rubygems

965 tracked vulnerabilities.

CVE-2020-7595 HIGH
libxml2 2.9.10 - Denial of Service via Infinite Loop in xmlStringLenDecodeEntities
Jan 21, 2020
CVSS 7.5
EPSS 0.08
CVE-2019-25088 LOW
Oxidized Web < 2019-07-01 - Cross-Site Scripting via to_research Parameter
Dec 27, 2022
CVSS 3.5
EPSS 0.01
CVE-2019-25061 HIGH
RandomPasswordGenerator <1.0.0 - Info Disclosure
May 18, 2022
CVSS 7.5
EPSS 0.02
CVE-2019-25025 MEDIUM
Active Record Session Store <1.1.3 - Info Disclosure
Mar 05, 2021
CVSS 5.3
EPSS 0.02
CVE-2019-3881 HIGH
Bundler < 2.1.0 - Unauthenticated Arbitrary Code Execution via Predictable /tmp/ Path
Sep 04, 2020
CVSS 7.8
EPSS 0.01
CVE-2019-17268 CRITICAL
omniauth-weibo-oauth2 0.4.6 - Remote Code Execution via Malicious Gem
Feb 07, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-10780 CRITICAL
bibtex-ruby < 5.1.0 - OS Command Injection via BibTeX.open
Jan 22, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-19919 CRITICAL
handlebars.js - Prototype Pollution leading to Remote Code Execution
Dec 20, 2019
CVSS 9.8
EPSS 0.07
CVE-2019-16782 MEDIUM
Rack <1.6.12, 2.0.8 - Info Disclosure
Dec 18, 2019
CVSS 6.3
EPSS 0.04
CVE-2019-16779 MEDIUM
RubyGem excon <0.71.0 - Info Disclosure
Dec 16, 2019
CVSS 5.8
EPSS 0.01
CVE-2019-5815 HIGH
libxslt < 1.1.33 - Type Confusion in xsltNumberFormatGetMultipleLevel
Dec 11, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-16770 MEDIUM
Puma 3.0.0-3.12.1 - Denial of Service via Keepalive Connection Monopolization
Dec 05, 2019
CVSS 5.3
EPSS 0.02
CVE-2019-14825 LOW
Katello 3.0.0.0-3.12.0.8 - Cleartext Storage of Sensitive Registry Credentials
Nov 25, 2019
CVSS 2.7
EPSS 0.01
CVE-2019-18978 MEDIUM
Rack CORS Middleware <1.0.4 - Path Traversal
Nov 14, 2019
CVSS 5.3
EPSS 0.02
CVE-2019-18848 HIGH
json-jwt < 1.11.0 - Improper Authentication via JWE String Parsing
Nov 12, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-18841 HIGH
Chartkick.js <3.1.4 - Info Disclosure
Nov 11, 2019
CVSS 7.3
EPSS 0.01
CVE-2019-12410 HIGH
Apache Arrow <0.14.1 - Memory Corruption
Nov 08, 2019
CVSS 7.5
EPSS 0.05
CVE-2019-12408 HIGH
Apache Arrow <0.14.1 - Memory Corruption
Nov 08, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-18409 HIGH
ruby_parser-legacy 1.0.0 - Local Privilege Escalation via World-Writable Files
Oct 24, 2019
CVSS 7.8
EPSS 0.00
CVE-2019-15587 MEDIUM
Loofah < 2.3.0 - Cross-Site Scripting via SVG Element
Oct 22, 2019
CVSS 5.4
EPSS 0.02
CVE-2019-18197 HIGH
libxslt 1.1.33 - Use-After-Free in xsltCopyText
Oct 18, 2019
CVSS 7.5
EPSS 0.04
CVE-2019-17383 CRITICAL
netaddr < 1.5.3 and 2.0.0-2.0.3 - Incorrect Default Permissions
Oct 09, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-16676 CRITICAL
Plataformatec Simple Form - Code Injection
Sep 30, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-16892 MEDIUM
Rubyzip < 1.3.0 - Denial of Service via Spoofed ZIP Entry Size
Sep 25, 2019
CVSS 5.5
EPSS 0.02
CVE-2019-16751 MEDIUM
Devise Token Auth 0.1.33-1.1.2 - Unauthenticated Reflected Cross-Site Scripting via Omniauth Failure Message Parameter
Sep 24, 2019
CVSS 6.1
EPSS 0.01