rubygems
954 tracked vulnerabilities.
CVE-2017-1000043
MEDIUM
Mapbox.js 1.x < 1.6.6 and 2.x < 2.2.4 - Cross-Site Scripting via TileJSON Name and Map Share Control
Jul 17, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-1000042
MEDIUM
Mapbox.js 1.x < 1.6.5 and 2.x < 2.1.7 - Cross-Site Scripting via TileJSON Name
Jul 17, 2017
CVSS 6.1
EPSS 0.00
CVE-2017-1000026
HIGH
Chef Software's mixlib-archive <0.3.0 - Path Traversal
Jul 17, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-11173
HIGH
rack-cors < 0.4.1 - Cross-Origin Resource Sharing Bypass via Regex Anchor Omission
Jul 13, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-7475
MEDIUM
cairo 1.15.4 - NULL Pointer Dereference via FT_Load_Glyph and FT_Render_Glyph
May 19, 2017
CVSS 5.5
EPSS 0.00
CVE-2017-9050
HIGH
libxml2 20904-GITv2.9.4-16-g0741801 - Buffer Overflow
May 18, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-8418
LOW
RuboCop < 0.48.1 - Unsafe Temporary File Handling
May 02, 2017
CVSS 3.3
EPSS 0.00
CVE-2017-2096
CRITICAL
smalruby-editor < 0.4.0 - OS Command Injection
Apr 28, 2017
CVSS 9.8
EPSS 0.05
CVE-2017-5029
HIGH
Google Chrome < 57.0.2987.98 - Out-of-bounds Write via xsltAddTextString Integer Overflow
Apr 24, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-5946
CRITICAL
rubyzip < 1.2.1 - Path Traversal via Zip::File Component
Feb 27, 2017
CVSS 9.8
EPSS 0.06
CVE-2016-3098
MEDIUM
administrate < 0.1.5 - Cross-Site Request Forgery
Aug 05, 2022
CVSS 5.4
EPSS 0.00
CVE-2016-11086
HIGH
oauth-ruby < 0.5.4 - Improper Certificate Validation
Sep 24, 2020
CVSS 7.4
EPSS 0.00
CVE-2016-10735
MEDIUM
Bootstrap 3.x < 3.4.0 and 4.x-beta < 4.0.0-beta.2 - Cross-Site Scripting via data-target Attribute
Jan 09, 2019
CVSS 6.1
EPSS 0.05
CVE-2016-10522
HIGH
rails_admin < 1.1.1 - Cross-Site Request Forgery
Jul 05, 2018
CVSS 8.8
EPSS 0.00
CVE-2016-10707
HIGH
jQuery 3.0.0-rc.1 - Denial of Service via Mixed-Case Boolean Attribute Recursion
Jan 18, 2018
CVSS 7.5
EPSS 0.01
CVE-2016-10362
MEDIUM
Logstash < 5.0.1 - Sensitive Information Exposure via Elasticsearch Output Plugin
Jun 16, 2017
CVSS 6.5
EPSS 0.00
CVE-2016-1000221
HIGH
Logstash < 2.3.4 - Sensitive Information Exposure via Elasticsearch Output Plugin
Jun 16, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-4442
MEDIUM
Rack-Mini-Profiler <0.10.1 - Info Disclosure
May 02, 2017
CVSS 5.3
EPSS 0.00
CVE-2016-10345
HIGH
Phusion Passenger < 5.1.0 - Privilege Escalation via Predictable /tmp Filename
Apr 18, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-7103
MEDIUM
jQuery UI < 1.12.0 - Cross-Site Scripting via Dialog closeText Parameter
Mar 15, 2017
CVSS 6.1
EPSS 0.02
CVE-2016-10194
CRITICAL
festivaltts4r - Remote Code Execution via Shell Metacharacters in to_speech or to_mp3 Methods
Mar 03, 2017
CVSS 9.8
EPSS 0.01
CVE-2016-10193
CRITICAL
espeak-ruby < 1.0.3 - Remote Code Execution via Shell Metacharacter Injection
Mar 03, 2017
CVSS 9.8
EPSS 0.01
CVE-2016-10173
HIGH
minitar < 0.6 and archive-tar-minitar < 0.5.2 - Path Traversal via TAR Archive Entry
Feb 01, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-7798
HIGH
openssl < 2.0.0 - Inadequate Encryption Strength in GCM Mode
Jan 30, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-6582
CRITICAL
Doorkeeper < 4.2.0 - OAuth Token Replay and Arbitrary Revocation via Missing Revocation Specification
Jan 23, 2017
CVSS 9.1
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
ruby-saml 10
jquery-rails 9
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
katello 7
lodash-rails 7
net-imap 7
spree 7
avo 6
Quick Filters