rubygems

965 tracked vulnerabilities.

CVE-2017-15364 MEDIUM
Ccsv - Use-After-Free in foreach Function
Oct 15, 2017
CVSS 5.5
EPSS 0.01
CVE-2017-0903 CRITICAL
RubyGems 2.0.0-2.6.13 - Remote Code Execution via YAML Deserialization
Oct 11, 2017
CVSS 9.8
EPSS 0.16
CVE-2017-14683 HIGH
geminabox < 0.13.7 - Cross-Site Request Forgery via Unintended Gem Upload
Sep 25, 2017
CVSS 8.8
EPSS 0.00
CVE-2017-14506 MEDIUM
geminabox < 0.13.6 - Cross-Site Scripting via Crafted Gem Homepage Value
Sep 25, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-14033 HIGH
Ruby < 2.2.8, 2.3.x < 2.3.5, 2.4.x <= 2.4.1 - Denial of Service via OpenSSL::ASN1 Decode Method
Sep 19, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-10784 HIGH
Ruby < 2.2.8, 2.3.x < 2.3.5, 2.4.x <= 2.4.1 - Command Injection via WEBrick Basic Authentication
Sep 19, 2017
CVSS 8.8
EPSS 0.16
CVE-2017-0902 HIGH
RubyGems < 2.6.12 - DNS Hijacking via MITM Attack
Aug 31, 2017
CVSS 8.1
EPSS 0.05
CVE-2017-0901 HIGH
RubyGems < 2.6.13 - Arbitrary File Write via Specification Name Validation Bypass
Aug 31, 2017
CVSS 7.5
EPSS 0.29
CVE-2017-0900 HIGH
RubyGems < 2.6.12 - Denial of Service via Malicious Gem Specification
Aug 31, 2017
CVSS 7.5
EPSS 0.08
CVE-2017-0899 CRITICAL
RubyGems < 2.6.13 - Terminal Escape Sequence Injection via Gem Specification
Aug 31, 2017
CVSS 9.8
EPSS 0.11
CVE-2017-7540 CRITICAL
rubygem-safemode <1.3.2 - Privilege Escalation
Jul 21, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-1000043 MEDIUM
Mapbox.js 1.x < 1.6.6 and 2.x < 2.2.4 - Cross-Site Scripting via TileJSON Name and Map Share Control
Jul 17, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-1000042 MEDIUM
Mapbox.js 1.x < 1.6.5 and 2.x < 2.1.7 - Cross-Site Scripting via TileJSON Name
Jul 17, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-1000026 HIGH
Chef Software's mixlib-archive <0.3.0 - Path Traversal
Jul 17, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-11173 HIGH
rack-cors < 0.4.1 - Cross-Origin Resource Sharing Bypass via Regex Anchor Omission
Jul 13, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-7475 MEDIUM
cairo 1.15.4 - NULL Pointer Dereference via FT_Load_Glyph and FT_Render_Glyph
May 19, 2017
CVSS 5.5
EPSS 0.02
CVE-2017-9050 HIGH
libxml2 20904-GITv2.9.4-16-g0741801 - Buffer Overflow
May 18, 2017
CVSS 7.5
EPSS 0.05
CVE-2017-8418 LOW
RuboCop < 0.48.1 - Unsafe Temporary File Handling
May 02, 2017
CVSS 3.3
EPSS 0.00
CVE-2017-2096 CRITICAL
smalruby-editor < 0.4.0 - OS Command Injection
Apr 28, 2017
CVSS 9.8
EPSS 0.06
CVE-2017-5029 HIGH
Google Chrome < 57.0.2987.98 - Out-of-bounds Write via xsltAddTextString Integer Overflow
Apr 24, 2017
CVSS 8.8
EPSS 0.02
CVE-2017-5946 CRITICAL
rubyzip < 1.2.1 - Path Traversal via Zip::File Component
Feb 27, 2017
CVSS 9.8
EPSS 0.03
CVE-2016-3098 MEDIUM
administrate < 0.1.5 - Cross-Site Request Forgery
Aug 05, 2022
CVSS 5.4
EPSS 0.00
CVE-2016-11086 HIGH
oauth-ruby < 0.5.4 - Improper Certificate Validation
Sep 24, 2020
CVSS 7.4
EPSS 0.01
CVE-2016-10735 MEDIUM
Bootstrap 3.x < 3.4.0 and 4.x-beta < 4.0.0-beta.2 - Cross-Site Scripting via data-target Attribute
Jan 09, 2019
CVSS 6.1
EPSS 0.04
CVE-2016-10522 HIGH
rails_admin < 1.1.1 - Cross-Site Request Forgery
Jul 05, 2018
CVSS 8.8
EPSS 0.01