rubygems

965 tracked vulnerabilities.

CVE-2019-16377 CRITICAL
Makandra Consul Gem <1.0.2 - Info Disclosure
Sep 23, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-16145 MEDIUM
padrinorb/padrino-contrib < 0.2.0 - Cross-Site Scripting via Breadcrumb Caption
Sep 09, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-16109 MEDIUM
Plataformatec Devise <4.7.1 - Info Disclosure
Sep 08, 2019
CVSS 5.3
EPSS 0.02
CVE-2019-16060 CRITICAL
Airbrake Ruby Notifier <4.2.4 - Info Disclosure
Sep 06, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-15224 CRITICAL
rest-client 1.6.10-1.6.13 - Remote Code Execution via Malicious Gem
Aug 19, 2019
CVSS 9.8
EPSS 0.04
CVE-2019-5477 CRITICAL
Nokogiri < 1.10.4 - OS Command Injection via Nokogiri::CSS::Tokenizer#load_file
Aug 16, 2019
CVSS 9.8
EPSS 0.06
CVE-2019-7615 HIGH
Elastic APM agent for Ruby <2.9.0 - Info Disclosure
Jul 30, 2019
CVSS 7.4
EPSS 0.01
CVE-2019-1020001 HIGH
yard < 0.9.20 - Path Traversal
Jul 29, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-14282 CRITICAL
simple_captcha2 gem 0.2.3 - Code Injection
Jul 26, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-14281 CRITICAL
datagrid gem 1.0.6 - Code Injection
Jul 26, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-10744 CRITICAL
lodash < 4.17.12 - Prototype Pollution via defaultsDeep Function
Jul 26, 2019
CVSS 9.1
EPSS 0.05
CVE-2019-1010191 CRITICAL
marginalia < 1.6.0 - SQL Injection via User Controller Argument
Jul 24, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-1010266 MEDIUM
lodash < 4.17.11 - Denial of Service via Date Handler Regular Expression
Jul 17, 2019
CVSS 6.5
EPSS 0.03
CVE-2019-1010306 CRITICAL
Slanger < 0.6.1 - Unauthenticated Remote Code Execution via Deserialization
Jul 15, 2019
CVSS 9.8
EPSS 0.04
CVE-2019-13589 CRITICAL
paranoid2 gem <1.1.6 - Code Injection
Jul 14, 2019
CVSS 9.8
EPSS 0.04
CVE-2019-13574 HIGH
MiniMagick < 4.9.4 - Remote Code Execution via Image.open Kernel#open Command Injection
Jul 12, 2019
CVSS 7.8
EPSS 0.08
CVE-2019-13146 MEDIUM
field_test 0.3.0 - Improper Input Validation
Jul 09, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-13354 CRITICAL
strong_password 0.0.7 - Remote Code Execution via Malicious Gem
Jul 08, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-13118 MEDIUM
libxslt 1.1.33 - Type Confusion in Number Formatting
Jul 01, 2019
CVSS 5.3
EPSS 0.05
CVE-2019-13117 MEDIUM
libxslt 1.1.33 - Information Disclosure via Uninitialized Read in xsltNumberFormatInsertNumbers
Jul 01, 2019
CVSS 5.3
EPSS 0.06
CVE-2019-8323 HIGH
RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via API Response Output
Jun 17, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-8322 HIGH
RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via gem owner Command
Jun 17, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-8321 HIGH
RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via Gem::UserInteraction#verbose
Jun 17, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-8325 HIGH
RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via Error Message Handling
Jun 17, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-8324 HIGH
RubyGems 2.6.0-3.0.2 - Remote Code Execution via Multi-Line Gem Name Injection
Jun 17, 2019
CVSS 8.8
EPSS 0.03