rubygems

965 tracked vulnerabilities.

CVE-2016-10707 HIGH
jQuery 3.0.0-rc.1 - Denial of Service via Mixed-Case Boolean Attribute Recursion
Jan 18, 2018
CVSS 7.5
EPSS 0.03
CVE-2016-10362 MEDIUM
Logstash < 5.0.1 - Sensitive Information Exposure via Elasticsearch Output Plugin
Jun 16, 2017
CVSS 6.5
EPSS 0.01
CVE-2016-1000221 HIGH
Logstash < 2.3.4 - Sensitive Information Exposure via Elasticsearch Output Plugin
Jun 16, 2017
CVSS 7.5
EPSS 0.02
CVE-2016-4442 MEDIUM
Rack-Mini-Profiler <0.10.1 - Info Disclosure
May 02, 2017
CVSS 5.3
EPSS 0.02
CVE-2016-10345 HIGH
Phusion Passenger < 5.1.0 - Privilege Escalation via Predictable /tmp Filename
Apr 18, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-7103 MEDIUM
jQuery UI < 1.12.0 - Cross-Site Scripting via Dialog closeText Parameter
Mar 15, 2017
CVSS 6.1
EPSS 0.23
CVE-2016-10194 CRITICAL
festivaltts4r - Remote Code Execution via Shell Metacharacters in to_speech or to_mp3 Methods
Mar 03, 2017
CVSS 9.8
EPSS 0.03
CVE-2016-10193 CRITICAL
espeak-ruby < 1.0.3 - Remote Code Execution via Shell Metacharacter Injection
Mar 03, 2017
CVSS 9.8
EPSS 0.02
CVE-2016-10173 HIGH
minitar < 0.6 and archive-tar-minitar < 0.5.2 - Path Traversal via TAR Archive Entry
Feb 01, 2017
CVSS 7.5
EPSS 0.05
CVE-2016-7798 HIGH
openssl < 2.0.0 - Inadequate Encryption Strength in GCM Mode
Jan 30, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-6582 CRITICAL
Doorkeeper < 4.2.0 - OAuth Token Replay and Arbitrary Revocation via Missing Revocation Specification
Jan 23, 2017
CVSS 9.1
EPSS 0.05
CVE-2016-5697 HIGH
ruby-saml < 1.3.0 - XML Signature Wrapping Attack
Jan 23, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-7954 CRITICAL
Bundler 1.x - Remote Code Execution via Gem Name Collision
Dec 22, 2016
CVSS 9.8
EPSS 0.08
CVE-2016-4658 CRITICAL
Apple Iphone OS < 10.0 - Memory Corruption
Sep 25, 2016
CVSS 9.8
EPSS 0.09
CVE-2016-6317 HIGH
Ruby on Rails 4.2.x <4.2.7.1 - Info Disclosure
Sep 07, 2016
CVSS 7.5
EPSS 0.04
CVE-2016-6316 MEDIUM
Ruby on Rails <3.2.22.3-4.2.7.1-5.0.0.1 - XSS
Sep 07, 2016
CVSS 6.1
EPSS 0.03
CVE-2016-2785 CRITICAL
Puppet Server < 2.3.2 and Puppet 4.0.0-4.4.1 - Improper Access Control via URL Decoding Bypass
Jun 10, 2016
CVSS 9.8
EPSS 0.03
CVE-2016-3072 HIGH
Katello - Authenticated SQL Injection via Scoped Search Parameters
Jun 07, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-3693 HIGH
Safemode < 1.2.4 - Exposure of Sensitive Information via Inspect Method
May 20, 2016
CVSS 8.1
EPSS 0.02
CVE-2016-2098 HIGH
Debian Linux < 3.2.22.1 - Improper Input Validation
Apr 07, 2016
CVSS 7.3
EPSS 0.81
CVE-2016-2097 MEDIUM
Ruby on Rails < 3.2.22.2 and 4.x < 4.1.14.2 - Directory Traversal via Render Method
Apr 07, 2016
CVSS 5.3
EPSS 0.04
CVE-2016-0753 MEDIUM
Ruby on Rails <4.1.14.1, <4.2.5.1, <5.0.0.beta1.1 - Info Disclosure
Feb 16, 2016
CVSS 5.3
EPSS 0.07
CVE-2016-0752 HIGH KEV
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Feb 16, 2016
CVSS 7.5
EPSS 0.96
CVE-2016-0751 HIGH
Ruby on Rails <3.2.22.1, <4.0.x, <4.1.x<4.1.14.1, <4.2.x<4.2.5.1, <...
Feb 16, 2016
CVSS 7.5
EPSS 0.10
CVE-2015-8314 HIGH
Devise < 3.5.4 - Cleartext Storage of Sensitive Information in Remember Me Cookies
Dec 12, 2023
CVSS 7.5
EPSS 0.01