rubygems

954 tracked vulnerabilities.

CVE-2021-22885 HIGH
Action Pack >= 2.0.0 - Info Disclosure
May 27, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-33575 CRITICAL
Pixar ruby-jss < 1.6.0 - Remote Code Execution via Plist Marshal.load
May 25, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-3517 HIGH
libxml2 < 2.9.11 - Out-of-bounds Read in XML Entity Encoding
May 19, 2021
CVSS 8.6
EPSS 0.00
CVE-2021-3518 HIGH
libxml2 < 2.9.11 - Use-After-Free
May 18, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-3537 MEDIUM
libxml2 < 2.9.11 - NULL Pointer Dereference via XML Mixed Content Parsing
May 14, 2021
CVSS 5.9
EPSS 0.00
CVE-2021-29509 HIGH
Puma < 4.3.8 - Denial of Service via Keep-Alive Connection Starvation
May 11, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-31671 HIGH
pgsync < 0.6.7 - Information Disclosure via Schema Sync Mishandling
Apr 27, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-28965 HIGH
REXML < 3.2.5 - XML Round-Trip Vulnerability
Apr 21, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-29435 HIGH
trestle-auth 0.4.0-0.4.1 - Cross-Site Request Forgery
Apr 13, 2021
CVSS 8.1
EPSS 0.00
CVE-2021-30151 MEDIUM NUCLEI
Sidekiq < 5.1.3 and 6.x < 6.2.0 - Cross-Site Scripting via Live-Poll Queue Name
Apr 06, 2021
CVSS 6.1
EPSS 0.15
CVE-2021-28834 CRITICAL
kramdown < 2.3.1 - Arbitrary Class Instantiation via Rouge Formatter
Mar 19, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-28796 MEDIUM
Increments Qiita < 0.33.0 - Cross-Site Scripting in Markdown Transformers
Mar 18, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-23337 HIGH NUCLEI
Lodash <4.17.21 - Command Injection
Feb 15, 2021
CVSS 7.2
EPSS 0.04
CVE-2021-22881 MEDIUM NUCLEI
Action Pack <6.1.2.1, 6.0.3.5 - Open Redirect
Feb 11, 2021
CVSS 6.1
EPSS 0.15
CVE-2021-22880 HIGH
Active Record <6.1.2.1, 6.0.3.5, 5.2.4.5 - DoS
Feb 11, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-21305 HIGH
CarrierWave <2.1.1 - Code Injection
Feb 08, 2021
CVSS 7.4
EPSS 0.03
CVE-2021-21288 MEDIUM
CarrierWave < 1.3.2 - Server-Side Request Forgery via Download Feature
Feb 08, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-21289 HIGH
Mechanize <2.7.7 - Command Injection
Feb 02, 2021
CVSS 7.4
EPSS 0.03
CVE-2020-21514 HIGH
fluentd-ui 1.2.2 - Incorrect Default Permissions
Apr 04, 2023
CVSS 8.8
EPSS 0.01
CVE-2020-36644 LOW
jamesmartin Inline SVG <1.7.1 - XSS
Jan 07, 2023
CVSS 3.5
EPSS 0.01
CVE-2020-36624 MEDIUM
texthelpers < 1.1.0 - Use of Web Link to Untrusted Target with window.opener Access
Dec 22, 2022
CVSS 6.3
EPSS 0.00
CVE-2020-36599 CRITICAL
OmniAuth <1.9.2, <2.0 - Info Disclosure
Aug 18, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-35305 MEDIUM
gollum 5.0-5.1.2 - Cross-Site Scripting via New Page Filename Parameter
Jul 15, 2022
CVSS 6.1
EPSS 0.00
CVE-2020-36327 HIGH
Bundler 1.16.0-2.2.9, 2.2.11-2.2.16 - Info Disclosure
Apr 29, 2021
CVSS 8.8
EPSS 0.25
CVE-2020-7385 HIGH
Metasploit Framework < 4.19.0 - Remote Code Execution via DRb Deserialization
Apr 23, 2021
CVSS 8.1
EPSS 0.01
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV