rubygems

954 tracked vulnerabilities.

CVE-2020-11023 MEDIUM KEV
jQuery <3.5.0 - XSS
Apr 29, 2020
CVSS 6.9
EPSS 0.35
CVE-2020-11020 HIGH
Faye <1.0.4, <1.1.3, <1.2.5 - Auth Bypass
Apr 29, 2020
CVSS 8.5
EPSS 0.00
CVE-2020-10663 HIGH
JSON gem < 2.2.0 - Unsafe Object Creation via JSON Parsing
Apr 28, 2020
CVSS 7.5
EPSS 0.06
CVE-2020-5267 MEDIUM
ActionView < 5.2.4.2 - Cross-Site Scripting via JavaScript Literal Escape Helpers
Mar 19, 2020
CVSS 4.0
EPSS 0.01
CVE-2020-5257 HIGH
Administrate < 0.13.0 - SQL Injection via Direction Parameter
Mar 13, 2020
CVSS 7.7
EPSS 0.00
CVE-2020-5249 MEDIUM
Puma < 3.12.3 and 3.12.4 - HTTP Response Splitting via Early-Hints Header Injection
Mar 02, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-5247 MEDIUM
Puma < 3.12.3 - HTTP Response Splitting via Header Injection
Feb 28, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-8130 MEDIUM
Ruby Rake < 12.3.3 - Command Injection
Feb 24, 2020
CVSS 6.4
EPSS 0.01
CVE-2020-5243 MEDIUM
uap-core < 0.7.3 - Denial of Service via User-Agent Regex Processing
Feb 21, 2020
CVSS 5.7
EPSS 0.01
CVE-2020-7942 MEDIUM
Puppet <6.13.0, <5.5.19 - Info Disclosure
Feb 19, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-5241 HIGH
matestack-ui-core < 0.7.4 - Cross-Site Scripting
Feb 13, 2020
CVSS 7.7
EPSS 0.00
CVE-2020-7981 CRITICAL
Geocoder < 1.6.1 - SQL Injection via within_bounding_box Coordinates
Jan 25, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-5217 MEDIUM
Secure Headers < 3.8.0, 5.1.0, 6.2.0 - Directive Injection via Semicolon in CSP Directives
Jan 23, 2020
CVSS 4.4
EPSS 0.01
CVE-2020-5216 MEDIUM
Secure Headers < 3.9.0, 5.2.0-6.3.0 - Directive Injection via Newline in Content-Security-Policy
Jan 23, 2020
CVSS 4.4
EPSS 0.00
CVE-2020-7595 HIGH
libxml2 2.9.10 - Denial of Service via Infinite Loop in xmlStringLenDecodeEntities
Jan 21, 2020
CVSS 7.5
EPSS 0.00
CVE-2019-25088 LOW
Oxidized Web < 2019-07-01 - Cross-Site Scripting via to_research Parameter
Dec 27, 2022
CVSS 3.5
EPSS 0.00
CVE-2019-25061 HIGH
RandomPasswordGenerator <1.0.0 - Info Disclosure
May 18, 2022
CVSS 7.5
EPSS 0.00
CVE-2019-25025 MEDIUM
Active Record Session Store <1.1.3 - Info Disclosure
Mar 05, 2021
CVSS 5.3
EPSS 0.00
CVE-2019-3881 HIGH
Bundler < 2.1.0 - Unauthenticated Arbitrary Code Execution via Predictable /tmp/ Path
Sep 04, 2020
CVSS 7.8
EPSS 0.00
CVE-2019-17268 CRITICAL
omniauth-weibo-oauth2 0.4.6 - Remote Code Execution via Malicious Gem
Feb 07, 2020
CVSS 9.8
EPSS 0.01
CVE-2019-10780 CRITICAL
bibtex-ruby < 5.1.0 - OS Command Injection via BibTeX.open
Jan 22, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-19919 CRITICAL
handlebars.js - Prototype Pollution leading to Remote Code Execution
Dec 20, 2019
CVSS 9.8
EPSS 0.25
CVE-2019-16782 MEDIUM
Rack <1.6.12, 2.0.8 - Info Disclosure
Dec 18, 2019
CVSS 6.3
EPSS 0.01
CVE-2019-16779 MEDIUM
RubyGem excon <0.71.0 - Info Disclosure
Dec 16, 2019
CVSS 5.8
EPSS 0.01
CVE-2019-5815 HIGH
libxslt < 1.1.33 - Type Confusion in xsltNumberFormatGetMultipleLevel
Dec 11, 2019
CVSS 7.5
EPSS 0.00
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV