rubygems

965 tracked vulnerabilities.

CVE-2019-10226 MEDIUM
Fat Free CRM v0.19.0 - HTML Injection
Jun 10, 2019
CVSS 5.4
EPSS 0.05
CVE-2019-11027 CRITICAL
ruby-openid < 2.8.0 - Remote Code Execution
Jun 10, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-8320 HIGH
RubyGems 2.7.6-3.0.2 - Path Traversal via Symlink Deletion
Jun 06, 2019
CVSS 7.4
EPSS 0.04
CVE-2019-12732 MEDIUM
Chartkick < 3.1.0 - Cross-Site Scripting
Jun 06, 2019
CVSS 4.7
EPSS 0.01
CVE-2019-11358 MEDIUM
jQuery < 3.4.0 - Prototype Pollution via jQuery.extend
Apr 20, 2019
CVSS 6.1
EPSS 0.87
CVE-2019-11068 CRITICAL
libxslt <= 1.1.33 - Protection Mechanism Bypass via Crafted URL
Apr 10, 2019
CVSS 9.8
EPSS 0.05
CVE-2019-10842 CRITICAL
bootstrap-sass 3.2.0.3 - Unauthenticated Remote Code Execution via ___cfduid Cookie
Apr 04, 2019
CVSS 9.8
EPSS 0.05
CVE-2019-5421 CRITICAL
Plataformatec Devise <4.5.0 - Info Disclosure
Apr 03, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-5420 CRITICAL
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
Mar 27, 2019
CVSS 9.8
EPSS 0.92
CVE-2019-5419 HIGH
Action View (Rails) <5.2.2.1-5.0.7.2 - DoS
Mar 27, 2019
CVSS 7.5
EPSS 0.09
CVE-2019-5418 HIGH KEVNUCLEI
Ruby On Rails File Content Disclosure (
Mar 27, 2019
CVSS 7.5
EPSS 0.99
CVE-2019-9837 MEDIUM
Doorkeeper::OpenidConnect <1.5.4 - Open Redirect
Mar 21, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-8331 MEDIUM
Bootstrap < 3.4.1 and 4.3.x < 4.3.1 - Cross-Site Scripting via Tooltip or Popover Data-Template Attribute
Feb 20, 2019
CVSS 6.1
EPSS 0.17
CVE-2018-25032 HIGH
zlib <1.2.12 - Memory Corruption
Mar 25, 2022
CVSS 7.5
EPSS 0.52
CVE-2018-20975 MEDIUM
Fat Free CRM < 0.18.1 - Cross-Site Scripting in Tags Helper
Aug 20, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-20857 HIGH
Zendesk Samlr < 2.6.2 - XML External Entity Injection via Comment Node
Jul 26, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-6517 HIGH
chloride < 0.3.0 - Improper Certificate Validation via net-ssh Host Fingerprint Handling
Mar 21, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-16487 MEDIUM
lodash < 4.17.11 - Prototype Pollution via merge, mergeWith, and defaultsDeep Functions
Feb 01, 2019
CVSS 5.6
EPSS 0.02
CVE-2018-16887 MEDIUM
Red Hat Satellite and Katello < 3.9.0 - Authenticated Stored Cross-Site Scripting via Organization and Location Names
Jan 13, 2019
CVSS 5.4
EPSS 0.01
CVE-2018-20677 MEDIUM
Bootstrap < 3.4.0 - Cross-Site Scripting via Affix Configuration Target Property
Jan 09, 2019
CVSS 6.1
EPSS 0.04
CVE-2018-20676 MEDIUM
Bootstrap < 3.4.0 - Cross-Site Scripting via Tooltip data-viewport Attribute
Jan 09, 2019
CVSS 6.1
EPSS 0.04
CVE-2018-1000855 MEDIUM
easymon < 1.4.1 - Reflected Cross-Site Scripting in Monitoring Endpoint
Dec 20, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-1000842 MEDIUM
FatFreeCRM <=0.14.1, 0.15.0-0.15.1, 0.16.0-0.16.3, 0.17.0-0.17.2, 0.18.0 - Stored Cross-Site Scripting
Dec 20, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-14623 MEDIUM
Katello - Authenticated SQL Injection via Errata API
Dec 14, 2018
CVSS 4.3
EPSS 0.01
CVE-2018-16477 MEDIUM
Rails < 5.2.1.1 - Information Disclosure
Nov 30, 2018
CVSS 6.5
EPSS 0.01