The Ruby Advisory Database is a community effort to compile all security advisories that are relevant to Ruby libraries. You can check your own Gemfile.locks against this database by using bundler-audit. Support Ruby security! Do you know about a vulnerability that isn't listed in this database? Open an issue or submit a PR. Directory Structure: The database is a list of directories that match the names of Ruby libraries on rubygems.org. Within each directory are one or more advisory files for the Ruby library. These advisory files are named using the advisories' CVE identifier number. - gems/ - actionpack/ - CVE-2014-0130.yml - CVE-2014-7818.yml - CVE-2014-7829.yml - CVE-2015-7576.yml - CVE-2015-7581.yml - CVE-2016-0751.yml - CVE-2016-0752.yml - rubies/ - jruby/ ... - mruby/ ... - ruby/ ... - gems/ The gems/ directory contains sub-directories that match the names of the Ruby libraries on rubygems.org. Within each directory are one or more advisory files for the Ruby library. These advisory files are named using the advisories' CVE or GHSA ID. - rubies/ The rubies/ directory contains sub-directories for each Ruby implementation. Within each directory are one or more advisory files for the Ruby library.
FEATURES
ALTERNATIVES
A wargame composed of 27 levels, with files needed in /vortex/ directory.
Linux Exploit Suggester; suggests possible exploits based on the Linux operating system release number.
Automate software supply chain security by blocking malicious open source components
A list of vulnerable applications for testing and learning
A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.
A tool to find and search for registered CVEs, creating a local CVE database for offline use.
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
Simple script to check a domain's email protections and identify vulnerabilities.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.