rubygems
954 tracked vulnerabilities.
CVE-2019-9837
MEDIUM
Doorkeeper::OpenidConnect <1.5.4 - Open Redirect
Mar 21, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-8331
MEDIUM
Bootstrap < 3.4.1 and 4.3.x < 4.3.1 - Cross-Site Scripting via Tooltip or Popover Data-Template Attribute
Feb 20, 2019
CVSS 6.1
EPSS 0.02
CVE-2018-25032
HIGH
zlib <1.2.12 - Memory Corruption
Mar 25, 2022
CVSS 7.5
EPSS 0.00
CVE-2018-20975
MEDIUM
Fat Free CRM < 0.18.1 - Cross-Site Scripting in Tags Helper
Aug 20, 2019
CVSS 6.1
EPSS 0.00
CVE-2018-20857
HIGH
Zendesk Samlr < 2.6.2 - XML External Entity Injection via Comment Node
Jul 26, 2019
CVSS 7.5
EPSS 0.00
CVE-2018-6517
HIGH
chloride < 0.3.0 - Improper Certificate Validation via net-ssh Host Fingerprint Handling
Mar 21, 2019
CVSS 7.5
EPSS 0.00
CVE-2018-16487
MEDIUM
lodash < 4.17.11 - Prototype Pollution via merge, mergeWith, and defaultsDeep Functions
Feb 01, 2019
CVSS 5.6
EPSS 0.01
CVE-2018-16887
MEDIUM
Red Hat Satellite and Katello < 3.9.0 - Authenticated Stored Cross-Site Scripting via Organization and Location Names
Jan 13, 2019
CVSS 5.4
EPSS 0.00
CVE-2018-20677
MEDIUM
Bootstrap < 3.4.0 - Cross-Site Scripting via Affix Configuration Target Property
Jan 09, 2019
CVSS 6.1
EPSS 0.10
CVE-2018-20676
MEDIUM
Bootstrap < 3.4.0 - Cross-Site Scripting via Tooltip data-viewport Attribute
Jan 09, 2019
CVSS 6.1
EPSS 0.06
CVE-2018-1000855
MEDIUM
easymon < 1.4.1 - Reflected Cross-Site Scripting in Monitoring Endpoint
Dec 20, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-1000842
MEDIUM
FatFreeCRM <=0.14.1, 0.15.0-0.15.1, 0.16.0-0.16.3, 0.17.0-0.17.2, 0.18.0 - Stored Cross-Site Scripting
Dec 20, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-14623
MEDIUM
Katello - Authenticated SQL Injection via Errata API
Dec 14, 2018
CVSS 4.3
EPSS 0.00
CVE-2018-16477
MEDIUM
Rails < 5.2.1.1 - Information Disclosure
Nov 30, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-16476
HIGH
Rails < 4.2.11 - Improper Access Control
Nov 30, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-16395
CRITICAL
OpenSSL <2.3.8-2.6.0-preview3 - Info Disclosure
Nov 16, 2018
CVSS 9.8
EPSS 0.04
CVE-2018-16471
MEDIUM
Rack < 1.6.11 and 2.0.0-2.0.6 - Cross-Site Scripting via Scheme Method
Nov 13, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-16470
HIGH
Rack < 2.0.6 - Denial of Service via Multipart Parser
Nov 13, 2018
CVSS 7.5
EPSS 0.00
CVE-2018-16468
MEDIUM
Loofah < 2.2.2 - Cross-Site Scripting via SVG Element
Oct 30, 2018
CVSS 5.4
EPSS 0.00
CVE-2018-18476
CRITICAL
mysql-binuuid-rails < 1.1.0 - SQL Injection via Default String Escaping Removal
Oct 24, 2018
CVSS 9.8
EPSS 0.00
CVE-2018-18307
MEDIUM
AlchemyCMS 4.1.0 - Stored Cross-Site Scripting via Admin Pictures Image Field
Oct 16, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-18385
HIGH
Asciidoctor < 1.5.8 - Denial of Service via List Parsing Infinite Loop
Oct 16, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-18260
MEDIUM
Camaleon CMS 2.4 - Stored Cross-Site Scripting via Profile Image Upload
Oct 15, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-17567
HIGH
Jekyll <3.6.2, <3.7.4, <3.8.4 - Info Disclosure
Sep 28, 2018
CVSS 7.5
EPSS 0.00
CVE-2018-14643
CRITICAL
Foreman smart_proxy_dynflow 0.2.0 - Unauthenticated Remote Code Execution via Authentication Bypass
Sep 21, 2018
CVSS 9.8
EPSS 0.09
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
ruby-saml 10
jquery-rails 9
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
katello 7
lodash-rails 7
net-imap 7
spree 7
avo 6
Quick Filters