Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/omniauth@1.0.0
purl pkg:gem/omniauth@1.0.0
Next non-vulnerable version 2.0.0
Latest non-vulnerable version 2.0.0
Risk 4.5
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-gtk5-xfmf-97ag
Aliases:
CVE-2020-36599
GHSA-pm55-qfxr-h247
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
1.9.2
Affected by 1 other vulnerability.
2.0.0
Affected by 0 other vulnerabilities.
VCID-v81q-9689-5uea
Aliases:
CVE-2015-9284
GHSA-ww4x-rwq6-qpgf
OmniAuth Ruby gem Cross-site Request Forgery in request phase
2.0.0
Affected by 0 other vulnerabilities.
VCID-xqas-uqre-buhk
Aliases:
CVE-2017-18076
GHSA-9pr6-grf4-x2fr
security update
1.3.2
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T18:30:01.307918+00:00 GitLab Importer Affected by VCID-gtk5-xfmf-97ag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/omniauth/CVE-2020-36599.yml 38.6.0
2026-06-12T17:10:38.142051+00:00 GitLab Importer Affected by VCID-v81q-9689-5uea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/omniauth/CVE-2015-9284.yml 38.6.0
2026-06-12T16:57:27.844082+00:00 GitLab Importer Affected by VCID-xqas-uqre-buhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/omniauth/CVE-2017-18076.yml 38.6.0