rubygems
965 tracked vulnerabilities.
CVE-2019-16377
CRITICAL
Makandra Consul Gem <1.0.2 - Info Disclosure
Sep 23, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-16145
MEDIUM
padrinorb/padrino-contrib < 0.2.0 - Cross-Site Scripting via Breadcrumb Caption
Sep 09, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-16109
MEDIUM
Plataformatec Devise <4.7.1 - Info Disclosure
Sep 08, 2019
CVSS 5.3
EPSS 0.02
CVE-2019-16060
CRITICAL
Airbrake Ruby Notifier <4.2.4 - Info Disclosure
Sep 06, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-15224
CRITICAL
rest-client 1.6.10-1.6.13 - Remote Code Execution via Malicious Gem
Aug 19, 2019
CVSS 9.8
EPSS 0.04
CVE-2019-5477
CRITICAL
Nokogiri < 1.10.4 - OS Command Injection via Nokogiri::CSS::Tokenizer#load_file
Aug 16, 2019
CVSS 9.8
EPSS 0.06
CVE-2019-7615
HIGH
Elastic APM agent for Ruby <2.9.0 - Info Disclosure
Jul 30, 2019
CVSS 7.4
EPSS 0.01
CVE-2019-1020001
HIGH
yard < 0.9.20 - Path Traversal
Jul 29, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-14282
CRITICAL
simple_captcha2 gem 0.2.3 - Code Injection
Jul 26, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-14281
CRITICAL
datagrid gem 1.0.6 - Code Injection
Jul 26, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-10744
CRITICAL
lodash < 4.17.12 - Prototype Pollution via defaultsDeep Function
Jul 26, 2019
CVSS 9.1
EPSS 0.05
CVE-2019-1010191
CRITICAL
marginalia < 1.6.0 - SQL Injection via User Controller Argument
Jul 24, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-1010266
MEDIUM
lodash < 4.17.11 - Denial of Service via Date Handler Regular Expression
Jul 17, 2019
CVSS 6.5
EPSS 0.03
CVE-2019-1010306
CRITICAL
Slanger < 0.6.1 - Unauthenticated Remote Code Execution via Deserialization
Jul 15, 2019
CVSS 9.8
EPSS 0.04
CVE-2019-13589
CRITICAL
paranoid2 gem <1.1.6 - Code Injection
Jul 14, 2019
CVSS 9.8
EPSS 0.04
CVE-2019-13574
HIGH
MiniMagick < 4.9.4 - Remote Code Execution via Image.open Kernel#open Command Injection
Jul 12, 2019
CVSS 7.8
EPSS 0.08
CVE-2019-13146
MEDIUM
field_test 0.3.0 - Improper Input Validation
Jul 09, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-13354
CRITICAL
strong_password 0.0.7 - Remote Code Execution via Malicious Gem
Jul 08, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-13118
MEDIUM
libxslt 1.1.33 - Type Confusion in Number Formatting
Jul 01, 2019
CVSS 5.3
EPSS 0.05
CVE-2019-13117
MEDIUM
libxslt 1.1.33 - Information Disclosure via Uninitialized Read in xsltNumberFormatInsertNumbers
Jul 01, 2019
CVSS 5.3
EPSS 0.06
CVE-2019-8323
HIGH
RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via API Response Output
Jun 17, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-8322
HIGH
RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via gem owner Command
Jun 17, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-8321
HIGH
RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via Gem::UserInteraction#verbose
Jun 17, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-8325
HIGH
RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via Error Message Handling
Jun 17, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-8324
HIGH
RubyGems 2.6.0-3.0.2 - Remote Code Execution via Multi-Line Gem Name Injection
Jun 17, 2019
CVSS 8.8
EPSS 0.03
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters