rubygems

954 tracked vulnerabilities.

CVE-2023-50725 MEDIUM
resque < 2.2.1 - Reflected Cross-Site Scripting via resque-web Path Parameters
Dec 22, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-50724 MEDIUM
resque < 2.1.0 - Reflected Cross-Site Scripting via current_queue Parameter
Dec 21, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-26154 MEDIUM
PubNub <7.4.0, <6.19.0, <7.3.0, <6.1.0, <5.3.0, <0.4.0 - Path Trave...
Dec 06, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-49090 MEDIUM
CarrierWave < 2.2.5, >=3.0.0 <3.0.5 - Cross-Site Scripting via Content-Type Allowlist Bypass
Nov 29, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-5349 MEDIUM
rmagick < 5.3.0 - Memory Leak Denial of Service
Oct 30, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-5214 MEDIUM
Puppet Bolt < 3.27.4 - Privilege Escalation
Oct 06, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-36465 CRITICAL
Decidim <0.26.8, <0.27.4 - Privilege Escalation
Oct 06, 2023
CVSS 9.1
EPSS 0.00
CVE-2023-26153 HIGH
geokit-rails <2.5.0 - Command Injection
Oct 06, 2023
CVSS 8.3
EPSS 0.00
CVE-2023-26141 HIGH
Sidekiq < 6.5.10 and 7.0.0-7.1.3 - Denial of Service via Dashboard Polling Manipulation
Sep 14, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-4785 HIGH
gRPC 1.23.0-1.53.1 - Denial of Service via TCP Connection Flood
Sep 13, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-40175 HIGH
Puma < 5.6.7 - HTTP Request Smuggling via Chunked Transfer Encoding or Zero-Length Content-Length
Aug 18, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-40165 HIGH
rubygems.org < 2023-08-14 - Unauthenticated Gem Replacement via Insufficient Input Validation
Aug 17, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-33953 HIGH
gRPC < 1.53.2 - Denial of Service via HPACK Parser Memory and CPU Exhaustion
Aug 09, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-38697 MEDIUM
socketry/protocol-http1 < 0.15.1 - HTTP Request Smuggling via Malformed Chunk Encoding
Aug 04, 2023
CVSS 5.8
EPSS 0.00
CVE-2023-38337 HIGH
rswag < 2.10.1 - Path Traversal and Arbitrary File Read via API Specification Endpoint
Jul 14, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-34090 HIGH
Decidim < 0.27.3 - Unauthenticated Sensitive Data Disclosure via Ransack Filtering
Jul 11, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-34089 HIGH
decidim < 0.26.7 - Cross-Site Scripting via Processes Filter Feature
Jul 11, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-32693 HIGH
decidim < 0.26.7 and 0.27.0-0.27.3 - Cross-Site Scripting via External Link Feature
Jul 11, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-36823 HIGH
sanitize 3.0.0-6.0.1 - Cross-Site Scripting via Style Element CSS At-Rule Handling
Jul 06, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-36617 MEDIUM
URI < 0.10.3 - Inefficient Regular Expression Complexity in RFC Parser
Jun 29, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-3445 MEDIUM
Spina < 2.15.1 - Stored Cross-Site Scripting
Jun 28, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-34246 MEDIUM
Doorkeeper < 5.6.6 - Improper Authentication via Public Client Auto-Approval
Jun 12, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-32732 MEDIUM
gRPC < 1.53.0 - Denial of Service via Base64 Encoding Error in -bin Headers
Jun 09, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-32731 HIGH
gRPC 1.53.0-1.54.3 - HPACK Table Desynchronization via Header Size Exceeded Error
Jun 09, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-1428 HIGH
grpc 1.51.0-1.52.4 - Reachable Assertion via Malformed HTTP/2 Headers
Jun 09, 2023
CVSS 7.5
EPSS 0.00
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV