rubygems
965 tracked vulnerabilities.
CVE-2018-16476
HIGH
Rails < 4.2.11 - Improper Access Control
Nov 30, 2018
CVSS 7.5
EPSS 0.03
CVE-2018-16395
CRITICAL
OpenSSL <2.3.8-2.6.0-preview3 - Info Disclosure
Nov 16, 2018
CVSS 9.8
EPSS 0.11
CVE-2018-16471
MEDIUM
Rack < 1.6.11 and 2.0.0-2.0.6 - Cross-Site Scripting via Scheme Method
Nov 13, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-16470
HIGH
Rack < 2.0.6 - Denial of Service via Multipart Parser
Nov 13, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-16468
MEDIUM
Loofah < 2.2.2 - Cross-Site Scripting via SVG Element
Oct 30, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-18476
CRITICAL
mysql-binuuid-rails < 1.1.0 - SQL Injection via Default String Escaping Removal
Oct 24, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-18307
MEDIUM
AlchemyCMS 4.1.0 - Stored Cross-Site Scripting via Admin Pictures Image Field
Oct 16, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-18385
HIGH
Asciidoctor < 1.5.8 - Denial of Service via List Parsing Infinite Loop
Oct 16, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-18260
MEDIUM
Camaleon CMS 2.4 - Stored Cross-Site Scripting via Profile Image Upload
Oct 15, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-17567
HIGH
Jekyll <3.6.2, <3.7.4, <3.8.4 - Info Disclosure
Sep 28, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-14643
CRITICAL
Foreman smart_proxy_dynflow 0.2.0 - Unauthenticated Remote Code Execution via Authentication Bypass
Sep 21, 2018
CVSS 9.8
EPSS 0.06
CVE-2018-3779
CRITICAL
Activesupport - Command Injection
Aug 10, 2018
CVSS 9.8
EPSS 0.06
CVE-2018-3777
CRITICAL
restforce < 3.0.0 - Parameter Injection via Insufficient URI Encoding
Aug 03, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-14404
MEDIUM
libxml2 <2.9.8 - DoS
Jul 19, 2018
CVSS 6.5
EPSS 0.04
CVE-2018-1000211
HIGH
Doorkeeper >=4.2.0 - Info Disclosure
Jul 13, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-14042
MEDIUM
Bootstrap < 4.1.2 - Cross-Site Scripting via Tooltip Data-Container Property
Jul 13, 2018
CVSS 6.1
EPSS 0.04
CVE-2018-14041
MEDIUM
Bootstrap 4.0.0-4.1.1 - Cross-Site Scripting via Scrollspy Data-Target Property
Jul 13, 2018
CVSS 6.1
EPSS 0.04
CVE-2018-14040
MEDIUM
Bootstrap <4.1.2 - XSS
Jul 13, 2018
CVSS 6.1
EPSS 0.04
CVE-2018-3769
MEDIUM
ruby-grape grape < 1.0.3 - Cross-Site Scripting via Format Parameter
Jul 05, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-0499
MEDIUM
xapian-core < 1.4.6 - Cross-Site Scripting in MSet Snippet HTML Escaping
Jul 02, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-3760
HIGH
NUCLEI
Redhat Cloudforms < 2.12.4 - Information Disclosure
Jun 26, 2018
CVSS 7.5
EPSS 0.27
CVE-2018-1000544
CRITICAL
rubyzip < 1.2.1 - Directory Traversal and Arbitrary File Write via Zip::File Component
Jun 26, 2018
CVSS 9.8
EPSS 0.04
CVE-2018-1000539
MEDIUM
Nov json-jwt <1.9.4 - Code Injection
Jun 26, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-1000201
HIGH
ruby-ffi < 1.9.23 - DLL Hijacking via Symbol DLL Name
Jun 22, 2018
CVSS 7.8
EPSS 0.01
CVE-2018-12615
MEDIUM
Phusion Passenger <5.3.2 - Privilege Escalation
Jun 21, 2018
CVSS 5.3
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters