rubygems

965 tracked vulnerabilities.

CVE-2018-16476 HIGH
Rails < 4.2.11 - Improper Access Control
Nov 30, 2018
CVSS 7.5
EPSS 0.03
CVE-2018-16395 CRITICAL
OpenSSL <2.3.8-2.6.0-preview3 - Info Disclosure
Nov 16, 2018
CVSS 9.8
EPSS 0.11
CVE-2018-16471 MEDIUM
Rack < 1.6.11 and 2.0.0-2.0.6 - Cross-Site Scripting via Scheme Method
Nov 13, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-16470 HIGH
Rack < 2.0.6 - Denial of Service via Multipart Parser
Nov 13, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-16468 MEDIUM
Loofah < 2.2.2 - Cross-Site Scripting via SVG Element
Oct 30, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-18476 CRITICAL
mysql-binuuid-rails < 1.1.0 - SQL Injection via Default String Escaping Removal
Oct 24, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-18307 MEDIUM
AlchemyCMS 4.1.0 - Stored Cross-Site Scripting via Admin Pictures Image Field
Oct 16, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-18385 HIGH
Asciidoctor < 1.5.8 - Denial of Service via List Parsing Infinite Loop
Oct 16, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-18260 MEDIUM
Camaleon CMS 2.4 - Stored Cross-Site Scripting via Profile Image Upload
Oct 15, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-17567 HIGH
Jekyll <3.6.2, <3.7.4, <3.8.4 - Info Disclosure
Sep 28, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-14643 CRITICAL
Foreman smart_proxy_dynflow 0.2.0 - Unauthenticated Remote Code Execution via Authentication Bypass
Sep 21, 2018
CVSS 9.8
EPSS 0.06
CVE-2018-3779 CRITICAL
Activesupport - Command Injection
Aug 10, 2018
CVSS 9.8
EPSS 0.06
CVE-2018-3777 CRITICAL
restforce < 3.0.0 - Parameter Injection via Insufficient URI Encoding
Aug 03, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-14404 MEDIUM
libxml2 <2.9.8 - DoS
Jul 19, 2018
CVSS 6.5
EPSS 0.04
CVE-2018-1000211 HIGH
Doorkeeper >=4.2.0 - Info Disclosure
Jul 13, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-14042 MEDIUM
Bootstrap < 4.1.2 - Cross-Site Scripting via Tooltip Data-Container Property
Jul 13, 2018
CVSS 6.1
EPSS 0.04
CVE-2018-14041 MEDIUM
Bootstrap 4.0.0-4.1.1 - Cross-Site Scripting via Scrollspy Data-Target Property
Jul 13, 2018
CVSS 6.1
EPSS 0.04
CVE-2018-14040 MEDIUM
Bootstrap <4.1.2 - XSS
Jul 13, 2018
CVSS 6.1
EPSS 0.04
CVE-2018-3769 MEDIUM
ruby-grape grape < 1.0.3 - Cross-Site Scripting via Format Parameter
Jul 05, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-0499 MEDIUM
xapian-core < 1.4.6 - Cross-Site Scripting in MSet Snippet HTML Escaping
Jul 02, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-3760 HIGH NUCLEI
Redhat Cloudforms < 2.12.4 - Information Disclosure
Jun 26, 2018
CVSS 7.5
EPSS 0.27
CVE-2018-1000544 CRITICAL
rubyzip < 1.2.1 - Directory Traversal and Arbitrary File Write via Zip::File Component
Jun 26, 2018
CVSS 9.8
EPSS 0.04
CVE-2018-1000539 MEDIUM
Nov json-jwt <1.9.4 - Code Injection
Jun 26, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-1000201 HIGH
ruby-ffi < 1.9.23 - DLL Hijacking via Symbol DLL Name
Jun 22, 2018
CVSS 7.8
EPSS 0.01
CVE-2018-12615 MEDIUM
Phusion Passenger <5.3.2 - Privilege Escalation
Jun 21, 2018
CVSS 5.3
EPSS 0.01