rubygems

965 tracked vulnerabilities.

CVE-2023-38337 HIGH
rswag < 2.10.1 - Path Traversal and Arbitrary File Read via API Specification Endpoint
Jul 14, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-34090 HIGH
Decidim < 0.27.3 - Unauthenticated Sensitive Data Disclosure via Ransack Filtering
Jul 11, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-34089 HIGH
decidim < 0.26.7 - Cross-Site Scripting via Processes Filter Feature
Jul 11, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-32693 HIGH
decidim < 0.26.7 and 0.27.0-0.27.3 - Cross-Site Scripting via External Link Feature
Jul 11, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-36823 HIGH
sanitize 3.0.0-6.0.1 - Cross-Site Scripting via Style Element CSS At-Rule Handling
Jul 06, 2023
CVSS 7.1
EPSS 0.01
CVE-2023-36617 MEDIUM
URI < 0.10.3 - Inefficient Regular Expression Complexity in RFC Parser
Jun 29, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-3445 MEDIUM
Spina < 2.15.1 - Stored Cross-Site Scripting
Jun 28, 2023
CVSS 4.8
EPSS 0.01
CVE-2023-34246 MEDIUM
Doorkeeper < 5.6.6 - Improper Authentication via Public Client Auto-Approval
Jun 12, 2023
CVSS 4.2
EPSS 0.01
CVE-2023-32732 MEDIUM
gRPC < 1.53.0 - Denial of Service via Base64 Encoding Error in -bin Headers
Jun 09, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-32731 HIGH
gRPC 1.53.0-1.54.3 - HPACK Table Desynchronization via Header Size Exceeded Error
Jun 09, 2023
CVSS 7.4
EPSS 0.01
CVE-2023-1428 HIGH
grpc 1.51.0-1.52.4 - Reachable Assertion via Malformed HTTP/2 Headers
Jun 09, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-31606 HIGH
RedCloth 4.0.0-4.3.2 - Regular Expression Denial of Service in sanitize_html
Jun 06, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-34103 HIGH
Avo Admin Panel - Stored Cross-Site Scripting
Jun 05, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-34102 HIGH
Avo Rails Admin < 2.33.3 - Polymorphic Field Remote Code Execution
Jun 05, 2023
CVSS 8.3
EPSS 0.02
CVE-2023-30145 CRITICAL
Camaleon CMS < 2.7.0 - Server-Side Template Injection via Formats Parameter
May 26, 2023
CVSS 9.8
EPSS 0.46
CVE-2023-25309 MEDIUM
Fetlife rollout-ui 0.5 - Cross-Site Scripting via Delete Feature URL
May 11, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-30618 LOW
kitchen-terraform 7.0.0 - Sensitive Information Exposure in Log File
Apr 21, 2023
CVSS 3.2
EPSS 0.00
CVE-2023-1892 CRITICAL NUCLEI
Sidekiq 7.0.4-7.0.7 - Reflected Cross-Site Scripting
Apr 21, 2023
CVSS 9.6
EPSS 0.03
CVE-2023-30614 HIGH
pay < 6.3.2 - Reflected Cross-Site Scripting
Apr 19, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-28756 MEDIUM
Ruby Time < 0.2.2 - Inefficient Regular Expression Complexity in Time Parser
Mar 31, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-28755 MEDIUM
URI < 0.10.0, 0.10.0-0.10.1, 0.11.0, 0.12.0 - Inefficient Regular Expression Complexity
Mar 31, 2023
CVSS 5.3
EPSS 0.03
CVE-2023-28846 MEDIUM
unpoly-rails < 2.7.2.2 - Denial of Service via Excessively Long URL Response Header
Mar 30, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-28102 HIGH
discordrb < 3.4.3 - OS Command Injection via Unsafe Shell String Construction
Mar 27, 2023
CVSS 8.3
EPSS 0.03
CVE-2023-27530 HIGH
Rack <2.0.9.3 - Denial of Service via Multipart MIME Parsing
Mar 10, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-22799 HIGH
GlobalID < 1.0.1 - Denial of Service via Inefficient Regular Expression Complexity
Feb 09, 2023
CVSS 7.5
EPSS 0.01