Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

sinatra

Ecosystem:
rubygems
Package URL:
pkg:gem/sinatra
Total PRs:
283 Dependabot PRs
Latest PR:
2 months ago
Unique Repositories:
211 repositories
Unique Repos (30 days):
2 repositories
Security Advisories
Sinatra Cross-site Scripting vulnerability
GHSA-mq35-wqvf-r23c CVE-2018-11627 MODERATE published about 8 years ago • updated 2 months ago
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Sinatra is vulnerable to ReDoS through ETag header value generation
GHSA-mr3q-g2mv-mr4q CVE-2025-61921 LOW published 8 months ago • updated 7 days ago
### Summary There is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` me...
Sinatra Path Traversal vulnerability
GHSA-h29f-7f56-j8wh CVE-2018-7212 MODERATE published over 8 years ago • updated 12 days ago
An issue was discovered in `rack-protection/lib/rack/protection/path_traversal.rb` in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possib...
sinatra does not validate expanded path matches
GHSA-qp49-3pvw-x4m5 CVE-2022-29970 HIGH published about 4 years ago • updated about 2 months ago
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
GHSA-hxx2-7vcw-mqr3 CVE-2024-21510 MODERATE published over 1 year ago • updated 3 days ago
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) hea...
View all 6 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
Bump sinatra from 1.4.5 to 1.4.8

Codename-shaShank/Skin-skeleton #1

1.4.5 → 1.4.8 Patch PR
Open 4 months ago 2 comments
Codename-shaShank
Bump sinatra from 1.4.5 to 1.4.8

Codename-shaShank/Skeleton #3

1.4.5 → 1.4.8 Patch PR
Open 4 months ago 2 comments
Codename-shaShank
Bump sinatra from 3.0.5 to 3.0.6

bcoles/beef #360

3.0.5 → 3.0.6 Patch PR
Closed 9 months ago 2 comments
bcoles
Bump sinatra from 2.2.1 to 2.2.4

dragonchaser/maptool #50

2.2.1 → 2.2.4 Patch PR
Closed 9 months ago
dragonchaser
Update sinatra requirement from ~> 2.2.0 to >= 2.2, < 4.2 in the bundler group across 1 directory

AKJUS/dubai #1

~> 2.2.0 → >= 2.2, < 4.2 Patch PR
Open about 1 year ago
AKJUS
Bump sinatra from 3.0.5 to 3.0.6

djbender/number_gaps #12

3.0.5 → 3.0.6 Patch PR
Open about 3 years ago 1 comment
djbender
Bump sinatra from 2.2.2 to 2.2.3

openaustralia/morph #1320

2.2.2 → 2.2.3 Patch PR
Closed over 3 years ago 1 comment
openaustralia
Bump sinatra from 2.2.0 to 2.2.3

alouiscious/tour-like-bettye-heroku #20

2.2.0 → 2.2.3 Patch PR
Open over 3 years ago
alouiscious
Bump sinatra from 2.2.0 to 2.2.3

assertible/ruby-example #6

2.2.0 → 2.2.3 Patch PR
Merged over 3 years ago
assertible
Bump sinatra from 2.2.0 to 2.2.3

OpportunityEducation/avatar-service #16

2.2.0 → 2.2.3 Patch PR
Closed over 3 years ago 1 comment
OpportunityEducation
Bump sinatra from 2.2.0 to 2.2.3

unl/reservations #65

2.2.0 → 2.2.3 Patch PR
Closed over 3 years ago 2 comments
unl
Bump sinatra from 2.2.0 to 2.2.3

AudTheCodeWitch/ClassReads #15

2.2.0 → 2.2.3 Patch PR
Merged over 3 years ago
AudTheCodeWitch
Bump sinatra from 2.2.0 to 2.2.3

LiamPKenna/definer #13

2.2.0 → 2.2.3 Patch PR
Closed over 3 years ago 1 comment
LiamPKenna
Bump sinatra from 2.2.0 to 2.2.3

m4rcelotoledo/sample_tracking #14

2.2.0 → 2.2.3 Patch PR
Open over 3 years ago 2 comments
m4rcelotoledo
Bump sinatra from 3.0.3 to 3.0.4

Zapata/rockstails #14

3.0.3 → 3.0.4 Patch PR
Closed over 3 years ago 1 comment
Zapata
Bump sinatra from 3.0.2 to 3.0.4

nsxsoft/nsxsoft.github.io #1

3.0.2 → 3.0.4 Patch PR
Closed over 3 years ago 1 comment
nsxsoft
Package Details
Name: sinatra
Ecosystem: rubygems
PURL Type: gem
Package URL: pkg:gem/sinatra
JSON API: View JSON
Security Advisories

6

Active advisories
HIGH 2
MODERATE 3
LOW 1
View All gem Advisories
Package Information
Description:

Sinatra is a DSL for quickly creating web applications in Ruby with minimal effort.

Repository: https://github.com/sinatra/sinatra
Homepage: http://sinatrarb.com/
Latest Release: 4.1.1
over 1 year ago
Dependent Repos: 144,784
Dependent Packages: 3,239
Downloads: 303,945,342
Ranking: Top 0.1043% by dependent repos Top 0.0641% by downloads Top 0.0173% by dependent pkgs
PR Status
Open 122 (43.1%)
Merged 25 (8.8%)
Closed 122 (43.1%)
PR Types
Major 136 (48.1%)
Minor 96 (33.9%)
Patch 16 (5.7%)