rubygems
954 tracked vulnerabilities.
CVE-2021-41183
MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker Widget *Text Options
Oct 26, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-41182
MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker altField Option
Oct 26, 2021
CVSS 6.5
EPSS 0.28
CVE-2021-25972
MEDIUM
Camaleon CMS 2.1.2.0-2.6.0 - Server-Side Request Forgery via Media Upload Feature
Oct 20, 2021
CVSS 4.9
EPSS 0.00
CVE-2021-25971
MEDIUM
Camaleon CMS 2.0.1-2.6.0 - Denial of Service via Malicious SVG Upload
Oct 20, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-25970
HIGH
Camaleon CMS 0.1.7-2.6.0 - Insufficient Session Expiration
Oct 20, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-25969
MEDIUM
Camaleon CMS < 2.6.0 - Unauthenticated Stored Cross-Site Scripting in Comments Section
Oct 20, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22942
MEDIUM
Action Pack >= 6.0.0 - Open Redirect
Oct 18, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-41136
LOW
Puma < 4.3.8 and 5.0.0-5.5.1 - HTTP Request Smuggling via LF Character in Forwarded Headers
Oct 12, 2021
CVSS 3.7
EPSS 0.00
CVE-2021-39880
MEDIUM
GitLab 11.9-13.12, 14.0-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Denial of Service via Apollo Upload Server Middleware
Oct 05, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-41098
HIGH
Nokogiri < 1.12.5 - XML External Entity Injection in SAX Parser on JRuby
Sep 27, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-23435
HIGH
clearance < 2.5.0 - Open Redirect via Session Return To Parameter
Sep 12, 2021
CVSS 7.6
EPSS 0.00
CVE-2021-39197
MEDIUM
better_errors < 2.8.0 - Cross-Site Request Forgery via Missing CSRF Protection
Sep 07, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-30560
HIGH
Google Chrome <91.0.4472.164 - Use After Free
Aug 03, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-31799
HIGH
Debian Linux < 6.3.1 - OS Command Injection
Jul 30, 2021
CVSS 7.0
EPSS 0.00
CVE-2021-28966
HIGH
Ruby < 2.7.3 - Path Traversal via TmpDir Parameter
Jul 30, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-35440
MEDIUM
smashing < 1.3.5 - Cross-Site Scripting via Widget URL
Jul 06, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-32740
HIGH
Addressable 2.3.0-2.7.0 - Denial of Service via URI Template Matching
Jul 06, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-35514
CRITICAL
narou < 3.8.0 - Remote Code Execution via Novel Title or Author Name
Jun 28, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-32823
LOW
bindata < 2.4.10 - Denial of Service via Slow Bit Class Creation
Jun 24, 2021
CVSS 3.7
EPSS 0.00
CVE-2021-28833
MEDIUM
Increments Qiita < 0.34.0 - Cross-Site Scripting via Gist Link
Jun 21, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-22904
HIGH
Actionpack <6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 - DoS
Jun 11, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-22903
MEDIUM
Actionpack <6.1.3.2 - Open Redirect
Jun 11, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-22902
HIGH
Rails 6.0.0-6.0.3.6 and 6.1.0-6.1.3.1 - Denial of Service via Mime Type Parser
Jun 11, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-20259
HIGH
Theforeman Foremanfogproxmox < 0.13.1 - Information Disclosure
Jun 07, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-33564
CRITICAL
NUCLEI
Dragonfly <1.4.0 - Command Injection
May 29, 2021
CVSS 9.8
EPSS 0.93
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
ruby-saml 10
jquery-rails 9
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
katello 7
lodash-rails 7
net-imap 7
spree 7
avo 6
Quick Filters