rubygems

954 tracked vulnerabilities.

CVE-2022-29181 HIGH
Nokogiri <1.13.6 - Memory Corruption
May 20, 2022
CVSS 8.2
EPSS 0.04
CVE-2022-1553 MEDIUM
Publify < 9.2.8 - Unauthenticated Password-Protected Article Content Disclosure
May 16, 2022
CVSS 4.9
EPSS 0.00
CVE-2022-0578 MEDIUM
publify/publify <9.2.8 - Code Injection
May 16, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-0574 MEDIUM
GitHub publify/publify <9.2.8 - Info Disclosure
May 16, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-29218 HIGH
RubyGems.org - Authentication Bypass by Spoofing via Gem Upload Platform Handling
May 13, 2022
CVSS 7.7
EPSS 0.00
CVE-2022-29176 CRITICAL
rubygems.org - Unauthenticated Gem Removal and Replacement via Yank Action
May 05, 2022
CVSS 9.9
EPSS 0.01
CVE-2022-29970 HIGH
sinatra < 2.2.0 - Path Traversal in Static File Serving
May 02, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-28481 CRITICAL
CSV-Safe gem < 3.0.0 - Code Injection
May 01, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-27311 CRITICAL
Gibbon < 3.4.4 - Server-Side Request Forgery via Crafted URL
Apr 25, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-29498 HIGH
Blazer < 2.6.0 - SQL Injection
Apr 21, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-25648 HIGH
git < 1.11.0 - Command Injection via fetch Remote Parameter
Apr 19, 2022
CVSS 8.1
EPSS 0.06
CVE-2022-24836 HIGH
Nokogiri < 1.13.4 - Inefficient Regular Expression Complexity in HTML Encoding Detection
Apr 11, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-24795 MEDIUM
yajl-ruby < 1.4.2 - Integer Overflow to Heap Memory Corruption in yajl_buf.c
Apr 05, 2022
CVSS 5.9
EPSS 0.02
CVE-2022-24440 HIGH
cocoapods-downloader <1.6.0, 1.6.2-1.6.3 - Command Injection
Apr 01, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-21223 HIGH
cocoapods-downloader < 1.6.2 - Command Injection via hg Argument Injection
Apr 01, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-24803 CRITICAL
asciidoctor-include-ext < 0.4.0 - OS Command Injection
Apr 01, 2022
CVSS 10.0
EPSS 0.01
CVE-2022-24790 CRITICAL
Puma < 4.3.12 and 5.0.0-5.6.4 - HTTP Request Smuggling via Proxy Request Parsing Discrepancy
Mar 30, 2022
CVSS 9.1
EPSS 0.00
CVE-2022-0759 HIGH
kubeclient < 4.9.3 - Improper Certificate Validation in Kubeconfig Parser
Mar 25, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-24722 HIGH
ViewComponent 2.31.0-2.31.1 - Cross-Site Scripting via Translate Method Interpolation
Mar 02, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-24720 CRITICAL
image_processing <1.12.2 - Command Injection
Mar 01, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-23634 HIGH
Puma < 4.3.11 and 5.0.0-5.6.2 - Information Exposure via Response Body Handling
Feb 11, 2022
CVSS 8.0
EPSS 0.00
CVE-2022-23633 HIGH
Rails 5.0.0-5.2.6.1 - Information Disclosure via Thread Local State Leak
Feb 11, 2022
CVSS 7.4
EPSS 0.00
CVE-2022-0524 HIGH
publify/publify <9.2.7 - Info Disclosure
Feb 08, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-23837 HIGH
Sidekiq < 5.2.10 and >=6.0.0 <6.4.0 - Denial of Service via Unlimited Stats Request
Jan 21, 2022
CVSS 7.5
EPSS 0.01
CVE-2021-4250 LOW
active_attr < 0.15.3 - Denial of Service in Boolean Typecaster Regex Handler
Dec 18, 2022
CVSS 3.5
EPSS 0.01
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV