rubygems
954 tracked vulnerabilities.
CVE-2022-39379
LOW
Fluentd 1.13.2-1.15.2 - Unauthenticated Remote Code Execution via JSON Payload Deserialization
Nov 02, 2022
CVSS 3.1
EPSS 0.08
CVE-2022-3704
LOW
Ruby on Rails - Cross-Site Scripting in Table Template
Oct 26, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-37454
CRITICAL
Keccak XKCP SHA-3 Reference Implementation - Integer Overflow and Buffer Overflow in Sponge Function Interface
Oct 21, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-3171
MEDIUM
Google Protobuf < 3.21.7, 3.20.3, 3.19.6, 3.16.3 - Denial of Service via Binary Data Parsing
Oct 12, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-39281
MEDIUM
Fatfreecrm < 0.20.1 - Improper Input Validation
Oct 08, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-39224
HIGH
ruby-arr-pm < 0.0.12 - OS Command Injection via Malicious Payload Compressor Field
Sep 21, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-25765
HIGH
pdfkit < 0.8.7.2 - Command Injection via URL Parameter
Sep 09, 2022
CVSS 7.3
EPSS 0.89
CVE-2022-36073
HIGH
RubyGems.org < 2022-08-31 - Account Takeover via Email Change Confirmation Bypass
Sep 07, 2022
CVSS 8.3
EPSS 0.00
CVE-2022-35956
MEDIUM
update_by_case < 0.1.3 - SQL Injection via Unsanitized Case Statement
Aug 12, 2022
CVSS 5.8
EPSS 0.00
CVE-2022-31163
HIGH
TZInfo <0.36.1, <1.2.10 (with tzinfo-data) - Path Traversal
Jul 22, 2022
CVSS 7.5
EPSS 0.04
CVE-2022-31160
MEDIUM
jQuery UI < 1.13.2 - Cross-Site Scripting via Checkboxradio Widget Refresh
Jul 20, 2022
CVSS 6.1
EPSS 0.08
CVE-2022-31115
HIGH
opensearch-ruby < 2.0.1 - Deserialization of Untrusted Data via YAML.load
Jun 30, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-32209
MEDIUM
Rails::Html::Sanitizer < 1.4.3 - Cross-Site Scripting via Select and Style Tag Override
Jun 24, 2022
CVSS 6.1
EPSS 0.05
CVE-2022-33127
CRITICAL
diffy < 3.4.1 - OS Command Injection via Filename with Double Quotes
Jun 23, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-31072
LOW
octokit 4.23.0-4.24.0 - Incorrect Default Permissions
Jun 15, 2022
CVSS 2.5
EPSS 0.00
CVE-2022-31071
LOW
Octopoller <0.2.0 - Info Disclosure
Jun 15, 2022
CVSS 2.5
EPSS 0.00
CVE-2022-31033
MEDIUM
mechanize < 2.8.5 - Authorization Header Exposure via Redirect to Different Port
Jun 09, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-31026
MEDIUM
Trilogy < 2.1.1 - Information Disclosure via Uninitialized Memory Read
Jun 09, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-32511
CRITICAL
jmespath.rb <1.6.1 - Info Disclosure
Jun 06, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-31000
LOW
Solidus_backend <3.1.6-2.11.16 - CSRF
Jun 01, 2022
CVSS 2.3
EPSS 0.00
CVE-2022-27777
MEDIUM
Rubyonrails Actionpack < 5.2.7.1 - XSS
May 26, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-22577
MEDIUM
Action Pack >=5.2.0-<5.2.0 - XSS
May 26, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-21831
CRITICAL
Active Storage 5.2.0-5.2.6.2 - Code Injection via Image Processing Arguments
May 26, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-1811
MEDIUM
Publify < 9.2.9 - Unrestricted Upload of File with Dangerous Type
May 23, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-1810
MEDIUM
Publify < 9.2.9 - Authorization Bypass Through User-Controlled Key
May 23, 2022
CVSS 4.3
EPSS 0.00
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
ruby-saml 10
jquery-rails 9
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
katello 7
lodash-rails 7
net-imap 7
spree 7
avo 6
Quick Filters