Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

18 advisories

Loading
Decidim: JWT-backed authentication can be replayed across organizations High
CVE-2026-45414 was published for decidim (RubyGems) Jul 13, 2026
ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351 High
CVE-2026-45363 was published for jwt (RubyGems) May 18, 2026
SnailSploit Credited to SnailSploit, perryn, evansalter, and canderson-activatecare perryn perryn
evansalter evansalter canderson-activatecare canderson-activatecare
sm1ee Credited to sm1ee, ioquatix, and jeremyevans ioquatix ioquatix
jeremyevans jeremyevans
Autolab Misconfigured Reset Password Permissions High
CVE-2024-49376 was published for Autolab (RubyGems) Oct 25, 2024
HenryHuang2004 Credited to HenryHuang2004
Omniauth::MicrosoftGraph Account takeover (nOAuth) High
CVE-2024-21632 was published for omniauth-microsoft_graph (RubyGems) Jan 3, 2024
makuga01 Credited to makuga01
Doorkeeper Improper Authentication vulnerability Moderate
CVE-2023-34246 was published for doorkeeper (RubyGems) Jun 12, 2023
hickford Credited to hickford, rgammans, adam-h, nbudin, and nbulaj rgammans rgammans
adam-h adam-h nbudin nbudin nbulaj nbulaj
WEBrick RCE Vulnerability High
CVE-2017-10784 was published for webrick (RubyGems) May 14, 2022
brent-yearone Credited to brent-yearone, drewblas, leviem1, orien, aramprice, intrigus-lgtm, alagos, longkt90, ChrisBAshton, potsbo, and libussa drewblas drewblas
leviem1 leviem1 orien orien aramprice aramprice intrigus-lgtm intrigus-lgtm alagos alagos longkt90 longkt90 ChrisBAshton ChrisBAshton potsbo potsbo libussa libussa
omniauth-facebook Improper Authentication vulnerability High
CVE-2013-4593 was published for omniauth-facebook (RubyGems) May 5, 2022
Regression in JWT Signature Validation High
CVE-2020-15240 was published for omniauth-auth0 (RubyGems) Nov 3, 2020
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls High
CVE-2020-15269 was published for spree (RubyGems) Oct 20, 2020
Morantron Credited to Morantron
Authentication and extension bypass in Faye High
CVE-2020-11020 was published for faye (RubyGems) Apr 29, 2020
JSON-jwt Gem lacked element count during splitting of JWE string High
CVE-2019-18848 was published for json-jwt (RubyGems) Nov 14, 2019
OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal High
CVE-2017-11430 was published for omniauth-saml (RubyGems) Jul 5, 2019
Ruby-SAML Improper Authentication vulnerability High
CVE-2017-11428 was published for ruby-saml (RubyGems) Jul 5, 2019
smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature Critical
CVE-2018-14643 was published for smart_proxy_dynflow (RubyGems) Oct 8, 2018
rails vulnerable to improper authentication Critical
CVE-2009-2422 was published for rails (RubyGems) Oct 24, 2017
Puppet supports use of IP addresses in certnames without warning of potential risks Low
CVE-2012-3408 was published for puppet (RubyGems) Oct 24, 2017
actionpack Improper Authentication vulnerability Moderate
CVE-2012-3424 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry Credited to ShayAry and levpachmanov levpachmanov levpachmanov
ProTip! Advisories are also available from the GraphQL API