rubygems

965 tracked vulnerabilities.

CVE-2018-12029 HIGH
Phusion Passenger <5.3.2 - Privilege Escalation
Jun 17, 2018
CVSS 7.0
EPSS 0.00
CVE-2018-12028 HIGH
Phusion Passenger 5.3.x <5.3.2 - Info Disclosure
Jun 17, 2018
CVSS 7.8
EPSS 0.01
CVE-2018-12027 HIGH
Phusion Passenger 5.3.x <5.3.2 - Info Disclosure
Jun 17, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-12026 CRITICAL
Phusion Passenger <5.3.2 - Privilege Escalation
Jun 17, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-3759 LOW
private_address_check < 0.5.0 - Time-of-Check Time-of-Use Race Condition
Jun 13, 2018
CVSS 3.7
EPSS 0.01
CVE-2018-3721 MEDIUM
lodash < 4.17.5 - Prototype Pollution via __proto__ in defaultsDeep, merge, and mergeWith
Jun 07, 2018
CVSS 6.5
EPSS 0.02
CVE-2018-11627 MEDIUM
Sinatra < 2.0.2 - Cross-Site Scripting via Params Parser Exception
May 31, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-3741 MEDIUM
rails-html-sanitizer < 1.0.4 - Cross-Site Scripting via Non-Whitelisted Attribute Bypass
Mar 30, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-3740 HIGH
Sanitize < 4.6.0 and 3.0.0-4.6.3 - Improper Input Validation
Mar 30, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-8048 MEDIUM
Loofah <2.2.0 - XSS
Mar 27, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-1000088 MEDIUM
Doorkeeper 2.1.0-4.2.5 - Stored Cross-Site Scripting in OAuth Client Name
Mar 13, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-1000079 MEDIUM
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Directory Traversal via Malicious Gem Installation
Mar 13, 2018
CVSS 5.5
EPSS 0.03
CVE-2018-1000078 MEDIUM
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Cross-Site Scripting in Gem Server Homepage Display
Mar 13, 2018
CVSS 6.1
EPSS 0.03
CVE-2018-1000077 MEDIUM
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Improper Input Validation in Gem Specification Homepage Attribute
Mar 13, 2018
CVSS 5.3
EPSS 0.04
CVE-2018-1000076 CRITICAL
RubyGems <2.7.6 - Improper Verification of Cryptographic Signature
Mar 13, 2018
CVSS 9.8
EPSS 0.03
CVE-2018-1000075 HIGH
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Infinite Loop via Negative Size in Tar Header
Mar 13, 2018
CVSS 7.5
EPSS 0.05
CVE-2018-1000074 HIGH
RubyGems <2.7.6 - Deserialization of Untrusted Data
Mar 13, 2018
CVSS 7.8
EPSS 0.03
CVE-2018-1000073 HIGH
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Directory Traversal in install_location Function
Mar 13, 2018
CVSS 7.5
EPSS 0.05
CVE-2018-1000119 MEDIUM
Sinatra rack-protection <1.5.5, <2.0.0 - CSRF
Mar 07, 2018
CVSS 5.9
EPSS 0.02
CVE-2018-7261 MEDIUM
Radiant CMS 1.1.4 - Stored Cross-Site Scripting in Personal Preferences and Configuration
Feb 21, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-7212 MEDIUM
sinatra 2.x < 2.0.1 - Path Traversal via Backslash Characters
Feb 18, 2018
CVSS 5.3
EPSS 0.02
CVE-2018-1000060 CRITICAL
Sensu Core <1.2.0 - Info Disclosure
Feb 09, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-5216 MEDIUM
Radiant CMS 1.1.4 - Stored Cross-Site Scripting via Markdown Input in Page Editor
Jan 04, 2018
CVSS 5.4
EPSS 0.01
CVE-2017-20159 LOW
Keynote < 1.0.0 - Cross-Site Scripting in rumble.rb
Dec 31, 2022
CVSS 3.5
EPSS 0.01
CVE-2017-1002201 MEDIUM
Haml <5.0.0.beta.2 - Code Injection
Oct 15, 2019
CVSS 6.1
EPSS 0.01