rubygems
965 tracked vulnerabilities.
CVE-2020-7595
HIGH
libxml2 2.9.10 - Denial of Service via Infinite Loop in xmlStringLenDecodeEntities
Jan 21, 2020
CVSS 7.5
EPSS 0.08
CVE-2019-25088
LOW
Oxidized Web < 2019-07-01 - Cross-Site Scripting via to_research Parameter
Dec 27, 2022
CVSS 3.5
EPSS 0.01
CVE-2019-25061
HIGH
RandomPasswordGenerator <1.0.0 - Info Disclosure
May 18, 2022
CVSS 7.5
EPSS 0.02
CVE-2019-25025
MEDIUM
Active Record Session Store <1.1.3 - Info Disclosure
Mar 05, 2021
CVSS 5.3
EPSS 0.02
CVE-2019-3881
HIGH
Bundler < 2.1.0 - Unauthenticated Arbitrary Code Execution via Predictable /tmp/ Path
Sep 04, 2020
CVSS 7.8
EPSS 0.01
CVE-2019-17268
CRITICAL
omniauth-weibo-oauth2 0.4.6 - Remote Code Execution via Malicious Gem
Feb 07, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-10780
CRITICAL
bibtex-ruby < 5.1.0 - OS Command Injection via BibTeX.open
Jan 22, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-19919
CRITICAL
handlebars.js - Prototype Pollution leading to Remote Code Execution
Dec 20, 2019
CVSS 9.8
EPSS 0.07
CVE-2019-16782
MEDIUM
Rack <1.6.12, 2.0.8 - Info Disclosure
Dec 18, 2019
CVSS 6.3
EPSS 0.04
CVE-2019-16779
MEDIUM
RubyGem excon <0.71.0 - Info Disclosure
Dec 16, 2019
CVSS 5.8
EPSS 0.01
CVE-2019-5815
HIGH
libxslt < 1.1.33 - Type Confusion in xsltNumberFormatGetMultipleLevel
Dec 11, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-16770
MEDIUM
Puma 3.0.0-3.12.1 - Denial of Service via Keepalive Connection Monopolization
Dec 05, 2019
CVSS 5.3
EPSS 0.02
CVE-2019-14825
LOW
Katello 3.0.0.0-3.12.0.8 - Cleartext Storage of Sensitive Registry Credentials
Nov 25, 2019
CVSS 2.7
EPSS 0.01
CVE-2019-18978
MEDIUM
Rack CORS Middleware <1.0.4 - Path Traversal
Nov 14, 2019
CVSS 5.3
EPSS 0.02
CVE-2019-18848
HIGH
json-jwt < 1.11.0 - Improper Authentication via JWE String Parsing
Nov 12, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-18841
HIGH
Chartkick.js <3.1.4 - Info Disclosure
Nov 11, 2019
CVSS 7.3
EPSS 0.01
CVE-2019-12410
HIGH
Apache Arrow <0.14.1 - Memory Corruption
Nov 08, 2019
CVSS 7.5
EPSS 0.05
CVE-2019-12408
HIGH
Apache Arrow <0.14.1 - Memory Corruption
Nov 08, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-18409
HIGH
ruby_parser-legacy 1.0.0 - Local Privilege Escalation via World-Writable Files
Oct 24, 2019
CVSS 7.8
EPSS 0.00
CVE-2019-15587
MEDIUM
Loofah < 2.3.0 - Cross-Site Scripting via SVG Element
Oct 22, 2019
CVSS 5.4
EPSS 0.02
CVE-2019-18197
HIGH
libxslt 1.1.33 - Use-After-Free in xsltCopyText
Oct 18, 2019
CVSS 7.5
EPSS 0.04
CVE-2019-17383
CRITICAL
netaddr < 1.5.3 and 2.0.0-2.0.3 - Incorrect Default Permissions
Oct 09, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-16676
CRITICAL
Plataformatec Simple Form - Code Injection
Sep 30, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-16892
MEDIUM
Rubyzip < 1.3.0 - Denial of Service via Spoofed ZIP Entry Size
Sep 25, 2019
CVSS 5.5
EPSS 0.02
CVE-2019-16751
MEDIUM
Devise Token Auth 0.1.33-1.1.2 - Unauthenticated Reflected Cross-Site Scripting via Omniauth Failure Message Parameter
Sep 24, 2019
CVSS 6.1
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters