSA-c2v4-chx5-vff6 was published for commonmarker (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: Race Condition leading to logging errors Low
GHSA-v444-jggx-6v7f was published for audited (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: govuk_tech_docs vulnerable to unescaped HTML on search results page Low
GHSA-4mvm-xh8j-fv27 was published for govuk_tech_docs (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal Low
GHSA-qwf7-rv77-fcr3 was published for iodine (RubyGems) Jan 4, 2024 withdrawn
Omniauth::MicrosoftGraph Account takeover (nOAuth) High
CVE-2024-21632 was published for omniauth-microsoft_graph (RubyGems) Jan 3, 2024
makuga01
ActiveAdmin CSV Injection leading to sensitive information disclosure Moderate
CVE-2023-51763 was published for activeadmin (RubyGems) Dec 28, 2023
Duplicate Advisory: ActiveAdmin vulnerable to CSV injection High
GHSA-rqxc-9p8h-xqgq was published for activeadmin (RubyGems) Dec 24, 2023 withdrawn
Resque vulnerable to Reflected Cross Site Scripting through pathnames Moderate
CVE-2023-50724 was published for resque (RubyGems) Dec 18, 2023
brianvans 0977732077
Resque vulnerable to reflected XSS in resque-web failed and queues lists Moderate
CVE-2023-50725 was published for resque (RubyGems) Dec 18, 2023
madslundholmdk
ProTip! Advisories are also available from the GraphQL API