rubygems

965 tracked vulnerabilities.

CVE-2023-27531 MEDIUM
Kredis < 1.3.0.1 - Deserialization of Untrusted Data via JSON Deserialization
Jan 09, 2025
CVSS 5.3
EPSS 0.01
CVE-2023-23913 MEDIUM
Rails-ujs - Cross-Site Scripting
Jan 09, 2025
CVSS 6.3
EPSS 0.01
CVE-2023-46950 MEDIUM
Sidekiq 6.5.8 - Cross-Site Scripting via Filter Function URL Parameter
Mar 01, 2024
CVSS 6.1
EPSS 0.01
CVE-2023-51774 HIGH
json-jwt 1.16.0-1.16.5 - Identity Check Bypass via Sign/Encryption Confusion
Feb 29, 2024
CVSS 8.4
EPSS 0.00
CVE-2023-47634 LOW
Decidim 0.10.0-0.26.8 - Race Condition in Endorsement Feature
Feb 29, 2024
CVSS 3.1
EPSS 0.00
CVE-2023-51447 MEDIUM
Decidim 0.27.0-0.27.4 - Stored Cross-Site Scripting via Dynamic File Upload Filename
Feb 20, 2024
CVSS 6.3
EPSS 0.00
CVE-2023-48220 MEDIUM
Decidim 0.0.1.alpha3-0.26.8 - Use-After-Free via Expired Invitation Acceptance
Feb 20, 2024
CVSS 5.7
EPSS 0.01
CVE-2023-47635 MEDIUM
Decidim 0.23.0-0.27.4 - Server-Side Request Forgery via Questionnaire Templates Preview
Feb 20, 2024
CVSS 4.5
EPSS 0.00
CVE-2023-50448 MEDIUM
ActiveAdmin <2.12.0 - Info Disclosure
Dec 28, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-51763 CRITICAL
ActiveAdmin <3.2.0 - Code Injection
Dec 24, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-50727 MEDIUM
resque < 2.6.0 - Reflected Cross-Site Scripting via Queue Path
Dec 22, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-50725 MEDIUM
resque < 2.2.1 - Reflected Cross-Site Scripting via resque-web Path Parameters
Dec 22, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-50724 MEDIUM
resque < 2.1.0 - Reflected Cross-Site Scripting via current_queue Parameter
Dec 21, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-26154 MEDIUM
PubNub <7.4.0, <6.19.0, <7.3.0, <6.1.0, <5.3.0, <0.4.0 - Path Trave...
Dec 06, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-49090 MEDIUM
CarrierWave < 2.2.5, >=3.0.0 <3.0.5 - Cross-Site Scripting via Content-Type Allowlist Bypass
Nov 29, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-5349 MEDIUM
rmagick < 5.3.0 - Memory Leak Denial of Service
Oct 30, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-5214 MEDIUM
Puppet Bolt < 3.27.4 - Privilege Escalation
Oct 06, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-36465 CRITICAL
Decidim <0.26.8, <0.27.4 - Privilege Escalation
Oct 06, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-26153 HIGH
geokit-rails <2.5.0 - Command Injection
Oct 06, 2023
CVSS 8.3
EPSS 0.03
CVE-2023-26141 HIGH
Sidekiq < 6.5.10 and 7.0.0-7.1.3 - Denial of Service via Dashboard Polling Manipulation
Sep 14, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-4785 HIGH
gRPC 1.23.0-1.53.1 - Denial of Service via TCP Connection Flood
Sep 13, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-40175 HIGH
Puma < 5.6.7 - HTTP Request Smuggling via Chunked Transfer Encoding or Zero-Length Content-Length
Aug 18, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-40165 HIGH
rubygems.org < 2023-08-14 - Unauthenticated Gem Replacement via Insufficient Input Validation
Aug 17, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-33953 HIGH
gRPC < 1.53.2 - Denial of Service via HPACK Parser Memory and CPU Exhaustion
Aug 09, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-38697 MEDIUM
socketry/protocol-http1 < 0.15.1 - HTTP Request Smuggling via Malformed Chunk Encoding
Aug 04, 2023
CVSS 5.8
EPSS 0.01