VulnerableCode Package Details - pkg:gem/omniauth@1.9.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/omniauth@1.9.2

Essentials
History (3)

purl	pkg:gem/omniauth@1.9.2

Next non-vulnerable version	2.0.0
Latest non-vulnerable version	2.0.0
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-wgtx-u46z-pbdd Aliases: CVE-2015-9284 GHSA-ww4x-rwq6-qpgf	Cross-Site Request Forgery (CSRF) The request phase of the OmniAuth is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.	2.0.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-bd8v-qwce-vye7		CVE-2020-36599 GHSA-pm55-qfxr-h247

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T11:23:57.937519+00:00	GithubOSV Importer	Fixing	VCID-bd8v-qwce-vye7	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-pm55-qfxr-h247/GHSA-pm55-qfxr-h247.json	38.6.0
2026-05-31T00:59:49.499337+00:00	GHSA Importer	Fixing	VCID-bd8v-qwce-vye7	https://github.com/advisories/GHSA-pm55-qfxr-h247	38.6.0
2026-05-31T00:51:40.282957+00:00	GHSA Importer	Affected by	VCID-wgtx-u46z-pbdd	https://github.com/advisories/GHSA-ww4x-rwq6-qpgf	38.6.0