rubygems

954 tracked vulnerabilities.

CVE-2021-33621 HIGH
cgi <0.1.0.2, <0.2.x -<0.2.2, <0.3.x -<0.3.5 - XSS
Nov 18, 2022
CVSS 8.8
EPSS 0.01
CVE-2021-3779 MEDIUM
ruby-mysql <2.10.0 - Info Disclosure
Jun 28, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-33473 CRITICAL
Dragonfly Ruby Gem <1.3.0 - Command Injection
Jun 02, 2022
CVSS 9.1
EPSS 0.00
CVE-2021-43177 MEDIUM
Deveive-two-factor <4.0.2 - Info Disclosure
Apr 11, 2022
CVSS 5.3
EPSS 0.00
CVE-2021-3589 HIGH
Foreman Ansible - Privilege Escalation
Mar 23, 2022
CVSS 8.0
EPSS 0.00
CVE-2021-41816 CRITICAL
CGI < 0.3.1 - Integer Overflow via Long String in escape_html
Feb 06, 2022
CVSS 9.8
EPSS 0.00
CVE-2021-44528 MEDIUM NUCLEI
Rails Action Pack >=6.0.0 <6.0.4.2 - Open Redirect via X-Forwarded-Host Header
Jan 10, 2022
CVSS 6.1
EPSS 0.26
CVE-2021-22569 HIGH
protobuf-java < 3.16.1 - Denial of Service via UnknownFieldSet Field Interleaving
Jan 10, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-41819 HIGH
Ruby CGI < 2.6.8 and CGI Gem < 0.3.1 - Cookie Security Prefix Bypass
Jan 01, 2022
CVSS 7.5
EPSS 0.01
CVE-2021-41817 HIGH
ruby-lang/date < 2.0.1 - Regular Expression Denial of Service via Date.parse
Jan 01, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-43846 MEDIUM
Solidus_frontend <3.1.5-2.11.14 - CSRF
Dec 20, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-43840 MEDIUM
message_bus <3.3.7 - Path Traversal
Dec 17, 2021
CVSS 4.4
EPSS 0.00
CVE-2021-43809 MEDIUM
Bundler < 2.2.33 - Command Injection via Git URL Argument
Dec 08, 2021
CVSS 6.7
EPSS 0.02
CVE-2021-28680 HIGH
Devisemasquerade <1.3 - Info Disclosure
Dec 07, 2021
CVSS 8.1
EPSS 0.00
CVE-2021-43805 HIGH
Solidus <3.1.4, <3.0.4, <2.11.13 - DoS
Dec 07, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-27025 MEDIUM
Puppet Agent - Denial of Service via Augeas Settings Handling
Nov 18, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-27023 CRITICAL
Puppet Agent/Puppet Server - Info Disclosure
Nov 18, 2021
CVSS 9.8
EPSS 0.00
CVE-2021-41275 CRITICAL
spree_auth_devise < 4.0.1, 4.3.0-4.4.1 - Cross-Site Request Forgery
Nov 17, 2021
CVSS 9.3
EPSS 0.00
CVE-2021-41274 CRITICAL
solidus_auth_devise 1.0.0-2.5.3 - Cross-Site Request Forgery
Nov 17, 2021
CVSS 9.3
EPSS 0.00
CVE-2021-41263 HIGH
rails_multisite <4 - Info Disclosure
Nov 15, 2021
CVSS 8.3
EPSS 0.00
CVE-2021-25975 MEDIUM
publify 8.0-9.2.4 - Stored Cross-Site Scripting via HTML File Upload
Nov 10, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-25974 MEDIUM
Publify 8.0-9.2.4 - Stored Cross-Site Scripting via Page/Article Creation
Nov 10, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-25973 MEDIUM
Publify 9.0.0-9.2.4 - Improper Access Control via Guest Role Self-Registration
Nov 02, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-41186 MEDIUM
Fluentd 0.14.14-1.14.1 - Denial of Service via parser_apache2 Regex Handling
Oct 29, 2021
CVSS 5.9
EPSS 0.00
CVE-2021-41184 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Position Utility 'of' Option
Oct 26, 2021
CVSS 6.5
EPSS 0.31
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV