Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/omniauth@2.0.0
purl pkg:gem/omniauth@2.0.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-bd8v-qwce-vye7 CVE-2020-36599
GHSA-pm55-qfxr-h247
VCID-wgtx-u46z-pbdd Cross-Site Request Forgery (CSRF) The request phase of the OmniAuth is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. CVE-2015-9284
GHSA-ww4x-rwq6-qpgf

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T07:00:49.799324+00:00 GitLab Importer Fixing VCID-bd8v-qwce-vye7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/omniauth/CVE-2020-36599.yml 38.6.0
2026-05-31T11:23:57.973967+00:00 GithubOSV Importer Fixing VCID-bd8v-qwce-vye7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-pm55-qfxr-h247/GHSA-pm55-qfxr-h247.json 38.6.0
2026-05-31T11:19:36.488100+00:00 GithubOSV Importer Fixing VCID-wgtx-u46z-pbdd https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/05/GHSA-ww4x-rwq6-qpgf/GHSA-ww4x-rwq6-qpgf.json 38.6.0
2026-05-31T00:59:49.428036+00:00 GHSA Importer Fixing VCID-bd8v-qwce-vye7 https://github.com/advisories/GHSA-pm55-qfxr-h247 38.6.0
2026-05-31T00:51:40.288522+00:00 GHSA Importer Fixing VCID-wgtx-u46z-pbdd https://github.com/advisories/GHSA-ww4x-rwq6-qpgf 38.6.0
2026-05-30T20:55:04.035795+00:00 GitLab Importer Fixing VCID-wgtx-u46z-pbdd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/omniauth/CVE-2015-9284.yml 38.6.0