See the full list of npm packages compromised in the "SHA1-Hulud npm supply chain incident – Nov 2025" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
| VULNERABILITY | AFFECTS | TYPE | PUBLISHED |
|---|---|---|---|
| omniauth-auth0>=2.3.0, <2.4.1 | RubyGems | 23 Oct 2020 |
| spree>=3.7.0, <3.7.11>=4.0.0, <4.0.4>=4.1.0, <4.1.11 | RubyGems | 21 Oct 2020 |
| actionpack>=6.0.0, <6.0.3.4 | RubyGems | 8 Oct 2020 |
| shrine<3.3.0 | RubyGems | 6 Oct 2020 |
| webrick<1.5.1>=1.6.0, <1.6.1 | RubyGems | 29 Sept 2020 |
| oauth<0.5.5 | RubyGems | 25 Sept 2020 |
| gon<6.4.0 | RubyGems | 24 Sept 2020 |
| actionview<5.2.4.4>=6.0.0.0, <6.0.3.3 | RubyGems | 10 Sept 2020 |
| personnummer<3.0.1 | RubyGems | 10 Sept 2020 |
| rubygems-update>=2.7.6, <2.7.9>=3.0.0, <3.0.3 | RubyGems | 19 Aug 2020 |
| rubygems-update>=2.6.0, <2.7.9>=3.0.0, <3.0.2 | RubyGems | 19 Aug 2020 |
| rubygems-update>=2.6.0, <2.7.9>=3.0.0, <3.0.3 | RubyGems | 19 Aug 2020 |
| rubygems-update>=2.6.0, <2.7.9>=3.0.0, <3.0.3 | RubyGems | 18 Aug 2020 |
| chartkick<3.4.0 | RubyGems | 6 Aug 2020 |
| field_test<0.4.0 | RubyGems | 5 Aug 2020 |
| pghero<2.7.0 | RubyGems | 5 Aug 2020 |
| solidus_frontend>=2.8.0, <2.8.6>=2.9.0, <2.9.6>=2.10.0, <2.10.2 | RubyGems | 5 Aug 2020 |
| solidus_api>=2.8.0, <2.8.6>=2.9.0, <2.9.6>=2.10.0, <2.10.2 | RubyGems | 5 Aug 2020 |
| faye-websocket<0.11.0 | RubyGems | 2 Aug 2020 |
| kramdown<2.3.0 | RubyGems | 19 Jul 2020 |
| actionpack>=6.0.0, <6.0.3.2 | RubyGems | 17 Jun 2020 |
| sanitize>=3.0.0, <5.2.1 | RubyGems | 17 Jun 2020 |
| rack<2.1.4>=2.2.0, <2.2.3 | RubyGems | 16 Jun 2020 |
| iodine<0.7.39 | RubyGems | 8 Jun 2020 |
| elastic-app-search<7.7.0 | RubyGems | 4 Jun 2020 |
| agoo<2.14.0 | RubyGems | 3 Jun 2020 |
| goliath>=0.0.0 | RubyGems | 3 Jun 2020 |
| websocket-extensions<0.1.5 | RubyGems | 2 Jun 2020 |
| kaminari<1.2.1 | RubyGems | 29 May 2020 |
| reel>=0.0.0 | RubyGems | 29 May 2020 |