rubygems
954 tracked vulnerabilities.
CVE-2019-16770
MEDIUM
Puma 3.0.0-3.12.1 - Denial of Service via Keepalive Connection Monopolization
Dec 05, 2019
CVSS 5.3
EPSS 0.02
CVE-2019-14825
LOW
Katello 3.0.0.0-3.12.0.8 - Cleartext Storage of Sensitive Registry Credentials
Nov 25, 2019
CVSS 2.7
EPSS 0.00
CVE-2019-18978
MEDIUM
Rack CORS Middleware <1.0.4 - Path Traversal
Nov 14, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-18848
HIGH
json-jwt < 1.11.0 - Improper Authentication via JWE String Parsing
Nov 12, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-18841
HIGH
Chartkick.js <3.1.4 - Info Disclosure
Nov 11, 2019
CVSS 7.3
EPSS 0.01
CVE-2019-12410
HIGH
Apache Arrow <0.14.1 - Memory Corruption
Nov 08, 2019
CVSS 7.5
EPSS 0.05
CVE-2019-12408
HIGH
Apache Arrow <0.14.1 - Memory Corruption
Nov 08, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-18409
HIGH
ruby_parser-legacy 1.0.0 - Local Privilege Escalation via World-Writable Files
Oct 24, 2019
CVSS 7.8
EPSS 0.00
CVE-2019-15587
MEDIUM
Loofah < 2.3.0 - Cross-Site Scripting via SVG Element
Oct 22, 2019
CVSS 5.4
EPSS 0.02
CVE-2019-18197
HIGH
libxslt 1.1.33 - Use-After-Free in xsltCopyText
Oct 18, 2019
CVSS 7.5
EPSS 0.05
CVE-2019-17383
CRITICAL
netaddr < 1.5.3 and 2.0.0-2.0.3 - Incorrect Default Permissions
Oct 09, 2019
CVSS 9.8
EPSS 0.00
CVE-2019-16676
CRITICAL
Plataformatec Simple Form - Code Injection
Sep 30, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-16892
MEDIUM
Rubyzip < 1.3.0 - Denial of Service via Spoofed ZIP Entry Size
Sep 25, 2019
CVSS 5.5
EPSS 0.00
CVE-2019-16751
MEDIUM
Devise Token Auth 0.1.33-1.1.2 - Unauthenticated Reflected Cross-Site Scripting via Omniauth Failure Message Parameter
Sep 24, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-16377
CRITICAL
Makandra Consul Gem <1.0.2 - Info Disclosure
Sep 23, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-16145
MEDIUM
padrinorb/padrino-contrib < 0.2.0 - Cross-Site Scripting via Breadcrumb Caption
Sep 09, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-16109
MEDIUM
Plataformatec Devise <4.7.1 - Info Disclosure
Sep 08, 2019
CVSS 5.3
EPSS 0.00
CVE-2019-16060
CRITICAL
Airbrake Ruby Notifier <4.2.4 - Info Disclosure
Sep 06, 2019
CVSS 9.8
EPSS 0.00
CVE-2019-15224
CRITICAL
rest-client 1.6.10-1.6.13 - Remote Code Execution via Malicious Gem
Aug 19, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-5477
CRITICAL
Nokogiri < 1.10.4 - OS Command Injection via Nokogiri::CSS::Tokenizer#load_file
Aug 16, 2019
CVSS 9.8
EPSS 0.08
CVE-2019-7615
HIGH
Elastic APM agent for Ruby <2.9.0 - Info Disclosure
Jul 30, 2019
CVSS 7.4
EPSS 0.00
CVE-2019-1020001
HIGH
yard < 0.9.20 - Path Traversal
Jul 29, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-14282
CRITICAL
simple_captcha2 gem 0.2.3 - Code Injection
Jul 26, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-14281
CRITICAL
datagrid gem 1.0.6 - Code Injection
Jul 26, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-10744
CRITICAL
lodash < 4.17.12 - Prototype Pollution via defaultsDeep Function
Jul 26, 2019
CVSS 9.1
EPSS 0.15
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
ruby-saml 10
jquery-rails 9
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
katello 7
lodash-rails 7
net-imap 7
spree 7
avo 6
Quick Filters