OSV - Open Source Vulnerabilities

GHSA-735f-pc8j-v9w8

Maven/com.google.protobuf:protobuf-java
Maven/com.google.protobuf:protobuf-javalite
Maven/com.google.protobuf:protobuf-kotlin
Maven/com.google.protobuf:protobuf-kotlin-lite
RubyGems/google-protobuf

protobuf-java has potential Denial of Service issue

5 hours ago

Fix available
Severity - 8.7 (High)

GHSA-7x4w-cj9r-h4v9

RubyGems/camaleon_cms

Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

yesterday

Fix available
Severity - 8.6 (High)

GHSA-r9cr-qmfw-pmrc

RubyGems/camaleon_cms

Camaleon CMS allows stored XSS through user file upload (GHSL-2024-184)

yesterday

Fix available
Severity - 4.8 (Medium)

GHSA-cp65-5m9r-vc2c

RubyGems/camaleon_cms

Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)

yesterday

Fix available
Severity - 7.1 (High)

GHSA-wmjg-vqhv-q5p5

RubyGems/camaleon_cms

Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)

yesterday

Fix available
Severity - 8.7 (High)

GHSA-qjxf-mc72-wjr2

RubyGems/devise-two-factor

Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length

yesterday

Fix available
Severity - 6.0 (Medium)

GHSA-vvqw-fqwx-mqmm

RubyGems/decidim

Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor

3 days ago

Fix available
Severity - 5.9 (Medium)

GHSA-rx9f-5ggv-5rh6

RubyGems/decidim-admin

Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log

3 days ago

Fix available
Severity - 6.0 (Medium)

GHSA-cvp8-5r8g-fhvq

RubyGems/omniauth-saml

omniauth-saml vulnerable to Improper Verification of Cryptographic Signature

11 Sep

Fix available
Severity - 9.9 (Critical)

GHSA-jw9c-mfg7-9rx2

RubyGems/ruby-saml

SAML authentication bypass via Incorrect XPath selector

10 Sep

Fix available
Severity - 9.9 (Critical)

GHSA-frp2-5qfc-7r8m

RubyGems/request_store

request_store has Incorrect Default Permissions

23 Aug

Fix available
Severity - 5.9 (Medium)

GHSA-vmwr-mc7x-5vc3

RubyGems/rexml

REXML denial of service vulnerability

22 Aug

Fix available
Severity - 8.2 (High)

GHSA-2m96-52r3-2f3g

RubyGems/fugit

fugit parse and parse_nat stall on lengthy input

19 Aug

Fix available
Severity - 5.3 (Medium)

GHSA-qv32-5wm2-p32h

RubyGems/sequenceserver

Command Injection in sequenceserver

13 Aug

Fix available
Severity - 9.3 (Critical)

GHSA-5866-49gr-22v4

RubyGems/rexml

REXML DoS vulnerability

02 Aug

Fix available
Severity - 6.9 (Medium)

GHSA-r55c-59qm-vjw6

RubyGems/rexml

REXML DoS vulnerability

01 Aug

Fix available
Severity - 6.9 (Medium)