Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
Active Record contains deserialization of arbitrary YAML Critical
CVE-2013-0277 was published for activerecord (RubyGems) Oct 24, 2017
redis-store deserializes untrusted data Critical
CVE-2017-1000248 was published for redis-store (RubyGems) Dec 6, 2017
Improper Access Control in activejob High
CVE-2018-16476 was published for activejob (RubyGems) Dec 5, 2018
Slanger Arbitrary command execution Critical
CVE-2019-1010306 was published for slanger (RubyGems) Jul 16, 2019
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Critical
CVE-2020-8165 was published for activesupport (RubyGems) May 26, 2020
Possible Strong Parameters Bypass in ActionPack High
CVE-2020-8164 was published for actionpack (RubyGems) May 26, 2020
navhits
RubyGems vulnerable to Deserialization of Untrusted Data Critical
CVE-2017-0903 was published for rubygems-update (RubyGems) May 13, 2022
RubyGems Deserialization of Untrusted Data vulnerability High
CVE-2018-1000074 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module High
CVE-2020-7385 was published for metasploit-framework (RubyGems) May 24, 2022
jasnow
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization High
CVE-2022-31115 was published for opensearch-ruby (RubyGems) Jul 5, 2022
tdunlap607
Active Record RCE bug with Serialized Columns Critical
CVE-2022-32224 was published for activerecord (RubyGems) Jul 12, 2022
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework High
CVE-2023-0669 was published for metasploit-framework (RubyGems) Feb 6, 2023 withdrawn
smcintyre-r7
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability Moderate
CVE-2023-27531 was published for kredis (RubyGems) Jun 9, 2023
geokit-rails Command Injection vulnerability Critical
CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023
RDoc RCE vulnerability with .rdoc_options Low
CVE-2024-27281 was published for rdoc (RubyGems) Mar 25, 2024
ProTip! Advisories are also available from the GraphQL API