Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

885 advisories

Loading
actionpack allows remote code execution via application's unrestricted use of render method High
CVE-2016-2098 was published for actionpack (RubyGems) Oct 24, 2017
ActiveRecord in Ruby on Rails allows database-query bypass High
CVE-2016-6317 was published for activerecord (RubyGems) Oct 24, 2017
OpenSSL gem for Ruby using inadequate encryption strength High
CVE-2016-7798 was published for openssl (RubyGems) Oct 24, 2017
actionview Cross-site Scripting vulnerability Moderate
CVE-2016-6316 was published for actionview (RubyGems) Oct 24, 2017
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText Moderate
CVE-2016-7103 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
actionview contains Path Traversal vulnerability Moderate
CVE-2016-2097 was published for actionpack (RubyGems) Oct 24, 2017
actionpack is vulnerable to denial of service via a crafted HTTP Accept header High
CVE-2016-0751 was published for actionpack (RubyGems) Oct 24, 2017
Doorkeeper is vulnerable to replay attacks Critical
CVE-2016-6582 was published for doorkeeper (RubyGems) Oct 24, 2017
rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects Moderate
CVE-2016-4442 was published for rack-mini-profiler (RubyGems) Oct 24, 2017
activemodel contains Improper Input Validation Moderate
CVE-2016-0753 was published for activemodel (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API