| Nov | DEC | Jan |
| 07 | ||
| 2019 | 2020 | 2021 |
COLLECTED BY
Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
History is littered with hundreds of conflicts over the future of a community, group, location or business that were "resolved" when one of the parties stepped ahead and destroyed what was there. With the original point of contention destroyed, the debates would fall to the wayside. Archive Team believes that by duplicated condemned data, the conversation and debate can continue, as well as the richness and insight gained by keeping the materials. Our projects have ranged in size from a single volunteer downloading the data to a small-but-critical site, to over 100 volunteers stepping forward to acquire terabytes of user-created data to save for future generations.
The main site for Archive Team is at archiveteam.org and contains up to the date information on various projects, manifestos, plans and walkthroughs.
This collection contains the output of many Archive Team projects, both ongoing and completed. Thanks to the generous providing of disk space by the Internet Archive, multi-terabyte datasets can be made available, as well as in use by the Wayback Machine, providing a path back to lost websites and work.
Our collection has grown to the point of having sub-collections for the type of data we acquire. If you are seeking to browse the contents of these collections, the Wayback Machine is the best first stop. Otherwise, you are free to dig into the stacks to see what you may find.
The Archive Team Panic Downloads are full pulldowns of currently extant websites, meant to serve as emergency backups for needed sites that are in danger of closing, or which will be missed dearly if suddenly lost due to hard drive crashes or server failures.
ArchiveBot is an IRC bot designed to automate the archival of smaller websites (e.g. up to a few hundred thousand URLs). You give it a URL to start at, and it grabs all content under that URL, records it in a WARC, and then uploads that WARC to ArchiveTeam servers for eventual injection into the Internet Archive (or other archive sites).
To use ArchiveBot, drop by #archivebot on EFNet. To interact with ArchiveBot, you issue commands by typing it into the channel. Note you will need channel operator permissions in order to issue archiving jobs. The dashboard shows the sites being downloaded currently.
There is a dashboard running for the archivebot process at http://www.archivebot.com.
ArchiveBot's source code can be found at https://github.com/ArchiveTeam/ArchiveBot.
{{ message }}
A database of vulnerable Ruby Gems
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
The Ruby Advisory Database is a community effort to compile all security advisories that are relevant to Ruby libraries.
You can check your own Gemfile.locks against this database by using bundler-audit.
Do you know about a vulnerability that isn't listed in this database? Open an issue, submit a PR, or use this form which will email the maintainers.
The database is a list of directories that match the names of Ruby libraries on rubygems.org. Within each directory are one or more advisory files for the Ruby library. These advisory files are named using the advisories' CVE identifier number.
gems/:
actionpack/:
CVE-2014-0130.yml CVE-2014-7818.yml CVE-2014-7829.yml CVE-2015-7576.yml
CVE-2015-7581.yml CVE-2016-0751.yml CVE-2016-0752.yml
Each advisory file contains the advisory information in YAML format:
---
gem: examplegem
cve: 2013-0156
date: 2013-05-01
url: https://github.com/rubysec/ruby-advisory-db/issues/123456
title: |
Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing
Remote Code Execution
description: |
Ruby on Rails contains a flaw in params_parser.rb of the Action Pack.
The issue is triggered when a type casting error occurs during the parsing
of parameters. This may allow a remote attacker to potentially execute
arbitrary code.
cvss_v2: 10.0
cvss_v3: 9.8
patched_versions:
- ~> 2.3.15
- ~> 3.0.19
- ~> 3.1.10
- ">= 3.2.11"
unaffected_versions:
- ~> 2.4.3
related:
cve:
- 2013-1234567
- 2013-1234568
url:
- https://github.com/rubysec/ruby-advisory-db/issues/123457
gem [String] (required): Name of the affected gem.framework [String] (optional): Name of the framework which the affected
gem belongs to.platform [String] (optional): If this vulnerability is platform-specific, name of platform this vulnerability affects (e.g. jruby)cve [String] (optional): Common Vulnerabilities and Exposures (CVE) ID.osvdb [Integer] (optional): Open Sourced Vulnerability Database (OSVDB) ID.ghsa [String] (optional): GitHub Security Advisory (GHSA) ID.url [String] (required): The URL to the full advisory.title [String] (required): The title of the advisory or individual vulnerability.date [Date] (required): The public disclosure date of the advisory.description [String] (required): One or more paragraphs describing the vulnerability.cvss_v2 [Float] (optional): The CVSSv2 score for the vulnerability.cvss_v3 [Float] (optional): The CVSSv3 score for the vulnerability.unaffected_versions [Array<String>] (optional): The version requirements for the
unaffected versions of the Ruby library.patched_versions [Array<String>] (optional): The version requirements for the
patched versions of the Ruby library.related [Hash<Array<String>>] (optional): Sometimes an advisory references many urls and other identifiers. Supported keys: cve, ghsa, osvdb, and urlPrior to submitting a pull request, run the tests:
bundle install
bundle exec rspec
There is a script that will create initial yaml files for RubyGem advisories which are in the GitHub Security Advisory API, but are not already in this dataset. This script can be periodically run to ensure this repo has all the data that is present in the GitHub Advisory data.
The GitHub Advisory API requires a token to access it.
To run the GitHub Advisory sync, start by executing the rake task:
GH_API_TOKEN=<your GitHub API Token> bundle exec rake sync_github_advisories
cvss_v3 field by following the CVE link and getting it from pagepatched_versions field, using the comments at the bottom of the fileunaffected_versions, optional, if there are unaffected_versionsPlease see CONTRIBUTORS.md.
This database also includes data from the Open Sourced Vulnerability Database developed by the Open Security Foundation (OSF) and its contributors.
We use essential cookies to perform essential website functions, e.g. they're used to log you in. Learn more
We use analytics cookies to understand how you use our websites so we can make them better, e.g. they're used to gather information about the pages you visit and how many clicks you need to accomplish a task. Learn more