rubygems

965 tracked vulnerabilities.

CVE-2021-43805 HIGH
Solidus <3.1.4, <3.0.4, <2.11.13 - DoS
Dec 07, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-27025 MEDIUM
Puppet Agent - Denial of Service via Augeas Settings Handling
Nov 18, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-27023 CRITICAL
Puppet Agent/Puppet Server - Info Disclosure
Nov 18, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-41275 CRITICAL
spree_auth_devise < 4.0.1, 4.3.0-4.4.1 - Cross-Site Request Forgery
Nov 17, 2021
CVSS 9.3
EPSS 0.01
CVE-2021-41274 CRITICAL
solidus_auth_devise 1.0.0-2.5.3 - Cross-Site Request Forgery
Nov 17, 2021
CVSS 9.3
EPSS 0.01
CVE-2021-41263 HIGH
rails_multisite <4 - Info Disclosure
Nov 15, 2021
CVSS 8.3
EPSS 0.01
CVE-2021-25975 MEDIUM
publify 8.0-9.2.4 - Stored Cross-Site Scripting via HTML File Upload
Nov 10, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-25974 MEDIUM
Publify 8.0-9.2.4 - Stored Cross-Site Scripting via Page/Article Creation
Nov 10, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-25973 MEDIUM
Publify 9.0.0-9.2.4 - Improper Access Control via Guest Role Self-Registration
Nov 02, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-41186 MEDIUM
Fluentd 0.14.14-1.14.1 - Denial of Service via parser_apache2 Regex Handling
Oct 29, 2021
CVSS 5.9
EPSS 0.02
CVE-2021-41184 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Position Utility 'of' Option
Oct 26, 2021
CVSS 6.5
EPSS 0.45
CVE-2021-41183 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker Widget *Text Options
Oct 26, 2021
CVSS 6.5
EPSS 0.08
CVE-2021-41182 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker altField Option
Oct 26, 2021
CVSS 6.5
EPSS 0.42
CVE-2021-25972 MEDIUM
Camaleon CMS 2.1.2.0-2.6.0 - Server-Side Request Forgery via Media Upload Feature
Oct 20, 2021
CVSS 4.9
EPSS 0.01
CVE-2021-25971 MEDIUM
Camaleon CMS 2.0.1-2.6.0 - Denial of Service via Malicious SVG Upload
Oct 20, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-25970 HIGH
Camaleon CMS 0.1.7-2.6.0 - Insufficient Session Expiration
Oct 20, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-25969 MEDIUM
Camaleon CMS < 2.6.0 - Unauthenticated Stored Cross-Site Scripting in Comments Section
Oct 20, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22942 MEDIUM
Action Pack >= 6.0.0 - Open Redirect
Oct 18, 2021
CVSS 6.1
EPSS 0.02
CVE-2021-41136 LOW
Puma < 4.3.8 and 5.0.0-5.5.1 - HTTP Request Smuggling via LF Character in Forwarded Headers
Oct 12, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-39880 MEDIUM
GitLab 11.9-13.12, 14.0-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Denial of Service via Apollo Upload Server Middleware
Oct 05, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-41098 HIGH
Nokogiri < 1.12.5 - XML External Entity Injection in SAX Parser on JRuby
Sep 27, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-23435 HIGH
clearance < 2.5.0 - Open Redirect via Session Return To Parameter
Sep 12, 2021
CVSS 7.6
EPSS 0.01
CVE-2021-39197 MEDIUM
better_errors < 2.8.0 - Cross-Site Request Forgery via Missing CSRF Protection
Sep 07, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-30560 HIGH
Google Chrome <91.0.4472.164 - Use After Free
Aug 03, 2021
CVSS 8.8
EPSS 0.22
CVE-2021-31799 HIGH
Debian Linux < 6.3.1 - OS Command Injection
Jul 30, 2021
CVSS 7.0
EPSS 0.01