rubygems
965 tracked vulnerabilities.
CVE-2022-31072
LOW
octokit 4.23.0-4.24.0 - Incorrect Default Permissions
Jun 15, 2022
CVSS 2.5
EPSS 0.00
CVE-2022-31071
LOW
Octopoller <0.2.0 - Info Disclosure
Jun 15, 2022
CVSS 2.5
EPSS 0.00
CVE-2022-31033
MEDIUM
mechanize < 2.8.5 - Authorization Header Exposure via Redirect to Different Port
Jun 09, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-31026
MEDIUM
Trilogy < 2.1.1 - Information Disclosure via Uninitialized Memory Read
Jun 09, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-32511
CRITICAL
jmespath.rb <1.6.1 - Info Disclosure
Jun 06, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-31000
LOW
Solidus_backend <3.1.6-2.11.16 - CSRF
Jun 01, 2022
CVSS 2.3
EPSS 0.00
CVE-2022-27777
MEDIUM
Rubyonrails Actionpack < 5.2.7.1 - XSS
May 26, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-22577
MEDIUM
Action Pack >=5.2.0-<5.2.0 - XSS
May 26, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-21831
CRITICAL
Active Storage 5.2.0-5.2.6.2 - Code Injection via Image Processing Arguments
May 26, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-1811
MEDIUM
Publify < 9.2.9 - Unrestricted Upload of File with Dangerous Type
May 23, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-1810
MEDIUM
Publify < 9.2.9 - Authorization Bypass Through User-Controlled Key
May 23, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-29181
HIGH
Nokogiri <1.13.6 - Memory Corruption
May 20, 2022
CVSS 8.2
EPSS 0.03
CVE-2022-1553
MEDIUM
Publify < 9.2.8 - Unauthenticated Password-Protected Article Content Disclosure
May 16, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-0578
MEDIUM
publify/publify <9.2.8 - Code Injection
May 16, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-0574
MEDIUM
GitHub publify/publify <9.2.8 - Info Disclosure
May 16, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-29218
HIGH
RubyGems.org - Authentication Bypass by Spoofing via Gem Upload Platform Handling
May 13, 2022
CVSS 7.7
EPSS 0.01
CVE-2022-29176
CRITICAL
rubygems.org - Unauthenticated Gem Removal and Replacement via Yank Action
May 05, 2022
CVSS 9.9
EPSS 0.02
CVE-2022-29970
HIGH
sinatra < 2.2.0 - Path Traversal in Static File Serving
May 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-28481
CRITICAL
CSV-Safe gem < 3.0.0 - Code Injection
May 01, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-27311
CRITICAL
Gibbon < 3.4.4 - Server-Side Request Forgery via Crafted URL
Apr 25, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-29498
HIGH
Blazer < 2.6.0 - SQL Injection
Apr 21, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25648
HIGH
git < 1.11.0 - Command Injection via fetch Remote Parameter
Apr 19, 2022
CVSS 8.1
EPSS 0.05
CVE-2022-24836
HIGH
Nokogiri < 1.13.4 - Inefficient Regular Expression Complexity in HTML Encoding Detection
Apr 11, 2022
CVSS 7.5
EPSS 0.04
CVE-2022-24795
MEDIUM
yajl-ruby < 1.4.2 - Integer Overflow to Heap Memory Corruption in yajl_buf.c
Apr 05, 2022
CVSS 5.9
EPSS 0.03
CVE-2022-24440
HIGH
cocoapods-downloader <1.6.0, 1.6.2-1.6.3 - Command Injection
Apr 01, 2022
CVSS 8.1
EPSS 0.03
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters