rubygems
965 tracked vulnerabilities.
CVE-2019-10226
MEDIUM
Fat Free CRM v0.19.0 - HTML Injection
Jun 10, 2019
CVSS 5.4
EPSS 0.05
CVE-2019-11027
CRITICAL
ruby-openid < 2.8.0 - Remote Code Execution
Jun 10, 2019
CVSS 9.8
EPSS 0.03
CVE-2019-8320
HIGH
RubyGems 2.7.6-3.0.2 - Path Traversal via Symlink Deletion
Jun 06, 2019
CVSS 7.4
EPSS 0.04
CVE-2019-12732
MEDIUM
Chartkick < 3.1.0 - Cross-Site Scripting
Jun 06, 2019
CVSS 4.7
EPSS 0.01
CVE-2019-11358
MEDIUM
jQuery < 3.4.0 - Prototype Pollution via jQuery.extend
Apr 20, 2019
CVSS 6.1
EPSS 0.87
CVE-2019-11068
CRITICAL
libxslt <= 1.1.33 - Protection Mechanism Bypass via Crafted URL
Apr 10, 2019
CVSS 9.8
EPSS 0.05
CVE-2019-10842
CRITICAL
bootstrap-sass 3.2.0.3 - Unauthenticated Remote Code Execution via ___cfduid Cookie
Apr 04, 2019
CVSS 9.8
EPSS 0.05
CVE-2019-5421
CRITICAL
Plataformatec Devise <4.5.0 - Info Disclosure
Apr 03, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-5420
CRITICAL
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
Mar 27, 2019
CVSS 9.8
EPSS 0.92
CVE-2019-5419
HIGH
Action View (Rails) <5.2.2.1-5.0.7.2 - DoS
Mar 27, 2019
CVSS 7.5
EPSS 0.09
CVE-2019-5418
HIGH
KEVNUCLEI
Ruby On Rails File Content Disclosure (
Mar 27, 2019
CVSS 7.5
EPSS 0.99
CVE-2019-9837
MEDIUM
Doorkeeper::OpenidConnect <1.5.4 - Open Redirect
Mar 21, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-8331
MEDIUM
Bootstrap < 3.4.1 and 4.3.x < 4.3.1 - Cross-Site Scripting via Tooltip or Popover Data-Template Attribute
Feb 20, 2019
CVSS 6.1
EPSS 0.17
CVE-2018-25032
HIGH
zlib <1.2.12 - Memory Corruption
Mar 25, 2022
CVSS 7.5
EPSS 0.52
CVE-2018-20975
MEDIUM
Fat Free CRM < 0.18.1 - Cross-Site Scripting in Tags Helper
Aug 20, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-20857
HIGH
Zendesk Samlr < 2.6.2 - XML External Entity Injection via Comment Node
Jul 26, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-6517
HIGH
chloride < 0.3.0 - Improper Certificate Validation via net-ssh Host Fingerprint Handling
Mar 21, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-16487
MEDIUM
lodash < 4.17.11 - Prototype Pollution via merge, mergeWith, and defaultsDeep Functions
Feb 01, 2019
CVSS 5.6
EPSS 0.02
CVE-2018-16887
MEDIUM
Red Hat Satellite and Katello < 3.9.0 - Authenticated Stored Cross-Site Scripting via Organization and Location Names
Jan 13, 2019
CVSS 5.4
EPSS 0.01
CVE-2018-20677
MEDIUM
Bootstrap < 3.4.0 - Cross-Site Scripting via Affix Configuration Target Property
Jan 09, 2019
CVSS 6.1
EPSS 0.04
CVE-2018-20676
MEDIUM
Bootstrap < 3.4.0 - Cross-Site Scripting via Tooltip data-viewport Attribute
Jan 09, 2019
CVSS 6.1
EPSS 0.04
CVE-2018-1000855
MEDIUM
easymon < 1.4.1 - Reflected Cross-Site Scripting in Monitoring Endpoint
Dec 20, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-1000842
MEDIUM
FatFreeCRM <=0.14.1, 0.15.0-0.15.1, 0.16.0-0.16.3, 0.17.0-0.17.2, 0.18.0 - Stored Cross-Site Scripting
Dec 20, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-14623
MEDIUM
Katello - Authenticated SQL Injection via Errata API
Dec 14, 2018
CVSS 4.3
EPSS 0.01
CVE-2018-16477
MEDIUM
Rails < 5.2.1.1 - Information Disclosure
Nov 30, 2018
CVSS 6.5
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters