rubygems

965 tracked vulnerabilities.

CVE-2022-31072 LOW
octokit 4.23.0-4.24.0 - Incorrect Default Permissions
Jun 15, 2022
CVSS 2.5
EPSS 0.00
CVE-2022-31071 LOW
Octopoller <0.2.0 - Info Disclosure
Jun 15, 2022
CVSS 2.5
EPSS 0.00
CVE-2022-31033 MEDIUM
mechanize < 2.8.5 - Authorization Header Exposure via Redirect to Different Port
Jun 09, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-31026 MEDIUM
Trilogy < 2.1.1 - Information Disclosure via Uninitialized Memory Read
Jun 09, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-32511 CRITICAL
jmespath.rb <1.6.1 - Info Disclosure
Jun 06, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-31000 LOW
Solidus_backend <3.1.6-2.11.16 - CSRF
Jun 01, 2022
CVSS 2.3
EPSS 0.00
CVE-2022-27777 MEDIUM
Rubyonrails Actionpack < 5.2.7.1 - XSS
May 26, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-22577 MEDIUM
Action Pack >=5.2.0-<5.2.0 - XSS
May 26, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-21831 CRITICAL
Active Storage 5.2.0-5.2.6.2 - Code Injection via Image Processing Arguments
May 26, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-1811 MEDIUM
Publify < 9.2.9 - Unrestricted Upload of File with Dangerous Type
May 23, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-1810 MEDIUM
Publify < 9.2.9 - Authorization Bypass Through User-Controlled Key
May 23, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-29181 HIGH
Nokogiri <1.13.6 - Memory Corruption
May 20, 2022
CVSS 8.2
EPSS 0.03
CVE-2022-1553 MEDIUM
Publify < 9.2.8 - Unauthenticated Password-Protected Article Content Disclosure
May 16, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-0578 MEDIUM
publify/publify <9.2.8 - Code Injection
May 16, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-0574 MEDIUM
GitHub publify/publify <9.2.8 - Info Disclosure
May 16, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-29218 HIGH
RubyGems.org - Authentication Bypass by Spoofing via Gem Upload Platform Handling
May 13, 2022
CVSS 7.7
EPSS 0.01
CVE-2022-29176 CRITICAL
rubygems.org - Unauthenticated Gem Removal and Replacement via Yank Action
May 05, 2022
CVSS 9.9
EPSS 0.02
CVE-2022-29970 HIGH
sinatra < 2.2.0 - Path Traversal in Static File Serving
May 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-28481 CRITICAL
CSV-Safe gem < 3.0.0 - Code Injection
May 01, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-27311 CRITICAL
Gibbon < 3.4.4 - Server-Side Request Forgery via Crafted URL
Apr 25, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-29498 HIGH
Blazer < 2.6.0 - SQL Injection
Apr 21, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25648 HIGH
git < 1.11.0 - Command Injection via fetch Remote Parameter
Apr 19, 2022
CVSS 8.1
EPSS 0.05
CVE-2022-24836 HIGH
Nokogiri < 1.13.4 - Inefficient Regular Expression Complexity in HTML Encoding Detection
Apr 11, 2022
CVSS 7.5
EPSS 0.04
CVE-2022-24795 MEDIUM
yajl-ruby < 1.4.2 - Integer Overflow to Heap Memory Corruption in yajl_buf.c
Apr 05, 2022
CVSS 5.9
EPSS 0.03
CVE-2022-24440 HIGH
cocoapods-downloader <1.6.0, 1.6.2-1.6.3 - Command Injection
Apr 01, 2022
CVSS 8.1
EPSS 0.03