rubygems
965 tracked vulnerabilities.
CVE-2020-15237
MEDIUM
Shrine < 3.3.0 - Observable Timing Discrepancy in Derivation Endpoint Signature Verification
Oct 05, 2020
CVSS 5.9
EPSS 0.01
CVE-2020-25739
MEDIUM
gon < 6.4.0 - Cross-Site Scripting via MultiJson Escape Mode Bypass
Sep 23, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-15169
MEDIUM
Action View < 5.2.4.4 - Cross-Site Scripting in Translation Helpers
Sep 11, 2020
CVSS 5.4
EPSS 0.02
CVE-2020-16254
MEDIUM
Chartkick < 3.3.2 - CSS Injection
Aug 05, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-16253
HIGH
pghero < 2.6.0 - Cross-Site Request Forgery
Aug 05, 2020
CVSS 8.1
EPSS 0.00
CVE-2020-16252
MEDIUM
Field Test 0.2.0-0.3.2 - Cross-Site Request Forgery
Aug 05, 2020
CVSS 4.3
EPSS 0.00
CVE-2020-15109
MEDIUM
Solidus <2.8.6, 2.9.6, 2.10.2 - Info Disclosure
Aug 04, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-15134
HIGH
Faye < 1.4.0 - Missing TLS Certificate Validation
Jul 31, 2020
CVSS 8.0
EPSS 0.01
CVE-2020-15133
HIGH
Faye-websocket <0.11.0 - SSL/TLS Info Disclosure
Jul 31, 2020
CVSS 8.0
EPSS 0.01
CVE-2020-14001
CRITICAL
kramdown < 2.3.0 - Unauthenticated Arbitrary File Read and Remote Code Execution via Template Option
Jul 17, 2020
CVSS 9.8
EPSS 0.05
CVE-2020-8203
HIGH
lodash < 4.17.20 - Prototype Pollution via _.zipObjectDeep
Jul 15, 2020
CVSS 7.4
EPSS 0.05
CVE-2020-8185
MEDIUM
Rails 6.0.0-6.0.3.1 - Unauthenticated Denial of Service via Pending Migration Execution
Jul 02, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-8166
MEDIUM
rails < 5.2.5 and < 6.0.4 - Cross-Site Request Forgery via Per-Form Token Forgery
Jul 02, 2020
CVSS 4.3
EPSS 0.02
CVE-2020-8163
HIGH
NUCLEI
Rails < 5.0.1 - Remote Code Execution via Render Locals Argument
Jul 02, 2020
CVSS 8.8
EPSS 0.83
CVE-2020-8161
HIGH
rack < 2.2.0 - Directory Traversal in Rack::Directory
Jul 02, 2020
CVSS 8.6
EPSS 0.04
CVE-2020-8167
MEDIUM
rails <= 6.0.3 - Cross-Site Request Forgery via rails-ujs Module
Jun 19, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-8165
CRITICAL
Rails <5.2.4.3-6.0.3.1 - Deserialization
Jun 19, 2020
CVSS 9.8
EPSS 0.46
CVE-2020-8184
HIGH
rack < 2.1.4 - Cookie Integrity Bypass via Unvalidated Prefix
Jun 19, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-8164
HIGH
Rails <5.2.4.3-6.0.3.1 - Info Disclosure
Jun 19, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-8162
HIGH
Rails <5.2.4.2, <6.0.3.1 - Info Disclosure
Jun 19, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-4054
HIGH
sanitize 3.0.0-5.2.0 - Cross-Site Scripting via Relaxed Config Bypass
Jun 16, 2020
CVSS 7.3
EPSS 0.02
CVE-2020-7671
HIGH
goliath < 1.0.6 - HTTP Request Smuggling via Duplicate Content-Length Header
Jun 10, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-7670
HIGH
agoo < 2.14.0 - HTTP Request Smuggling via Incorrect Content-Length and Transfer Encoding Parsing
Jun 10, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-7663
HIGH
websocket-extensions < 0.1.5 - Denial of Service via Regex Backtracking in Header Parser
Jun 02, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-7659
HIGH
reel < 0.6.1 - HTTP Request Smuggling via Content-Length and Transfer Encoding Header Parsing
Jun 01, 2020
CVSS 7.5
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters