Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
active-support impersonates 'activesupport' gem Critical
CVE-2018-3779 was published for active-support (RubyGems) Aug 13, 2018
festivaltts4r allows arbitrary command execution Critical
CVE-2016-10194 was published for festivaltts4r (RubyGems) Oct 24, 2017
karo Metacharacter Handling Remote Command Execution Critical
CVE-2014-10075 was published for karo (RubyGems) May 14, 2022
jasnow
Echor contains Command Injection High
CVE-2014-1834 was published for echor (RubyGems) May 14, 2022
Use of Insufficiently Random Values in Railties Allows Remote Code Execution Critical
CVE-2019-5420 was published for railties (RubyGems) Mar 13, 2019
Fileutils Command Injection vulnerability High
CVE-2013-2516 was published for fileutils (RubyGems) May 14, 2022
Git-fastclone passes user modifiable strings directly to a shell command Critical
CVE-2015-8969 was published for git-fastclone (RubyGems) Aug 15, 2018
PDFKit vulnerable to Command Injection Critical
CVE-2022-25765 was published for pdfkit (RubyGems) Sep 10, 2022
wonda-tea-coffee kiafaldorius
sfpagent Command Injection vulnerability High
CVE-2014-2888 was published for sfpagent (RubyGems) Oct 24, 2017
colorscore Command Injection vulnerability Critical
CVE-2015-7541 was published for colorscore (RubyGems) Oct 24, 2017
git-fastclone permits arbitrary shell command execution from .gitmodules High
CVE-2015-8968 was published for git-fastclone (RubyGems) Aug 15, 2018
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
geokit-rails Command Injection vulnerability Critical
CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution Critical
CVE-2013-2513 was published for flash_tool (RubyGems) Jan 26, 2023
Puppet Arbitrary Command Execution Moderate
CVE-2012-1988 was published for puppet (RubyGems) May 14, 2022
Command Injection in sequenceserver Critical
CVE-2024-42360 was published for sequenceserver (RubyGems) Aug 13, 2024
drpowell tadast
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
ProTip! Advisories are also available from the GraphQL API