rubygems
965 tracked vulnerabilities.
CVE-2023-27531
MEDIUM
Kredis < 1.3.0.1 - Deserialization of Untrusted Data via JSON Deserialization
Jan 09, 2025
CVSS 5.3
EPSS 0.01
CVE-2023-23913
MEDIUM
Rails-ujs - Cross-Site Scripting
Jan 09, 2025
CVSS 6.3
EPSS 0.01
CVE-2023-46950
MEDIUM
Sidekiq 6.5.8 - Cross-Site Scripting via Filter Function URL Parameter
Mar 01, 2024
CVSS 6.1
EPSS 0.01
CVE-2023-51774
HIGH
json-jwt 1.16.0-1.16.5 - Identity Check Bypass via Sign/Encryption Confusion
Feb 29, 2024
CVSS 8.4
EPSS 0.00
CVE-2023-47634
LOW
Decidim 0.10.0-0.26.8 - Race Condition in Endorsement Feature
Feb 29, 2024
CVSS 3.1
EPSS 0.00
CVE-2023-51447
MEDIUM
Decidim 0.27.0-0.27.4 - Stored Cross-Site Scripting via Dynamic File Upload Filename
Feb 20, 2024
CVSS 6.3
EPSS 0.00
CVE-2023-48220
MEDIUM
Decidim 0.0.1.alpha3-0.26.8 - Use-After-Free via Expired Invitation Acceptance
Feb 20, 2024
CVSS 5.7
EPSS 0.01
CVE-2023-47635
MEDIUM
Decidim 0.23.0-0.27.4 - Server-Side Request Forgery via Questionnaire Templates Preview
Feb 20, 2024
CVSS 4.5
EPSS 0.00
CVE-2023-50448
MEDIUM
ActiveAdmin <2.12.0 - Info Disclosure
Dec 28, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-51763
CRITICAL
ActiveAdmin <3.2.0 - Code Injection
Dec 24, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-50727
MEDIUM
resque < 2.6.0 - Reflected Cross-Site Scripting via Queue Path
Dec 22, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-50725
MEDIUM
resque < 2.2.1 - Reflected Cross-Site Scripting via resque-web Path Parameters
Dec 22, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-50724
MEDIUM
resque < 2.1.0 - Reflected Cross-Site Scripting via current_queue Parameter
Dec 21, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-26154
MEDIUM
PubNub <7.4.0, <6.19.0, <7.3.0, <6.1.0, <5.3.0, <0.4.0 - Path Trave...
Dec 06, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-49090
MEDIUM
CarrierWave < 2.2.5, >=3.0.0 <3.0.5 - Cross-Site Scripting via Content-Type Allowlist Bypass
Nov 29, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-5349
MEDIUM
rmagick < 5.3.0 - Memory Leak Denial of Service
Oct 30, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-5214
MEDIUM
Puppet Bolt < 3.27.4 - Privilege Escalation
Oct 06, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-36465
CRITICAL
Decidim <0.26.8, <0.27.4 - Privilege Escalation
Oct 06, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-26153
HIGH
geokit-rails <2.5.0 - Command Injection
Oct 06, 2023
CVSS 8.3
EPSS 0.03
CVE-2023-26141
HIGH
Sidekiq < 6.5.10 and 7.0.0-7.1.3 - Denial of Service via Dashboard Polling Manipulation
Sep 14, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-4785
HIGH
gRPC 1.23.0-1.53.1 - Denial of Service via TCP Connection Flood
Sep 13, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-40175
HIGH
Puma < 5.6.7 - HTTP Request Smuggling via Chunked Transfer Encoding or Zero-Length Content-Length
Aug 18, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-40165
HIGH
rubygems.org < 2023-08-14 - Unauthenticated Gem Replacement via Insufficient Input Validation
Aug 17, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-33953
HIGH
gRPC < 1.53.2 - Denial of Service via HPACK Parser Memory and CPU Exhaustion
Aug 09, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-38697
MEDIUM
socketry/protocol-http1 < 0.15.1 - HTTP Request Smuggling via Malformed Chunk Encoding
Aug 04, 2023
CVSS 5.8
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters