Search for packages
| purl | pkg:gem/omniauth@2.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-bd8v-qwce-vye7 |
CVE-2020-36599
GHSA-pm55-qfxr-h247 |
|
| VCID-wgtx-u46z-pbdd | Cross-Site Request Forgery (CSRF) The request phase of the OmniAuth is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. |
CVE-2015-9284
GHSA-ww4x-rwq6-qpgf |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-31T11:23:57.973967+00:00 | GithubOSV Importer | Fixing | VCID-bd8v-qwce-vye7 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-pm55-qfxr-h247/GHSA-pm55-qfxr-h247.json | 38.6.0 |
| 2026-05-31T11:19:36.488100+00:00 | GithubOSV Importer | Fixing | VCID-wgtx-u46z-pbdd | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/05/GHSA-ww4x-rwq6-qpgf/GHSA-ww4x-rwq6-qpgf.json | 38.6.0 |
| 2026-05-31T00:59:49.428036+00:00 | GHSA Importer | Fixing | VCID-bd8v-qwce-vye7 | https://github.com/advisories/GHSA-pm55-qfxr-h247 | 38.6.0 |
| 2026-05-31T00:51:40.288522+00:00 | GHSA Importer | Fixing | VCID-wgtx-u46z-pbdd | https://github.com/advisories/GHSA-ww4x-rwq6-qpgf | 38.6.0 |
| 2026-05-30T20:55:04.035795+00:00 | GitLab Importer | Fixing | VCID-wgtx-u46z-pbdd | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/omniauth/CVE-2015-9284.yml | 38.6.0 |