Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

61 advisories

Loading
actionpack is vulnerable to remote bypass authentication Low
CVE-2015-7576 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor Low
CVE-2014-1234 was published for paratrooper-newrelic (RubyGems) Oct 24, 2017
rest-client allows local users to obtain sensitive information by reading the log Low
CVE-2015-3448 was published for rest-client (RubyGems) Oct 24, 2017
Local API Login Credentials Disclosure in paratrooper-pingdom Low
CVE-2014-1233 was published for paratrooper-pingdom (RubyGems) Oct 24, 2017
Puppet vulnerable to Path Traversal Low
CVE-2012-3865 was published for puppet (RubyGems) Oct 24, 2017
Puppet allows local users to obtain sensitive configuration information Low
CVE-2012-3866 was published for puppet (RubyGems) Oct 24, 2017
Puppet supports use of IP addresses in certnames without warning of potential risks Low
CVE-2012-3408 was published for puppet (RubyGems) Oct 24, 2017
Puppet allows local users to overwrite arbitrary files via a symlink attack Low
CVE-2012-1989 was published for puppet (RubyGems) Oct 24, 2017
sqlite3-ruby uses weak permissions for unspecified files, which allows local users to gain privileges Low
CVE-2011-0995 was published for sqlite3-ruby (RubyGems) Oct 24, 2017
RuboCop gem Insecure use of /tmp Low
CVE-2017-8418 was published for rubocop (RubyGems) Nov 15, 2017
tdunlap607
Low severity vulnerability that affects sensu Low
CVE-2018-1000060 was published for sensu (RubyGems) Jul 23, 2018 withdrawn
ember-source Cross-site Scripting vulnerability Low
CVE-2014-0046 was published for ember-source (RubyGems) Aug 28, 2018
tdunlap607
Phusion Passenger allows remote attackers to spoof headers Low
CVE-2015-7519 was published for passenger (RubyGems) Oct 10, 2018
Insecure use of temporary files in passenger Low
CVE-2014-1831 was published for passenger (RubyGems) Oct 10, 2018
Insecure use of temporary files in Phusion passenger Low
CVE-2014-1832 was published for passenger (RubyGems) Oct 10, 2018
Malicious URL drafting attack against iodines static file server may allow path traversal Low
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
personnummer/ruby vulnerable to Improper Input Validation Low
GHSA-vp9c-fpxx-744v was published for personnummer (RubyGems) Sep 23, 2020
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling Low
CVE-2021-41136 was published for puma (RubyGems) Oct 12, 2021
asta12 mattiasgrenfeldt
Puppet arbitrary files overwrite via a symlink attack Low
CVE-2010-0156 was published for puppet (RubyGems) May 2, 2022
Puppet Denial of Service and Arbitrary File Write Low
CVE-2012-1987 was published for puppet (RubyGems) May 14, 2022
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata Low
CVE-2015-1426 was published for facter (RubyGems) May 14, 2022
Katello cleartext password storage issue Low
CVE-2019-14825 was published for katello (RubyGems) May 24, 2022
Gitaly Insufficient Session Expiration vulnerability Low
CVE-2020-13353 was published for gitaly (RubyGems) May 24, 2022
ProTip! Advisories are also available from the GraphQL API