rubygems

965 tracked vulnerabilities.

CVE-2023-22797 MEDIUM
Actionpack < 7.0.4.1 - Open Redirect
Feb 09, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-22796 HIGH
Activesupport < 6.1.7.1 - Denial of Service
Feb 09, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-22795 HIGH
Rails < 6.1.7.1 and < 7.0.4.1 - Denial of Service via If-None-Match Header Regex
Feb 09, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-22794 HIGH
ActiveRecord <6.0.6.1, 6.1.7.1, 7.0.4.1 - SQL Injection via Insufficient Comment Sanitization
Feb 09, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-22792 HIGH
Rails 3.0.0-5.2.8.14 and 6.0.0-6.0.6.0 - Denial of Service via Regular Expression Backtracking in Action Dispatch
Feb 09, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-0669 HIGH KEVNUCLEI
Fortra GoAnywhere MFT Unsafe Deserialization RCE
Feb 06, 2023
CVSS 7.2
EPSS 1.00
CVE-2023-25015 MEDIUM
Clockwork Web < 0.1.2 - Cross-Site Request Forgery
Feb 02, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-0569 MEDIUM
GitHub publify/publify <9.2.10 - Info Disclosure
Jan 29, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-23627 MEDIUM
sanitize 5.0.0-6.0.0 - Cross-Site Scripting via Custom Allowlist with noscript Elements
Jan 28, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-0299 CRITICAL
publify/publify <9.2.10 - Info Disclosure
Jan 14, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-22626 HIGH
PgHero < 3.1.0 - Information Disclosure via EXPLAIN Error Message
Jan 05, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-3874 HIGH
Red Hat Satellite - Authenticated OS Command Injection via CoreOS Template Configuration
Sep 22, 2023
CVSS 8.0
EPSS 0.02
CVE-2022-36231 CRITICAL
pdf_info 0.5.3 - OS Command Injection via Backticks
Feb 23, 2023
CVSS 9.8
EPSS 0.03
CVE-2022-44572 HIGH
Rack < 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1 - Denial of Service via Multipart Boundary Parsing
Feb 09, 2023
CVSS 7.5
EPSS 0.02
CVE-2022-44571 HIGH
Rack 2.0.0-2.0.9.1 - Denial of Service via Content-Disposition Header Parsing
Feb 09, 2023
CVSS 7.5
EPSS 0.02
CVE-2022-44570 HIGH
Rack 1.5.0-2.0.9.1 - Denial of Service via Range Header Parsing
Feb 09, 2023
CVSS 7.5
EPSS 0.02
CVE-2022-44566 HIGH
ActiveRecord < 6.1.7.1 - Denial of Service via PostgreSQL Integer Comparison
Feb 09, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-4891 LOW
Sisimai <4.25.14p11 - Info Disclosure
Jan 17, 2023
CVSS 3.5
EPSS 0.01
CVE-2022-47318 HIGH
ruby-git <v1.13.0 - Command Injection
Jan 17, 2023
CVSS 8.0
EPSS 0.01
CVE-2022-46648 HIGH
ruby-git <v1.13.0 - Command Injection
Jan 17, 2023
CVSS 8.0
EPSS 0.01
CVE-2022-2815 MEDIUM
GitHub publify/publify <9.2.10 - Info Disclosure
Jan 14, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-1812 CRITICAL
Publify < 9.2.10 - Integer Overflow or Wraparound
Jan 14, 2023
CVSS 9.8
EPSS 0.31
CVE-2022-23520 MEDIUM
rails-html-sanitizer < 1.4.4 - Cross-Site Scripting via Select and Style Tag Override
Dec 14, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23519 HIGH
rails-html-sanitizer < 1.4.4 - Cross-Site Scripting via Allowed Tags Override
Dec 14, 2022
CVSS 7.2
EPSS 0.01
CVE-2022-23518 MEDIUM
rails-html-sanitizer 1.0.3-1.4.3 - Cross-Site Scripting via Data URIs with Loofah
Dec 14, 2022
CVSS 6.1
EPSS 0.01