Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / rubygems

rubygems

954 tracked vulnerabilities.

CVE-2019-1010191 CRITICAL

marginalia < 1.6.0 - SQL Injection via User Controller Argument

CVE-2019-1010266 MEDIUM

lodash < 4.17.11 - Denial of Service via Date Handler Regular Expression

CVE-2019-1010306 CRITICAL

Slanger < 0.6.1 - Unauthenticated Remote Code Execution via Deserialization

CVE-2019-13589 CRITICAL

paranoid2 gem <1.1.6 - Code Injection

CVE-2019-13574 HIGH

MiniMagick < 4.9.4 - Remote Code Execution via Image.open Kernel#open Command Injection

CVE-2019-13146 MEDIUM

field_test 0.3.0 - Improper Input Validation

CVE-2019-13354 CRITICAL

strong_password 0.0.7 - Remote Code Execution via Malicious Gem

CVE-2019-13118 MEDIUM

libxslt 1.1.33 - Type Confusion in Number Formatting

CVE-2019-13117 MEDIUM

libxslt 1.1.33 - Information Disclosure via Uninitialized Read in xsltNumberFormatInsertNumbers

CVE-2019-8323 HIGH

RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via API Response Output

CVE-2019-8322 HIGH

RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via gem owner Command

CVE-2019-8321 HIGH

RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via Gem::UserInteraction#verbose

CVE-2019-8325 HIGH

RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via Error Message Handling

CVE-2019-8324 HIGH

RubyGems 2.6.0-3.0.2 - Remote Code Execution via Multi-Line Gem Name Injection

CVE-2019-10226 MEDIUM

Fat Free CRM v0.19.0 - HTML Injection

CVE-2019-11027 CRITICAL

ruby-openid < 2.8.0 - Remote Code Execution

CVE-2019-8320 HIGH

RubyGems 2.7.6-3.0.2 - Path Traversal via Symlink Deletion

CVE-2019-12732 MEDIUM

Chartkick < 3.1.0 - Cross-Site Scripting

CVE-2019-11358 MEDIUM

jQuery < 3.4.0 - Prototype Pollution via jQuery.extend

CVE-2019-11068 CRITICAL

libxslt <= 1.1.33 - Protection Mechanism Bypass via Crafted URL

CVE-2019-10842 CRITICAL

bootstrap-sass 3.2.0.3 - Unauthenticated Remote Code Execution via ___cfduid Cookie

CVE-2019-5421 CRITICAL

Plataformatec Devise <4.5.0 - Info Disclosure

CVE-2019-5420 CRITICAL

Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability

CVE-2019-5419 HIGH

Action View (Rails) <5.2.2.1-5.0.7.2 - DoS

CVE-2019-5418 HIGH KEVNUCLEI

Ruby On Rails File Content Disclosure (

Previous Page 22 of 39 Next

Products

actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy