rubygems
965 tracked vulnerabilities.
CVE-2022-23517
HIGH
rails-html-sanitizer < 1.4.4 - Denial of Service via Inefficient SVG Attribute Regex
Dec 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23516
HIGH
Loofah 2.2.0-2.19.0 - Denial of Service via Recursive CDATA Sanitization
Dec 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23515
MEDIUM
Loofah 2.1.0-2.19.0 - Cross-Site Scripting via Image/SVG+XML Data URI
Dec 14, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23514
HIGH
Loofah < 2.19.1 - Denial of Service via Inefficient SVG Attribute Regular Expression
Dec 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-44303
MEDIUM
resque-scheduler 1.27.4 - Cross-Site Scripting via Schedule Job or Args Parameter
Dec 13, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-23476
HIGH
Nokogiri 1.13.8-1.13.9 - Denial of Service via Unchecked Return Value in XML::Reader#attribute_hash
Dec 08, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-32224
CRITICAL
Activerecord < 5.2.8.1 - Insecure Deserialization
Dec 05, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-30123
CRITICAL
Rack <2.0.9.1-<2.2.3.1 - Command Injection
Dec 05, 2022
CVSS 10.0
EPSS 0.02
CVE-2022-30122
HIGH
Rack <2.0.9.1, <2.1.4.1, <2.2.3.1 - Denial of Service in Multipart Parsing
Dec 05, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-45442
HIGH
Sinatra 2.0-2.2.2 and 3.0-3.0.3 - Reflected File Download via User-Supplied Filename in Content-Disposition Header
Nov 28, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-4064
LOW
dalli < 3.2.3 - Injection via Meta Protocol Handler cas/ttl Argument
Nov 19, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-39379
LOW
Fluentd 1.13.2-1.15.2 - Unauthenticated Remote Code Execution via JSON Payload Deserialization
Nov 02, 2022
CVSS 3.1
EPSS 0.45
CVE-2022-3704
LOW
Ruby on Rails - Cross-Site Scripting in Table Template
Oct 26, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-37454
CRITICAL
Keccak XKCP SHA-3 Reference Implementation - Integer Overflow and Buffer Overflow in Sponge Function Interface
Oct 21, 2022
CVSS 9.8
EPSS 0.05
CVE-2022-3171
MEDIUM
Google Protobuf < 3.21.7, 3.20.3, 3.19.6, 3.16.3 - Denial of Service via Binary Data Parsing
Oct 12, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-39281
MEDIUM
Fatfreecrm < 0.20.1 - Improper Input Validation
Oct 08, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-39224
HIGH
ruby-arr-pm < 0.0.12 - OS Command Injection via Malicious Payload Compressor Field
Sep 21, 2022
CVSS 7.0
EPSS 0.02
CVE-2022-25765
HIGH
pdfkit < 0.8.7.2 - Command Injection via URL Parameter
Sep 09, 2022
CVSS 7.3
EPSS 0.39
CVE-2022-36073
HIGH
RubyGems.org < 2022-08-31 - Account Takeover via Email Change Confirmation Bypass
Sep 07, 2022
CVSS 8.3
EPSS 0.01
CVE-2022-35956
MEDIUM
update_by_case < 0.1.3 - SQL Injection via Unsanitized Case Statement
Aug 12, 2022
CVSS 5.8
EPSS 0.01
CVE-2022-31163
HIGH
TZInfo <0.36.1, <1.2.10 (with tzinfo-data) - Path Traversal
Jul 22, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31160
MEDIUM
jQuery UI < 1.13.2 - Cross-Site Scripting via Checkboxradio Widget Refresh
Jul 20, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-31115
HIGH
opensearch-ruby < 2.0.1 - Deserialization of Untrusted Data via YAML.load
Jun 30, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-32209
MEDIUM
Rails::Html::Sanitizer < 1.4.3 - Cross-Site Scripting via Select and Style Tag Override
Jun 24, 2022
CVSS 6.1
EPSS 0.29
CVE-2022-33127
CRITICAL
diffy < 3.4.1 - OS Command Injection via Filename with Double Quotes
Jun 23, 2022
CVSS 9.8
EPSS 0.02
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters