rubygems
965 tracked vulnerabilities.
CVE-2020-11082
MEDIUM
kaminari < 1.2.1 - Cross-Site Scripting via Pagination Links
May 28, 2020
CVSS 6.4
EPSS 0.02
CVE-2020-13482
HIGH
EM-HTTP-Request 1.1.5 - Man-in-the-Middle
May 25, 2020
CVSS 7.4
EPSS 0.01
CVE-2020-11077
MEDIUM
Puma 3.0.0-3.12.5 - HTTP Request Smuggling via Proxy Connection Reuse
May 22, 2020
CVSS 6.8
EPSS 0.03
CVE-2020-11076
HIGH
Puma 3.0.0-3.12.5 and 4.0.0-4.3.3 - HTTP Request Smuggling via Invalid Transfer-Encoding Header
May 22, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-13163
HIGH
em-imap 0.5 - Improper Certificate Validation
May 19, 2020
CVSS 7.4
EPSS 0.01
CVE-2020-7656
MEDIUM
jQuery < 1.9.0 - Cross-Site Scripting via Load Method
May 19, 2020
CVSS 6.1
EPSS 0.06
CVE-2020-8159
CRITICAL
actionpack_page-caching < v1.2.1 - Code Injection
May 12, 2020
CVSS 9.8
EPSS 0.05
CVE-2020-8151
HIGH
Active Resource <v5.1.1 - Info Disclosure
May 12, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-11052
HIGH
Sorcery < 0.15.0 - Brute Force Protection Bypass via Expired Lockout
May 07, 2020
CVSS 8.3
EPSS 0.02
CVE-2020-10187
HIGH
Doorkeeper 5.0.0-5.0.3 - Unauthenticated Information Disclosure via OAuth Authorized Applications Endpoint
May 04, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-11022
MEDIUM
jQuery 1.12.0-3.4.1 - Cross-Site Scripting via DOM Manipulation Methods
Apr 29, 2020
CVSS 6.9
EPSS 0.99
CVE-2020-11023
MEDIUM
KEV
jQuery <3.5.0 - XSS
Apr 29, 2020
CVSS 6.9
EPSS 0.84
CVE-2020-11020
HIGH
Faye <1.0.4, <1.1.3, <1.2.5 - Auth Bypass
Apr 29, 2020
CVSS 8.5
EPSS 0.02
CVE-2020-10663
HIGH
JSON gem < 2.2.0 - Unsafe Object Creation via JSON Parsing
Apr 28, 2020
CVSS 7.5
EPSS 0.07
CVE-2020-5267
MEDIUM
ActionView < 5.2.4.2 - Cross-Site Scripting via JavaScript Literal Escape Helpers
Mar 19, 2020
CVSS 4.0
EPSS 0.02
CVE-2020-5257
HIGH
Administrate < 0.13.0 - SQL Injection via Direction Parameter
Mar 13, 2020
CVSS 7.7
EPSS 0.01
CVE-2020-5249
MEDIUM
Puma < 3.12.3 and 3.12.4 - HTTP Response Splitting via Early-Hints Header Injection
Mar 02, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-5247
MEDIUM
Puma < 3.12.3 - HTTP Response Splitting via Header Injection
Feb 28, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-8130
MEDIUM
Ruby Rake < 12.3.3 - Command Injection
Feb 24, 2020
CVSS 6.4
EPSS 0.01
CVE-2020-5243
MEDIUM
uap-core < 0.7.3 - Denial of Service via User-Agent Regex Processing
Feb 21, 2020
CVSS 5.7
EPSS 0.02
CVE-2020-7942
MEDIUM
Puppet <6.13.0, <5.5.19 - Info Disclosure
Feb 19, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-5241
HIGH
matestack-ui-core < 0.7.4 - Cross-Site Scripting
Feb 13, 2020
CVSS 7.7
EPSS 0.01
CVE-2020-7981
CRITICAL
Geocoder < 1.6.1 - SQL Injection via within_bounding_box Coordinates
Jan 25, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-5217
MEDIUM
Secure Headers < 3.8.0, 5.1.0, 6.2.0 - Directive Injection via Semicolon in CSP Directives
Jan 23, 2020
CVSS 4.4
EPSS 0.02
CVE-2020-5216
MEDIUM
Secure Headers < 3.9.0, 5.2.0-6.3.0 - Directive Injection via Newline in Content-Security-Policy
Jan 23, 2020
CVSS 4.4
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters