Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/doorkeeper@1.3.0
purl pkg:gem/doorkeeper@1.3.0
Next non-vulnerable version 5.6.6
Latest non-vulnerable version 5.6.6
Risk 4.5
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-4hfe-zz1b-pbcz
Aliases:
CVE-2023-34246
GHSA-7w2c-w47h-789w
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.
5.6.6
Affected by 0 other vulnerabilities.
VCID-73js-ake8-6bh5
Aliases:
CVE-2014-8144
GHSA-685w-vc84-wxcx
OSV-116010
Doorkeeper vulnerable to Cross-site Request Forgery
1.4.1
Affected by 7 other vulnerabilities.
2.0.0
Affected by 7 other vulnerabilities.
VCID-8we8-5rwq-mkew
Aliases:
CVE-2018-1000211
GHSA-694m-jhr9-pf77
Doorkeeper subject to Incorrect Permission Assignment
4.2.5
Affected by 3 other vulnerabilities.
4.4.0
Affected by 2 other vulnerabilities.
VCID-eszr-kaxs-uub2
Aliases:
OSVDB-118830
Sensitive information in production logs The program stores sensitive information in production logs. This may allow a local attacker to gain access to sensitive information.
1.4.2
Affected by 5 other vulnerabilities.
2.1.2
Affected by 5 other vulnerabilities.
VCID-kwt1-5aw9-a7eu
Aliases:
CVE-2020-10187
GHSA-j7vx-8mqj-cqp9
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper
5.0.3
Affected by 1 other vulnerability.
5.1.0.rc1
Affected by 2 other vulnerabilities.
5.1.1
Affected by 1 other vulnerability.
5.2.0.rc1
Affected by 2 other vulnerabilities.
5.2.5
Affected by 1 other vulnerability.
5.3.2
Affected by 1 other vulnerability.
5.4.0.rc1
Affected by 2 other vulnerabilities.
VCID-ky7t-t1vu-tyhe
Aliases:
CVE-2016-6582
GHSA-3m6r-39p3-jq25
Doorkeeper is vulnerable to replay attacks
4.2.0
Affected by 4 other vulnerabilities.
VCID-nk9e-4h39-hbh2
Aliases:
CVE-2018-1000088
GHSA-hwhh-2fwm-cfgw
Doorkeeper is vulnerable to stored XSS and code execution
4.2.6
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T09:20:40.827198+00:00 Ruby Importer Affected by VCID-kwt1-5aw9-a7eu https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2020-10187.yml 38.6.0
2026-06-13T09:20:10.619654+00:00 Ruby Importer Affected by VCID-nk9e-4h39-hbh2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2018-1000088.yml 38.6.0
2026-06-13T09:18:19.049010+00:00 Ruby Importer Affected by VCID-73js-ake8-6bh5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2014-8144.yml 38.6.0
2026-06-12T18:57:00.878940+00:00 GitLab Importer Affected by VCID-4hfe-zz1b-pbcz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/doorkeeper/CVE-2023-34246.yml 38.6.0
2026-06-12T17:03:50.881445+00:00 GitLab Importer Affected by VCID-73js-ake8-6bh5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/doorkeeper/CVE-2014-8144.yml 38.6.0
2026-06-12T17:02:23.226676+00:00 GitLab Importer Affected by VCID-8we8-5rwq-mkew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/doorkeeper/CVE-2018-1000211.yml 38.6.0
2026-06-12T16:52:18.982535+00:00 GitLab Importer Affected by VCID-ky7t-t1vu-tyhe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/doorkeeper/CVE-2016-6582.yml 38.6.0
2026-06-12T16:48:12.092557+00:00 GitLab Importer Affected by VCID-eszr-kaxs-uub2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/doorkeeper/OSVDB-118830.yml 38.6.0