rubygems

965 tracked vulnerabilities.

CVE-2022-23517 HIGH
rails-html-sanitizer < 1.4.4 - Denial of Service via Inefficient SVG Attribute Regex
Dec 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23516 HIGH
Loofah 2.2.0-2.19.0 - Denial of Service via Recursive CDATA Sanitization
Dec 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23515 MEDIUM
Loofah 2.1.0-2.19.0 - Cross-Site Scripting via Image/SVG+XML Data URI
Dec 14, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23514 HIGH
Loofah < 2.19.1 - Denial of Service via Inefficient SVG Attribute Regular Expression
Dec 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-44303 MEDIUM
resque-scheduler 1.27.4 - Cross-Site Scripting via Schedule Job or Args Parameter
Dec 13, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23476 HIGH
Nokogiri 1.13.8-1.13.9 - Denial of Service via Unchecked Return Value in XML::Reader#attribute_hash
Dec 08, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-32224 CRITICAL
Activerecord < 5.2.8.1 - Insecure Deserialization
Dec 05, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-30123 CRITICAL
Rack <2.0.9.1-<2.2.3.1 - Command Injection
Dec 05, 2022
CVSS 10.0
EPSS 0.02
CVE-2022-30122 HIGH
Rack <2.0.9.1, <2.1.4.1, <2.2.3.1 - Denial of Service in Multipart Parsing
Dec 05, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-45442 HIGH
Sinatra 2.0-2.2.2 and 3.0-3.0.3 - Reflected File Download via User-Supplied Filename in Content-Disposition Header
Nov 28, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-4064 LOW
dalli < 3.2.3 - Injection via Meta Protocol Handler cas/ttl Argument
Nov 19, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-39379 LOW
Fluentd 1.13.2-1.15.2 - Unauthenticated Remote Code Execution via JSON Payload Deserialization
Nov 02, 2022
CVSS 3.1
EPSS 0.45
CVE-2022-3704 LOW
Ruby on Rails - Cross-Site Scripting in Table Template
Oct 26, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-37454 CRITICAL
Keccak XKCP SHA-3 Reference Implementation - Integer Overflow and Buffer Overflow in Sponge Function Interface
Oct 21, 2022
CVSS 9.8
EPSS 0.05
CVE-2022-3171 MEDIUM
Google Protobuf < 3.21.7, 3.20.3, 3.19.6, 3.16.3 - Denial of Service via Binary Data Parsing
Oct 12, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-39281 MEDIUM
Fatfreecrm < 0.20.1 - Improper Input Validation
Oct 08, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-39224 HIGH
ruby-arr-pm < 0.0.12 - OS Command Injection via Malicious Payload Compressor Field
Sep 21, 2022
CVSS 7.0
EPSS 0.02
CVE-2022-25765 HIGH
pdfkit < 0.8.7.2 - Command Injection via URL Parameter
Sep 09, 2022
CVSS 7.3
EPSS 0.39
CVE-2022-36073 HIGH
RubyGems.org < 2022-08-31 - Account Takeover via Email Change Confirmation Bypass
Sep 07, 2022
CVSS 8.3
EPSS 0.01
CVE-2022-35956 MEDIUM
update_by_case < 0.1.3 - SQL Injection via Unsanitized Case Statement
Aug 12, 2022
CVSS 5.8
EPSS 0.01
CVE-2022-31163 HIGH
TZInfo <0.36.1, <1.2.10 (with tzinfo-data) - Path Traversal
Jul 22, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31160 MEDIUM
jQuery UI < 1.13.2 - Cross-Site Scripting via Checkboxradio Widget Refresh
Jul 20, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-31115 HIGH
opensearch-ruby < 2.0.1 - Deserialization of Untrusted Data via YAML.load
Jun 30, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-32209 MEDIUM
Rails::Html::Sanitizer < 1.4.3 - Cross-Site Scripting via Select and Style Tag Override
Jun 24, 2022
CVSS 6.1
EPSS 0.29
CVE-2022-33127 CRITICAL
diffy < 3.4.1 - OS Command Injection via Filename with Double Quotes
Jun 23, 2022
CVSS 9.8
EPSS 0.02