Is omniauth-rails_csrf_protection safe to use?

omniauth-rails_csrf_protection has no known vulnerabilities on the latest version (2.0.1). DepScope rates its health at 63/100 (moderate risk).

What is the latest version of omniauth-rails_csrf_protection?

The latest version of omniauth-rails_csrf_protection is 2.0.1, released 2025-12-10.

Does omniauth-rails_csrf_protection have known vulnerabilities?

No known vulnerabilities on the latest version of omniauth-rails_csrf_protection.

Is omniauth-rails_csrf_protection deprecated?

No, omniauth-rails_csrf_protection is actively maintained. Latest release: 2.0.1 (2025-12-10).

What are alternatives to omniauth-rails_csrf_protection?

Popular alternatives to omniauth-rails_csrf_protection in RubyGems include: jmespath, netrc, thread_safe, crass, tzinfo.

What license does omniauth-rails_csrf_protection use?

omniauth-rails_csrf_protection is licensed under MIT.

omniauth-rails_csrf_protection

rubygemsv2.0.1

This gem provides a mitigation against CVE-2015-9284 (Cross-Site Request Forgery on the request phrase when using OmniAuth gem with a Ruby on Rails application) by implementing a CSRF token verifier that directly utilize `ActionController::RequestForgeryProtection` code from Rails.

License MITpermissive8 versions2 deps1,756,872 weekly dl

cookpad/omniauth-rails_csrf_protection

/ 100

Health

use with caution

[email protected] low health (63/100) — consider alternatives

Moderate health score (63/100) — verify manually

Health breakdown0 – 100

15/25

maintenance

17/20

popularity

25/25

security

6/15

maturity

0/15

community

Vulnerabilities

none known

Health History

Dependency Tree

License Audit

Dependencies (2)

actionpack omniauth

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/rubygems/omniauth-rails_csrf_protection