rubygems

965 tracked vulnerabilities.

CVE-2021-22880 HIGH
Active Record <6.1.2.1, 6.0.3.5, 5.2.4.5 - DoS
Feb 11, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-21305 HIGH
CarrierWave <2.1.1 - Code Injection
Feb 08, 2021
CVSS 7.4
EPSS 0.13
CVE-2021-21288 MEDIUM
CarrierWave < 1.3.2 - Server-Side Request Forgery via Download Feature
Feb 08, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-21289 HIGH
Mechanize <2.7.7 - Command Injection
Feb 02, 2021
CVSS 7.4
EPSS 0.04
CVE-2020-21514 HIGH
fluentd-ui 1.2.2 - Incorrect Default Permissions
Apr 04, 2023
CVSS 8.8
EPSS 0.01
CVE-2020-36644 LOW
jamesmartin Inline SVG <1.7.1 - XSS
Jan 07, 2023
CVSS 3.5
EPSS 0.01
CVE-2020-36624 MEDIUM
texthelpers < 1.1.0 - Use of Web Link to Untrusted Target with window.opener Access
Dec 22, 2022
CVSS 6.3
EPSS 0.01
CVE-2020-36599 CRITICAL
OmniAuth <1.9.2, <2.0 - Info Disclosure
Aug 18, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-35305 MEDIUM
gollum 5.0-5.1.2 - Cross-Site Scripting via New Page Filename Parameter
Jul 15, 2022
CVSS 6.1
EPSS 0.01
CVE-2020-36327 HIGH
Bundler 1.16.0-2.2.9, 2.2.11-2.2.16 - Info Disclosure
Apr 29, 2021
CVSS 8.8
EPSS 0.06
CVE-2020-7385 HIGH
Metasploit Framework < 4.19.0 - Remote Code Execution via DRb Deserialization
Apr 23, 2021
CVSS 8.1
EPSS 0.02
CVE-2020-24393 MEDIUM
TweetStream 2.6.1 - Man-in-the-Middle
Feb 19, 2021
CVSS 5.9
EPSS 0.01
CVE-2020-24392 MEDIUM
voloko twitter-stream <0.1.10 - SSRF
Feb 19, 2021
CVSS 5.9
EPSS 0.01
CVE-2020-28500 MEDIUM
lodash < 4.17.21 - Regular Expression Denial of Service via toNumber trim and trimEnd
Feb 15, 2021
CVSS 5.3
EPSS 0.07
CVE-2020-36190 MEDIUM
rails_admin < 1.4.3 and 2.x < 2.0.2 - Cross-Site Scripting via Nested Forms
Jan 12, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-26298 MEDIUM
Redcarpet < 3.5.1 - Cross-Site Scripting via Quote Processing
Jan 11, 2021
CVSS 6.8
EPSS 0.02
CVE-2020-8264 MEDIUM
Rails 6.0.0-6.0.3.3 - Cross-Site Scripting via Actionable Exceptions Middleware
Jan 06, 2021
CVSS 6.1
EPSS 0.71
CVE-2020-26247 LOW
Nokogiri < 1.11.0 - XML External Entity Injection via Schema Parsing
Dec 30, 2020
CVSS 2.6
EPSS 0.01
CVE-2020-26254 HIGH
omniauth-apple <1.0.1 - Info Disclosure
Dec 08, 2020
CVSS 7.7
EPSS 0.01
CVE-2020-13353 LOW
Gitaly 1.79.0-13.3.9 - Insufficient Session Expiration via URL Repository Import
Nov 17, 2020
CVSS 2.5
EPSS 0.00
CVE-2020-26223 HIGH
Spree 3.7.0-3.7.12 - Incorrect Authorization via API v2 Order Status Endpoint
Nov 13, 2020
CVSS 7.7
EPSS 0.01
CVE-2020-26222 HIGH
Dependabot 0.119.0.beta1-0.125.1 - Remote Code Execution via Malicious Source Branch Name
Nov 13, 2020
CVSS 8.7
EPSS 0.03
CVE-2020-15240 HIGH
omniauth-auth0 <2.4.1 - Auth Bypass
Oct 21, 2020
CVSS 7.4
EPSS 0.01
CVE-2020-15269 HIGH
Spree <3.7.11, <4.0.4, <4.1.11 - Info Disclosure
Oct 20, 2020
CVSS 7.4
EPSS 0.01
CVE-2020-25613 HIGH
Ruby WEBrick < 1.6.0 - HTTP Request Smuggling via Transfer-Encoding Header
Oct 06, 2020
CVSS 7.5
EPSS 0.04