Search for packages
| purl | pkg:gem/spina@2.3.0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-aqr8-bjt2-kqap
Aliases: CVE-2023-3445 GHSA-97wh-6hmj-g8j9 |
Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1. |
Affected by 1 other vulnerability. |
|
VCID-rs7s-mwxh-5ub6
Aliases: CVE-2024-7106 GHSA-wqw3-p83g-r24v |
A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272431. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-13T09:23:26.983615+00:00 | Ruby Importer | Affected by | VCID-aqr8-bjt2-kqap | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spina/CVE-2023-3445.yml | 38.6.0 |
| 2026-06-12T19:35:49.581488+00:00 | GitLab Importer | Affected by | VCID-rs7s-mwxh-5ub6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/spina/CVE-2024-7106.yml | 38.6.0 |
| 2026-06-12T18:58:56.586026+00:00 | GitLab Importer | Affected by | VCID-aqr8-bjt2-kqap | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/spina/CVE-2023-3445.yml | 38.6.0 |