rubygems
965 tracked vulnerabilities.
CVE-2017-15364
MEDIUM
Ccsv - Use-After-Free in foreach Function
Oct 15, 2017
CVSS 5.5
EPSS 0.01
CVE-2017-0903
CRITICAL
RubyGems 2.0.0-2.6.13 - Remote Code Execution via YAML Deserialization
Oct 11, 2017
CVSS 9.8
EPSS 0.16
CVE-2017-14683
HIGH
geminabox < 0.13.7 - Cross-Site Request Forgery via Unintended Gem Upload
Sep 25, 2017
CVSS 8.8
EPSS 0.00
CVE-2017-14506
MEDIUM
geminabox < 0.13.6 - Cross-Site Scripting via Crafted Gem Homepage Value
Sep 25, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-14033
HIGH
Ruby < 2.2.8, 2.3.x < 2.3.5, 2.4.x <= 2.4.1 - Denial of Service via OpenSSL::ASN1 Decode Method
Sep 19, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-10784
HIGH
Ruby < 2.2.8, 2.3.x < 2.3.5, 2.4.x <= 2.4.1 - Command Injection via WEBrick Basic Authentication
Sep 19, 2017
CVSS 8.8
EPSS 0.16
CVE-2017-0902
HIGH
RubyGems < 2.6.12 - DNS Hijacking via MITM Attack
Aug 31, 2017
CVSS 8.1
EPSS 0.05
CVE-2017-0901
HIGH
RubyGems < 2.6.13 - Arbitrary File Write via Specification Name Validation Bypass
Aug 31, 2017
CVSS 7.5
EPSS 0.29
CVE-2017-0900
HIGH
RubyGems < 2.6.12 - Denial of Service via Malicious Gem Specification
Aug 31, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-0899
CRITICAL
RubyGems < 2.6.13 - Terminal Escape Sequence Injection via Gem Specification
Aug 31, 2017
CVSS 9.8
EPSS 0.11
CVE-2017-7540
CRITICAL
rubygem-safemode <1.3.2 - Privilege Escalation
Jul 21, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-1000043
MEDIUM
Mapbox.js 1.x < 1.6.6 and 2.x < 2.2.4 - Cross-Site Scripting via TileJSON Name and Map Share Control
Jul 17, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-1000042
MEDIUM
Mapbox.js 1.x < 1.6.5 and 2.x < 2.1.7 - Cross-Site Scripting via TileJSON Name
Jul 17, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-1000026
HIGH
Chef Software's mixlib-archive <0.3.0 - Path Traversal
Jul 17, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-11173
HIGH
rack-cors < 0.4.1 - Cross-Origin Resource Sharing Bypass via Regex Anchor Omission
Jul 13, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-7475
MEDIUM
cairo 1.15.4 - NULL Pointer Dereference via FT_Load_Glyph and FT_Render_Glyph
May 19, 2017
CVSS 5.5
EPSS 0.02
CVE-2017-9050
HIGH
libxml2 20904-GITv2.9.4-16-g0741801 - Buffer Overflow
May 18, 2017
CVSS 7.5
EPSS 0.05
CVE-2017-8418
LOW
RuboCop < 0.48.1 - Unsafe Temporary File Handling
May 02, 2017
CVSS 3.3
EPSS 0.00
CVE-2017-2096
CRITICAL
smalruby-editor < 0.4.0 - OS Command Injection
Apr 28, 2017
CVSS 9.8
EPSS 0.06
CVE-2017-5029
HIGH
Google Chrome < 57.0.2987.98 - Out-of-bounds Write via xsltAddTextString Integer Overflow
Apr 24, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-5946
CRITICAL
rubyzip < 1.2.1 - Path Traversal via Zip::File Component
Feb 27, 2017
CVSS 9.8
EPSS 0.03
CVE-2016-3098
MEDIUM
administrate < 0.1.5 - Cross-Site Request Forgery
Aug 05, 2022
CVSS 5.4
EPSS 0.00
CVE-2016-11086
HIGH
oauth-ruby < 0.5.4 - Improper Certificate Validation
Sep 24, 2020
CVSS 7.4
EPSS 0.01
CVE-2016-10735
MEDIUM
Bootstrap 3.x < 3.4.0 and 4.x-beta < 4.0.0-beta.2 - Cross-Site Scripting via data-target Attribute
Jan 09, 2019
CVSS 6.1
EPSS 0.04
CVE-2016-10522
HIGH
rails_admin < 1.1.1 - Cross-Site Request Forgery
Jul 05, 2018
CVSS 8.8
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters