-
**What happened**:
Grype is reporting a (very old) vulnerability in the `webrick` ruby gem despite running a version with the fix:
```
> docker run --rm -it -v /var/run/docker.sock:/var/run/docke…
-
I tried a bundle_audit:update and got:
Updating ruby-advisory-db ...
From https://github.com/rubysec/ruby-advisory-db
* branch master -> FETCH_HEAD
Updating be85e28..614dea0
error…
-
### Used Zammad Version
6.4
### Environment
- Installation method: deb package
- Operating system (if you're unsure: `cat /etc/os-release` ): debian 12
- Database + version: postgresql 15
- Elasti…
-
Show security advisories against insecure versions.
Sources:
- https://github.com/FriendsOfPHP/security-advisories
- https://github.com/rubysec/ruby-advisory-db
- http://www.cvedetails.com
- https://…
-
I opened a ruby-advisory-db issue for the GCM nonce reuse issue in encryptor 2.0.0:
https://github.com/rubysec/ruby-advisory-db/issues/305
The first step is to obtain a CVE. Are you interested i…
-
based on https://github.com/pyupio/safety-db/issues/2262
jayfk updated
3 years ago
-
Sometimes we have multiple IDs combined together into one advisory.
One example of this is `gems/bootstrap/CVE-2018-14040.yml`. The GHSA sync script doesn't understand that CVE-2018-14042 is part o…
-
Just a todo list I figured I should put somewhere more public... Need to add advisories for all these:
ruby_rncryptor / ruby_rncryptor_secured -- https://srcclr.com/security/timing-attacks/ruby/s-193…
-
### vulnerability info
After the default deployment of Fluentd-ui, it is not mandatory to change the password and there is a default password.
```
$ sudo /usr/sbin/td-agent-ui start
Puma 2.9.2 sta…
-
Hi!
I work on the Google [Open Source Vulnerabilities](https://github.com/google/osv) project, and we've been working with the Go security team and other vulnerability database maintainers to try t…