rubygems
965 tracked vulnerabilities.
CVE-2022-21223
HIGH
cocoapods-downloader < 1.6.2 - Command Injection via hg Argument Injection
Apr 01, 2022
CVSS 8.1
EPSS 0.02
CVE-2022-24803
CRITICAL
asciidoctor-include-ext < 0.4.0 - OS Command Injection
Apr 01, 2022
CVSS 10.0
EPSS 0.03
CVE-2022-24790
CRITICAL
Puma < 4.3.12 and 5.0.0-5.6.4 - HTTP Request Smuggling via Proxy Request Parsing Discrepancy
Mar 30, 2022
CVSS 9.1
EPSS 0.02
CVE-2022-0759
HIGH
kubeclient < 4.9.3 - Improper Certificate Validation in Kubeconfig Parser
Mar 25, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-24722
HIGH
ViewComponent 2.31.0-2.31.1 - Cross-Site Scripting via Translate Method Interpolation
Mar 02, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-24720
CRITICAL
image_processing <1.12.2 - Command Injection
Mar 01, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-23634
HIGH
Puma < 4.3.11 and 5.0.0-5.6.2 - Information Exposure via Response Body Handling
Feb 11, 2022
CVSS 8.0
EPSS 0.02
CVE-2022-23633
HIGH
Rails 5.0.0-5.2.6.1 - Information Disclosure via Thread Local State Leak
Feb 11, 2022
CVSS 7.4
EPSS 0.02
CVE-2022-0524
HIGH
publify/publify <9.2.7 - Info Disclosure
Feb 08, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-23837
HIGH
Sidekiq < 5.2.10 and >=6.0.0 <6.4.0 - Denial of Service via Unlimited Stats Request
Jan 21, 2022
CVSS 7.5
EPSS 0.05
CVE-2021-4250
LOW
active_attr < 0.15.3 - Denial of Service in Boolean Typecaster Regex Handler
Dec 18, 2022
CVSS 3.5
EPSS 0.01
CVE-2021-33621
HIGH
cgi <0.1.0.2, <0.2.x -<0.2.2, <0.3.x -<0.3.5 - XSS
Nov 18, 2022
CVSS 8.8
EPSS 0.02
CVE-2021-3779
MEDIUM
ruby-mysql <2.10.0 - Info Disclosure
Jun 28, 2022
CVSS 6.5
EPSS 0.01
CVE-2021-33473
CRITICAL
Dragonfly Ruby Gem <1.3.0 - Command Injection
Jun 02, 2022
CVSS 9.1
EPSS 0.01
CVE-2021-43177
MEDIUM
Deveive-two-factor <4.0.2 - Info Disclosure
Apr 11, 2022
CVSS 5.3
EPSS 0.01
CVE-2021-3589
HIGH
Foreman Ansible - Privilege Escalation
Mar 23, 2022
CVSS 8.0
EPSS 0.01
CVE-2021-41816
CRITICAL
CGI < 0.3.1 - Integer Overflow via Long String in escape_html
Feb 06, 2022
CVSS 9.8
EPSS 0.05
CVE-2021-44528
MEDIUM
NUCLEI
Rails Action Pack >=6.0.0 <6.0.4.2 - Open Redirect via X-Forwarded-Host Header
Jan 10, 2022
CVSS 6.1
EPSS 0.04
CVE-2021-22569
HIGH
protobuf-java < 3.16.1 - Denial of Service via UnknownFieldSet Field Interleaving
Jan 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-41819
HIGH
Ruby CGI < 2.6.8 and CGI Gem < 0.3.1 - Cookie Security Prefix Bypass
Jan 01, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-41817
HIGH
ruby-lang/date < 2.0.1 - Regular Expression Denial of Service via Date.parse
Jan 01, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-43846
MEDIUM
Solidus_frontend <3.1.5-2.11.14 - CSRF
Dec 20, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-43840
MEDIUM
message_bus <3.3.7 - Path Traversal
Dec 17, 2021
CVSS 4.4
EPSS 0.02
CVE-2021-43809
MEDIUM
Bundler < 2.2.33 - Command Injection via Git URL Argument
Dec 08, 2021
CVSS 6.7
EPSS 0.03
CVE-2021-28680
HIGH
Devisemasquerade <1.3 - Info Disclosure
Dec 07, 2021
CVSS 8.1
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters