rubygems

965 tracked vulnerabilities.

CVE-2022-21223 HIGH
cocoapods-downloader < 1.6.2 - Command Injection via hg Argument Injection
Apr 01, 2022
CVSS 8.1
EPSS 0.02
CVE-2022-24803 CRITICAL
asciidoctor-include-ext < 0.4.0 - OS Command Injection
Apr 01, 2022
CVSS 10.0
EPSS 0.03
CVE-2022-24790 CRITICAL
Puma < 4.3.12 and 5.0.0-5.6.4 - HTTP Request Smuggling via Proxy Request Parsing Discrepancy
Mar 30, 2022
CVSS 9.1
EPSS 0.02
CVE-2022-0759 HIGH
kubeclient < 4.9.3 - Improper Certificate Validation in Kubeconfig Parser
Mar 25, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-24722 HIGH
ViewComponent 2.31.0-2.31.1 - Cross-Site Scripting via Translate Method Interpolation
Mar 02, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-24720 CRITICAL
image_processing <1.12.2 - Command Injection
Mar 01, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-23634 HIGH
Puma < 4.3.11 and 5.0.0-5.6.2 - Information Exposure via Response Body Handling
Feb 11, 2022
CVSS 8.0
EPSS 0.02
CVE-2022-23633 HIGH
Rails 5.0.0-5.2.6.1 - Information Disclosure via Thread Local State Leak
Feb 11, 2022
CVSS 7.4
EPSS 0.02
CVE-2022-0524 HIGH
publify/publify <9.2.7 - Info Disclosure
Feb 08, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-23837 HIGH
Sidekiq < 5.2.10 and >=6.0.0 <6.4.0 - Denial of Service via Unlimited Stats Request
Jan 21, 2022
CVSS 7.5
EPSS 0.05
CVE-2021-4250 LOW
active_attr < 0.15.3 - Denial of Service in Boolean Typecaster Regex Handler
Dec 18, 2022
CVSS 3.5
EPSS 0.01
CVE-2021-33621 HIGH
cgi <0.1.0.2, <0.2.x -<0.2.2, <0.3.x -<0.3.5 - XSS
Nov 18, 2022
CVSS 8.8
EPSS 0.02
CVE-2021-3779 MEDIUM
ruby-mysql <2.10.0 - Info Disclosure
Jun 28, 2022
CVSS 6.5
EPSS 0.01
CVE-2021-33473 CRITICAL
Dragonfly Ruby Gem <1.3.0 - Command Injection
Jun 02, 2022
CVSS 9.1
EPSS 0.01
CVE-2021-43177 MEDIUM
Deveive-two-factor <4.0.2 - Info Disclosure
Apr 11, 2022
CVSS 5.3
EPSS 0.01
CVE-2021-3589 HIGH
Foreman Ansible - Privilege Escalation
Mar 23, 2022
CVSS 8.0
EPSS 0.01
CVE-2021-41816 CRITICAL
CGI < 0.3.1 - Integer Overflow via Long String in escape_html
Feb 06, 2022
CVSS 9.8
EPSS 0.05
CVE-2021-44528 MEDIUM NUCLEI
Rails Action Pack >=6.0.0 <6.0.4.2 - Open Redirect via X-Forwarded-Host Header
Jan 10, 2022
CVSS 6.1
EPSS 0.04
CVE-2021-22569 HIGH
protobuf-java < 3.16.1 - Denial of Service via UnknownFieldSet Field Interleaving
Jan 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-41819 HIGH
Ruby CGI < 2.6.8 and CGI Gem < 0.3.1 - Cookie Security Prefix Bypass
Jan 01, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-41817 HIGH
ruby-lang/date < 2.0.1 - Regular Expression Denial of Service via Date.parse
Jan 01, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-43846 MEDIUM
Solidus_frontend <3.1.5-2.11.14 - CSRF
Dec 20, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-43840 MEDIUM
message_bus <3.3.7 - Path Traversal
Dec 17, 2021
CVSS 4.4
EPSS 0.02
CVE-2021-43809 MEDIUM
Bundler < 2.2.33 - Command Injection via Git URL Argument
Dec 08, 2021
CVSS 6.7
EPSS 0.03
CVE-2021-28680 HIGH
Devisemasquerade <1.3 - Info Disclosure
Dec 07, 2021
CVSS 8.1
EPSS 0.01