Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
Nokogiri Command Injection Vulnerability Critical
CVE-2019-5477 was published for nokogiri (RubyGems) Aug 19, 2019
tdunlap607
Directory traversal vulnerability in RubyZip Critical
CVE-2017-5946 was published for rubyzip (RubyGems) Oct 24, 2017
tdunlap607
espeak-ruby allows arbitrary command execution Critical
CVE-2016-10193 was published for espeak-ruby (RubyGems) Oct 24, 2017
tdunlap607
mysql-bunuuid-rails vulnerable to SQL injection Critical
CVE-2018-18476 was published for mysql-binuuid-rails (RubyGems) Oct 30, 2018
tdunlap607
Authentication Bypass by CSRF Weakness Critical
GHSA-6mqr-q86q-6gwr was published for spree_auth_devise (RubyGems) Nov 18, 2021
jasnow tdunlap607
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
ProTip! Advisories are also available from the GraphQL API