rubygems
954 tracked vulnerabilities.
CVE-2020-24393
MEDIUM
TweetStream 2.6.1 - Man-in-the-Middle
Feb 19, 2021
CVSS 5.9
EPSS 0.00
CVE-2020-24392
MEDIUM
voloko twitter-stream <0.1.10 - SSRF
Feb 19, 2021
CVSS 5.9
EPSS 0.00
CVE-2020-28500
MEDIUM
lodash < 4.17.21 - Regular Expression Denial of Service via toNumber trim and trimEnd
Feb 15, 2021
CVSS 5.3
EPSS 0.00
CVE-2020-36190
MEDIUM
rails_admin < 1.4.3 and 2.x < 2.0.2 - Cross-Site Scripting via Nested Forms
Jan 12, 2021
CVSS 6.1
EPSS 0.00
CVE-2020-26298
MEDIUM
Redcarpet < 3.5.1 - Cross-Site Scripting via Quote Processing
Jan 11, 2021
CVSS 6.8
EPSS 0.01
CVE-2020-8264
MEDIUM
Rails 6.0.0-6.0.3.3 - Cross-Site Scripting via Actionable Exceptions Middleware
Jan 06, 2021
CVSS 6.1
EPSS 0.00
CVE-2020-26247
LOW
Nokogiri < 1.11.0 - XML External Entity Injection via Schema Parsing
Dec 30, 2020
CVSS 2.6
EPSS 0.01
CVE-2020-26254
HIGH
omniauth-apple <1.0.1 - Info Disclosure
Dec 08, 2020
CVSS 7.7
EPSS 0.00
CVE-2020-13353
LOW
Gitaly 1.79.0-13.3.9 - Insufficient Session Expiration via URL Repository Import
Nov 17, 2020
CVSS 2.5
EPSS 0.00
CVE-2020-26223
HIGH
Spree 3.7.0-3.7.12 - Incorrect Authorization via API v2 Order Status Endpoint
Nov 13, 2020
CVSS 7.7
EPSS 0.00
CVE-2020-26222
HIGH
Dependabot 0.119.0.beta1-0.125.1 - Remote Code Execution via Malicious Source Branch Name
Nov 13, 2020
CVSS 8.7
EPSS 0.00
CVE-2020-15240
HIGH
omniauth-auth0 <2.4.1 - Auth Bypass
Oct 21, 2020
CVSS 7.4
EPSS 0.00
CVE-2020-15269
HIGH
Spree <3.7.11, <4.0.4, <4.1.11 - Info Disclosure
Oct 20, 2020
CVSS 7.4
EPSS 0.00
CVE-2020-25613
HIGH
Ruby WEBrick < 1.6.0 - HTTP Request Smuggling via Transfer-Encoding Header
Oct 06, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-15237
MEDIUM
Shrine < 3.3.0 - Observable Timing Discrepancy in Derivation Endpoint Signature Verification
Oct 05, 2020
CVSS 5.9
EPSS 0.00
CVE-2020-25739
MEDIUM
gon < 6.4.0 - Cross-Site Scripting via MultiJson Escape Mode Bypass
Sep 23, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-15169
MEDIUM
Action View < 5.2.4.4 - Cross-Site Scripting in Translation Helpers
Sep 11, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-16254
MEDIUM
Chartkick < 3.3.2 - CSS Injection
Aug 05, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-16253
HIGH
pghero < 2.6.0 - Cross-Site Request Forgery
Aug 05, 2020
CVSS 8.1
EPSS 0.00
CVE-2020-16252
MEDIUM
Field Test 0.2.0-0.3.2 - Cross-Site Request Forgery
Aug 05, 2020
CVSS 4.3
EPSS 0.00
CVE-2020-15109
MEDIUM
Solidus <2.8.6, 2.9.6, 2.10.2 - Info Disclosure
Aug 04, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-15134
HIGH
Faye < 1.4.0 - Missing TLS Certificate Validation
Jul 31, 2020
CVSS 8.0
EPSS 0.00
CVE-2020-15133
HIGH
Faye-websocket <0.11.0 - SSL/TLS Info Disclosure
Jul 31, 2020
CVSS 8.0
EPSS 0.00
CVE-2020-14001
CRITICAL
kramdown < 2.3.0 - Unauthenticated Arbitrary File Read and Remote Code Execution via Template Option
Jul 17, 2020
CVSS 9.8
EPSS 0.09
CVE-2020-8203
HIGH
lodash < 4.17.20 - Prototype Pollution via _.zipObjectDeep
Jul 15, 2020
CVSS 7.4
EPSS 0.03
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
ruby-saml 10
jquery-rails 9
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
katello 7
lodash-rails 7
net-imap 7
spree 7
avo 6
Quick Filters