Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / rubygems

rubygems

954 tracked vulnerabilities.

CVE-2022-3874 HIGH

Red Hat Satellite - Authenticated OS Command Injection via CoreOS Template Configuration

CVE-2022-36231 CRITICAL

pdf_info 0.5.3 - OS Command Injection via Backticks

CVE-2022-44572 HIGH

Rack < 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1 - Denial of Service via Multipart Boundary Parsing

CVE-2022-44571 HIGH

Rack 2.0.0-2.0.9.1 - Denial of Service via Content-Disposition Header Parsing

CVE-2022-44570 HIGH

Rack 1.5.0-2.0.9.1 - Denial of Service via Range Header Parsing

CVE-2022-44566 HIGH

ActiveRecord < 6.1.7.1 - Denial of Service via PostgreSQL Integer Comparison

CVE-2022-4891 LOW

Sisimai <4.25.14p11 - Info Disclosure

CVE-2022-47318 HIGH

ruby-git <v1.13.0 - Command Injection

CVE-2022-46648 HIGH

ruby-git <v1.13.0 - Command Injection

CVE-2022-2815 MEDIUM

GitHub publify/publify <9.2.10 - Info Disclosure

CVE-2022-1812 CRITICAL

Publify < 9.2.10 - Integer Overflow or Wraparound

CVE-2022-23520 MEDIUM

rails-html-sanitizer < 1.4.4 - Cross-Site Scripting via Select and Style Tag Override

CVE-2022-23519 HIGH

rails-html-sanitizer < 1.4.4 - Cross-Site Scripting via Allowed Tags Override

CVE-2022-23518 MEDIUM

rails-html-sanitizer 1.0.3-1.4.3 - Cross-Site Scripting via Data URIs with Loofah

CVE-2022-23517 HIGH

rails-html-sanitizer < 1.4.4 - Denial of Service via Inefficient SVG Attribute Regex

CVE-2022-23516 HIGH

Loofah 2.2.0-2.19.0 - Denial of Service via Recursive CDATA Sanitization

CVE-2022-23515 MEDIUM

Loofah 2.1.0-2.19.0 - Cross-Site Scripting via Image/SVG+XML Data URI

CVE-2022-23514 HIGH

Loofah < 2.19.1 - Denial of Service via Inefficient SVG Attribute Regular Expression

CVE-2022-44303 MEDIUM

resque-scheduler 1.27.4 - Cross-Site Scripting via Schedule Job or Args Parameter

CVE-2022-23476 HIGH

Nokogiri 1.13.8-1.13.9 - Denial of Service via Unchecked Return Value in XML::Reader#attribute_hash

CVE-2022-32224 CRITICAL

Activerecord < 5.2.8.1 - Insecure Deserialization

CVE-2022-30123 CRITICAL

Rack <2.0.9.1-<2.2.3.1 - Command Injection

CVE-2022-30122 HIGH

Rack <2.0.9.1, <2.1.4.1, <2.2.3.1 - Denial of Service in Multipart Parsing

CVE-2022-45442 HIGH

Sinatra 2.0-2.2.2 and 3.0-3.0.3 - Reflected File Download via User-Supplied Filename in Content-Disposition Header

CVE-2022-4064 LOW

dalli < 3.2.3 - Injection via Meta Protocol Handler cas/ttl Argument

Previous Page 12 of 39 Next

Products

actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy