logo

Database

Security

Vulnerabilities

Real-time alerts of vulnerabilities across monitored open-source ecosystems.

Ecosystems covered

2

Npm, RubyGems

Total vulnerabilities tracked

19

From global vulnerability databases

Exclude malware
Package spree

FLAT-FF631 (GHSA-xf4v-w5x5-pv79)

CSV injection In spree

1.3

Low

Ecosystem: RubyGems

Package: spree

FLAT-GBCQE (CVE-2026-25758)

Improper authorization control for web services In spree_api

6.6

Medium

Ecosystem: RubyGems

Package: spree_api

FLAT-1EGC0 (CVE-2026-25757)

Improper authorization control for web services In spree_storefront

6.6

Medium

Ecosystem: RubyGems

Package: spree_storefront

FLAT-FBPRB (CVE-2026-22589)

Improper authorization control for web services In spree_core

7.7

High

Ecosystem: RubyGems

Package: spree_core

FLAT-TCB5T (CVE-2026-22588)

Improper authorization control for web services In spree_api

0.6

Low

Ecosystem: RubyGems

Package: spree_api

FLAT-ZVCWA (MAL-2025-33804)

Use of software with malware In spreebee

5.2

Medium

Ecosystem: Npm

Package: spreebee

FLAT-UC0JU (CVE-2011-10019)

Remote command execution In spree

9.1

Critical

Ecosystem: RubyGems

Package: spree

FLAT-GCSD9 (CVE-2008-7310)

Improper authorization control for web services In spree

2.7

Low

Ecosystem: RubyGems

Package: spree

FLAT-EJQ4Z (CVE-2008-7311)

Sensitive information in source code In spree

1.7

Low

Ecosystem: RubyGems

Package: spree

FLAT-68XPL (CVE-2013-2506)

Authentication mechanism absence or evasion In spree_auth_devise

2.7

Low

Ecosystem: RubyGems

Package: spree_auth_devise

FLAT-E8J4I (CVE-2010-3978)

Business information leak In spree

1.3

Low

Ecosystem: RubyGems

Package: spree

FLAT-UTCLQ (GHSA-gpqc-4pp7-5954)

Cross-site request forgery In spree_auth_devise

0.0

None

Ecosystem: RubyGems

Package: spree_auth_devise

FLAT-E0DPG (GHSA-8xfw-5q82-3652)

Cross-site request forgery In spree_auth_devise

0.0

None

Ecosystem: RubyGems

Package: spree_auth_devise

FLAT-NENDJ (GHSA-6mqr-q86q-6gwr)

Cross-site request forgery In spree_auth_devise

0.0

None

Ecosystem: RubyGems

Package: spree_auth_devise

FLAT-FHGF0 (CVE-2021-41275)

Cross-site request forgery In spree_auth_devise

6.2

Medium

Ecosystem: RubyGems

Package: spree_auth_devise

FLAT-VNH9J (CVE-2020-26223)

Authentication mechanism absence or evasion In spree_api

4.9

Medium

Ecosystem: RubyGems

Package: spree_api

FLAT-WIWS2 (CVE-2020-15269)

Insecure session management In spree

6.9

Medium

Ecosystem: RubyGems

Package: spree

FLAT-X34VT (CVE-2013-1656)

Lack of data validation In spree

1.3

Low

Ecosystem: RubyGems

Package: spree

FLAT-7YMYP (OSVDB-119205)

Sensitive information sent insecurely In spree

0.4

Low

Ecosystem: RubyGems

Package: spree