Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

885 advisories

Loading
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length Moderate
CVE-2024-8796 was published for devise-two-factor (RubyGems) Sep 17, 2024
syntacticNaCl mark-adams
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor Moderate
CVE-2024-39910 was published for decidim (RubyGems) Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log Moderate
CVE-2024-32034 was published for decidim-admin (RubyGems) Sep 16, 2024
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature Critical
GHSA-cvp8-5r8g-fhvq was published for omniauth-saml (RubyGems) Sep 11, 2024
ahacker1-securesaml suprnova32
rajiv bufferoverflow
SAML authentication bypass via Incorrect XPath selector Critical
CVE-2024-45409 was published for ruby-saml (RubyGems) Sep 10, 2024
ahacker1-securesaml
request_store has Incorrect Default Permissions Moderate
CVE-2024-43791 was published for request_store (RubyGems) Aug 23, 2024
G-Rath
REXML denial of service vulnerability High
CVE-2024-43398 was published for rexml (RubyGems) Aug 22, 2024
fugit parse and parse_nat stall on lengthy input Moderate
CVE-2024-43380 was published for fugit (RubyGems) Aug 19, 2024
personnumber3377 bensheldon
Command Injection in sequenceserver Critical
CVE-2024-42360 was published for sequenceserver (RubyGems) Aug 13, 2024
drpowell tadast
REXML DoS vulnerability Moderate
CVE-2024-41946 was published for rexml (RubyGems) Aug 2, 2024
naitoh
REXML DoS vulnerability Moderate
CVE-2024-41123 was published for rexml (RubyGems) Aug 1, 2024
Cross-Site Request Forgery in Spina Moderate
CVE-2024-7106 was published for spina (RubyGems) Jul 25, 2024
REXML denial of service vulnerability Moderate
CVE-2024-39908 was published for rexml (RubyGems) Jul 16, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024
metametadata
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024
alexeyNeklesa-idt metametadata
Decidim cross-site scripting (XSS) in the admin panel Moderate
CVE-2024-27095 was published for decidim-admin (RubyGems) Jul 10, 2024
Decidim cross-site scripting (XSS) in the pagination Moderate
CVE-2024-32469 was published for decidim (RubyGems) Jul 10, 2024
PatrickHimler
Decidim vulnerable to data disclosure through the embed feature Moderate
CVE-2024-27090 was published for decidim (RubyGems) Jul 10, 2024
RailsAdmin Cross-site Scripting vulnerability in the list view Moderate
CVE-2024-39308 was published for rails_admin (RubyGems) Jul 8, 2024
mshibuya
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing Moderate
CVE-2024-39316 was published for rack (RubyGems) Jul 3, 2024
dwisiswant0
Missing security headers in Action Pack on non-HTML responses Moderate
CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024
shinkbr
ActionText ContentAttachment can Contain Unsanitized HTML Moderate
CVE-2024-32464 was published for actiontext (RubyGems) Jun 4, 2024
ooooooo-q
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends High
CVE-2024-37031 was published for activeadmin (RubyGems) Jun 2, 2024
aoprea1982
ProTip! Advisories are also available from the GraphQL API