rubygems

965 tracked vulnerabilities.

CVE-2020-11082 MEDIUM
kaminari < 1.2.1 - Cross-Site Scripting via Pagination Links
May 28, 2020
CVSS 6.4
EPSS 0.02
CVE-2020-13482 HIGH
EM-HTTP-Request 1.1.5 - Man-in-the-Middle
May 25, 2020
CVSS 7.4
EPSS 0.01
CVE-2020-11077 MEDIUM
Puma 3.0.0-3.12.5 - HTTP Request Smuggling via Proxy Connection Reuse
May 22, 2020
CVSS 6.8
EPSS 0.03
CVE-2020-11076 HIGH
Puma 3.0.0-3.12.5 and 4.0.0-4.3.3 - HTTP Request Smuggling via Invalid Transfer-Encoding Header
May 22, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-13163 HIGH
em-imap 0.5 - Improper Certificate Validation
May 19, 2020
CVSS 7.4
EPSS 0.01
CVE-2020-7656 MEDIUM
jQuery < 1.9.0 - Cross-Site Scripting via Load Method
May 19, 2020
CVSS 6.1
EPSS 0.06
CVE-2020-8159 CRITICAL
actionpack_page-caching < v1.2.1 - Code Injection
May 12, 2020
CVSS 9.8
EPSS 0.05
CVE-2020-8151 HIGH
Active Resource <v5.1.1 - Info Disclosure
May 12, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-11052 HIGH
Sorcery < 0.15.0 - Brute Force Protection Bypass via Expired Lockout
May 07, 2020
CVSS 8.3
EPSS 0.02
CVE-2020-10187 HIGH
Doorkeeper 5.0.0-5.0.3 - Unauthenticated Information Disclosure via OAuth Authorized Applications Endpoint
May 04, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-11022 MEDIUM
jQuery 1.12.0-3.4.1 - Cross-Site Scripting via DOM Manipulation Methods
Apr 29, 2020
CVSS 6.9
EPSS 0.99
CVE-2020-11023 MEDIUM KEV
jQuery <3.5.0 - XSS
Apr 29, 2020
CVSS 6.9
EPSS 0.84
CVE-2020-11020 HIGH
Faye <1.0.4, <1.1.3, <1.2.5 - Auth Bypass
Apr 29, 2020
CVSS 8.5
EPSS 0.02
CVE-2020-10663 HIGH
JSON gem < 2.2.0 - Unsafe Object Creation via JSON Parsing
Apr 28, 2020
CVSS 7.5
EPSS 0.07
CVE-2020-5267 MEDIUM
ActionView < 5.2.4.2 - Cross-Site Scripting via JavaScript Literal Escape Helpers
Mar 19, 2020
CVSS 4.0
EPSS 0.02
CVE-2020-5257 HIGH
Administrate < 0.13.0 - SQL Injection via Direction Parameter
Mar 13, 2020
CVSS 7.7
EPSS 0.01
CVE-2020-5249 MEDIUM
Puma < 3.12.3 and 3.12.4 - HTTP Response Splitting via Early-Hints Header Injection
Mar 02, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-5247 MEDIUM
Puma < 3.12.3 - HTTP Response Splitting via Header Injection
Feb 28, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-8130 MEDIUM
Ruby Rake < 12.3.3 - Command Injection
Feb 24, 2020
CVSS 6.4
EPSS 0.01
CVE-2020-5243 MEDIUM
uap-core < 0.7.3 - Denial of Service via User-Agent Regex Processing
Feb 21, 2020
CVSS 5.7
EPSS 0.02
CVE-2020-7942 MEDIUM
Puppet <6.13.0, <5.5.19 - Info Disclosure
Feb 19, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-5241 HIGH
matestack-ui-core < 0.7.4 - Cross-Site Scripting
Feb 13, 2020
CVSS 7.7
EPSS 0.01
CVE-2020-7981 CRITICAL
Geocoder < 1.6.1 - SQL Injection via within_bounding_box Coordinates
Jan 25, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-5217 MEDIUM
Secure Headers < 3.8.0, 5.1.0, 6.2.0 - Directive Injection via Semicolon in CSP Directives
Jan 23, 2020
CVSS 4.4
EPSS 0.02
CVE-2020-5216 MEDIUM
Secure Headers < 3.9.0, 5.2.0-6.3.0 - Directive Injection via Newline in Content-Security-Policy
Jan 23, 2020
CVSS 4.4
EPSS 0.01