rubygems
965 tracked vulnerabilities.
CVE-2021-28966
HIGH
Ruby < 2.7.3 - Path Traversal via TmpDir Parameter
Jul 30, 2021
CVSS 7.5
EPSS 0.57
CVE-2021-35440
MEDIUM
smashing < 1.3.5 - Cross-Site Scripting via Widget URL
Jul 06, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-32740
HIGH
Addressable 2.3.0-2.7.0 - Denial of Service via URI Template Matching
Jul 06, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-35514
CRITICAL
narou < 3.8.0 - Remote Code Execution via Novel Title or Author Name
Jun 28, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-32823
LOW
bindata < 2.4.10 - Denial of Service via Slow Bit Class Creation
Jun 24, 2021
CVSS 3.7
EPSS 0.02
CVE-2021-28833
MEDIUM
Increments Qiita < 0.34.0 - Cross-Site Scripting via Gist Link
Jun 21, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22904
HIGH
Actionpack <6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 - DoS
Jun 11, 2021
CVSS 7.5
EPSS 0.05
CVE-2021-22903
MEDIUM
Actionpack <6.1.3.2 - Open Redirect
Jun 11, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22902
HIGH
Rails 6.0.0-6.0.3.6 and 6.1.0-6.1.3.1 - Denial of Service via Mime Type Parser
Jun 11, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-20259
HIGH
Theforeman Foremanfogproxmox < 0.13.1 - Information Disclosure
Jun 07, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-33564
CRITICAL
NUCLEI
Dragonfly <1.4.0 - Command Injection
May 29, 2021
CVSS 9.8
EPSS 0.72
CVE-2021-22885
HIGH
Action Pack >= 2.0.0 - Info Disclosure
May 27, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-33575
CRITICAL
Pixar ruby-jss < 1.6.0 - Remote Code Execution via Plist Marshal.load
May 25, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-3517
HIGH
libxml2 < 2.9.11 - Out-of-bounds Read in XML Entity Encoding
May 19, 2021
CVSS 8.6
EPSS 0.08
CVE-2021-3518
HIGH
libxml2 < 2.9.11 - Use-After-Free
May 18, 2021
CVSS 8.8
EPSS 0.04
CVE-2021-3537
MEDIUM
libxml2 < 2.9.11 - NULL Pointer Dereference via XML Mixed Content Parsing
May 14, 2021
CVSS 5.9
EPSS 0.04
CVE-2021-29509
HIGH
Puma < 4.3.8 - Denial of Service via Keep-Alive Connection Starvation
May 11, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-31671
HIGH
pgsync < 0.6.7 - Information Disclosure via Schema Sync Mishandling
Apr 27, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-28965
HIGH
REXML < 3.2.5 - XML Round-Trip Vulnerability
Apr 21, 2021
CVSS 7.5
EPSS 0.05
CVE-2021-29435
HIGH
trestle-auth 0.4.0-0.4.1 - Cross-Site Request Forgery
Apr 13, 2021
CVSS 8.1
EPSS 0.01
CVE-2021-30151
MEDIUM
NUCLEI
Sidekiq < 5.1.3 and 6.x < 6.2.0 - Cross-Site Scripting via Live-Poll Queue Name
Apr 06, 2021
CVSS 6.1
EPSS 0.04
CVE-2021-28834
CRITICAL
kramdown < 2.3.1 - Arbitrary Class Instantiation via Rouge Formatter
Mar 19, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-28796
MEDIUM
Increments Qiita < 0.33.0 - Cross-Site Scripting in Markdown Transformers
Mar 18, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-23337
HIGH
NUCLEI
Lodash <4.17.21 - Command Injection
Feb 15, 2021
CVSS 7.2
EPSS 0.22
CVE-2021-22881
MEDIUM
NUCLEI
Action Pack <6.1.2.1, 6.0.3.5 - Open Redirect
Feb 11, 2021
CVSS 6.1
EPSS 0.87
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters