Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8 advisories

Loading
Active Record contains deserialization of arbitrary YAML Critical
CVE-2013-0277 was published for activerecord (RubyGems) Oct 24, 2017
redis-store deserializes untrusted data Critical
CVE-2017-1000248 was published for redis-store (RubyGems) Dec 6, 2017
Slanger Arbitrary command execution Critical
CVE-2019-1010306 was published for slanger (RubyGems) Jul 16, 2019
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Critical
CVE-2020-8165 was published for activesupport (RubyGems) May 26, 2020
RubyGems vulnerable to Deserialization of Untrusted Data Critical
CVE-2017-0903 was published for rubygems-update (RubyGems) May 13, 2022
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
Active Record RCE bug with Serialized Columns Critical
CVE-2022-32224 was published for activerecord (RubyGems) Jul 12, 2022
geokit-rails Command Injection vulnerability Critical
CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023
ProTip! Advisories are also available from the GraphQL API