rubygems

954 tracked vulnerabilities.

CVE-2018-3779 CRITICAL
Activesupport - Command Injection
Aug 10, 2018
CVSS 9.8
EPSS 0.05
CVE-2018-3777 CRITICAL
restforce < 3.0.0 - Parameter Injection via Insufficient URI Encoding
Aug 03, 2018
CVSS 9.8
EPSS 0.00
CVE-2018-14404 MEDIUM
libxml2 <2.9.8 - DoS
Jul 19, 2018
CVSS 6.5
EPSS 0.20
CVE-2018-1000211 HIGH
Doorkeeper >=4.2.0 - Info Disclosure
Jul 13, 2018
CVSS 7.5
EPSS 0.00
CVE-2018-14042 MEDIUM
Bootstrap < 4.1.2 - Cross-Site Scripting via Tooltip Data-Container Property
Jul 13, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-14041 MEDIUM
Bootstrap 4.0.0-4.1.1 - Cross-Site Scripting via Scrollspy Data-Target Property
Jul 13, 2018
CVSS 6.1
EPSS 0.08
CVE-2018-14040 MEDIUM
Bootstrap <4.1.2 - XSS
Jul 13, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-3769 MEDIUM
ruby-grape grape < 1.0.3 - Cross-Site Scripting via Format Parameter
Jul 05, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-0499 MEDIUM
xapian-core < 1.4.6 - Cross-Site Scripting in MSet Snippet HTML Escaping
Jul 02, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-3760 HIGH NUCLEI
Redhat Cloudforms < 2.12.4 - Information Disclosure
Jun 26, 2018
CVSS 7.5
EPSS 0.94
CVE-2018-1000544 CRITICAL
rubyzip < 1.2.1 - Directory Traversal and Arbitrary File Write via Zip::File Component
Jun 26, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-1000539 MEDIUM
Nov json-jwt <1.9.4 - Code Injection
Jun 26, 2018
CVSS 5.3
EPSS 0.00
CVE-2018-1000201 HIGH
ruby-ffi < 1.9.23 - DLL Hijacking via Symbol DLL Name
Jun 22, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-12615 MEDIUM
Phusion Passenger <5.3.2 - Privilege Escalation
Jun 21, 2018
CVSS 5.3
EPSS 0.00
CVE-2018-12029 HIGH
Phusion Passenger <5.3.2 - Privilege Escalation
Jun 17, 2018
CVSS 7.0
EPSS 0.00
CVE-2018-12028 HIGH
Phusion Passenger 5.3.x <5.3.2 - Info Disclosure
Jun 17, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-12027 HIGH
Phusion Passenger 5.3.x <5.3.2 - Info Disclosure
Jun 17, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-12026 CRITICAL
Phusion Passenger <5.3.2 - Privilege Escalation
Jun 17, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-3759 LOW
private_address_check < 0.5.0 - Time-of-Check Time-of-Use Race Condition
Jun 13, 2018
CVSS 3.7
EPSS 0.00
CVE-2018-3721 MEDIUM
lodash < 4.17.5 - Prototype Pollution via __proto__ in defaultsDeep, merge, and mergeWith
Jun 07, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-11627 MEDIUM
Sinatra < 2.0.2 - Cross-Site Scripting via Params Parser Exception
May 31, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-3741 MEDIUM
rails-html-sanitizer < 1.0.4 - Cross-Site Scripting via Non-Whitelisted Attribute Bypass
Mar 30, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-3740 HIGH
Sanitize < 4.6.0 and 3.0.0-4.6.3 - Improper Input Validation
Mar 30, 2018
CVSS 7.5
EPSS 0.00
CVE-2018-8048 MEDIUM
Loofah <2.2.0 - XSS
Mar 27, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-1000088 MEDIUM
Doorkeeper 2.1.0-4.2.5 - Stored Cross-Site Scripting in OAuth Client Name
Mar 13, 2018
CVSS 6.1
EPSS 0.00
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV