rubygems

954 tracked vulnerabilities.

CVE-2023-31606 HIGH
RedCloth 4.0.0-4.3.2 - Regular Expression Denial of Service in sanitize_html
Jun 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-34103 HIGH
Avo Admin Panel - Stored Cross-Site Scripting
Jun 05, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-34102 HIGH
Avo Rails Admin < 2.33.3 - Polymorphic Field Remote Code Execution
Jun 05, 2023
CVSS 8.3
EPSS 0.08
CVE-2023-30145 CRITICAL
Camaleon CMS < 2.7.0 - Server-Side Template Injection via Formats Parameter
May 26, 2023
CVSS 9.8
EPSS 0.53
CVE-2023-25309 MEDIUM
Fetlife rollout-ui 0.5 - Cross-Site Scripting via Delete Feature URL
May 11, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-30618 LOW
kitchen-terraform 7.0.0 - Sensitive Information Exposure in Log File
Apr 21, 2023
CVSS 3.2
EPSS 0.00
CVE-2023-1892 CRITICAL NUCLEI
Sidekiq 7.0.4-7.0.7 - Reflected Cross-Site Scripting
Apr 21, 2023
CVSS 9.6
EPSS 0.72
CVE-2023-30614 HIGH
pay < 6.3.2 - Reflected Cross-Site Scripting
Apr 19, 2023
CVSS 7.1
EPSS 0.01
CVE-2023-28756 MEDIUM
Ruby Time < 0.2.2 - Inefficient Regular Expression Complexity in Time Parser
Mar 31, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-28755 MEDIUM
URI < 0.10.0, 0.10.0-0.10.1, 0.11.0, 0.12.0 - Inefficient Regular Expression Complexity
Mar 31, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-28846 MEDIUM
unpoly-rails < 2.7.2.2 - Denial of Service via Excessively Long URL Response Header
Mar 30, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-28102 HIGH
discordrb < 3.4.3 - OS Command Injection via Unsafe Shell String Construction
Mar 27, 2023
CVSS 8.3
EPSS 0.01
CVE-2023-27530 HIGH
Rack <2.0.9.3 - Denial of Service via Multipart MIME Parsing
Mar 10, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-22799 HIGH
GlobalID < 1.0.1 - Denial of Service via Inefficient Regular Expression Complexity
Feb 09, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-22797 MEDIUM
Actionpack < 7.0.4.1 - Open Redirect
Feb 09, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-22796 HIGH
Activesupport < 6.1.7.1 - Denial of Service
Feb 09, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-22795 HIGH
Rails < 6.1.7.1 and < 7.0.4.1 - Denial of Service via If-None-Match Header Regex
Feb 09, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-22794 HIGH
ActiveRecord <6.0.6.1, 6.1.7.1, 7.0.4.1 - SQL Injection via Insufficient Comment Sanitization
Feb 09, 2023
CVSS 8.8
EPSS 0.06
CVE-2023-22792 HIGH
Rails 3.0.0-5.2.8.14 and 6.0.0-6.0.6.0 - Denial of Service via Regular Expression Backtracking in Action Dispatch
Feb 09, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-0669 HIGH KEVNUCLEI
Fortra GoAnywhere MFT Unsafe Deserialization RCE
Feb 06, 2023
CVSS 7.2
EPSS 0.94
CVE-2023-25015 MEDIUM
Clockwork Web < 0.1.2 - Cross-Site Request Forgery
Feb 02, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-0569 MEDIUM
GitHub publify/publify <9.2.10 - Info Disclosure
Jan 29, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-23627 MEDIUM
sanitize 5.0.0-6.0.0 - Cross-Site Scripting via Custom Allowlist with noscript Elements
Jan 28, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-0299 CRITICAL
publify/publify <9.2.10 - Info Disclosure
Jan 14, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-22626 HIGH
PgHero < 3.1.0 - Information Disclosure via EXPLAIN Error Message
Jan 05, 2023
CVSS 7.5
EPSS 0.00
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV