rubygems
965 tracked vulnerabilities.
CVE-2016-10707
HIGH
jQuery 3.0.0-rc.1 - Denial of Service via Mixed-Case Boolean Attribute Recursion
Jan 18, 2018
CVSS 7.5
EPSS 0.03
CVE-2016-10362
MEDIUM
Logstash < 5.0.1 - Sensitive Information Exposure via Elasticsearch Output Plugin
Jun 16, 2017
CVSS 6.5
EPSS 0.01
CVE-2016-1000221
HIGH
Logstash < 2.3.4 - Sensitive Information Exposure via Elasticsearch Output Plugin
Jun 16, 2017
CVSS 7.5
EPSS 0.02
CVE-2016-4442
MEDIUM
Rack-Mini-Profiler <0.10.1 - Info Disclosure
May 02, 2017
CVSS 5.3
EPSS 0.02
CVE-2016-10345
HIGH
Phusion Passenger < 5.1.0 - Privilege Escalation via Predictable /tmp Filename
Apr 18, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-7103
MEDIUM
jQuery UI < 1.12.0 - Cross-Site Scripting via Dialog closeText Parameter
Mar 15, 2017
CVSS 6.1
EPSS 0.23
CVE-2016-10194
CRITICAL
festivaltts4r - Remote Code Execution via Shell Metacharacters in to_speech or to_mp3 Methods
Mar 03, 2017
CVSS 9.8
EPSS 0.03
CVE-2016-10193
CRITICAL
espeak-ruby < 1.0.3 - Remote Code Execution via Shell Metacharacter Injection
Mar 03, 2017
CVSS 9.8
EPSS 0.02
CVE-2016-10173
HIGH
minitar < 0.6 and archive-tar-minitar < 0.5.2 - Path Traversal via TAR Archive Entry
Feb 01, 2017
CVSS 7.5
EPSS 0.05
CVE-2016-7798
HIGH
openssl < 2.0.0 - Inadequate Encryption Strength in GCM Mode
Jan 30, 2017
CVSS 7.5
EPSS 0.03
CVE-2016-6582
CRITICAL
Doorkeeper < 4.2.0 - OAuth Token Replay and Arbitrary Revocation via Missing Revocation Specification
Jan 23, 2017
CVSS 9.1
EPSS 0.05
CVE-2016-5697
HIGH
ruby-saml < 1.3.0 - XML Signature Wrapping Attack
Jan 23, 2017
CVSS 7.5
EPSS 0.01
CVE-2016-7954
CRITICAL
Bundler 1.x - Remote Code Execution via Gem Name Collision
Dec 22, 2016
CVSS 9.8
EPSS 0.08
CVE-2016-4658
CRITICAL
Apple Iphone OS < 10.0 - Memory Corruption
Sep 25, 2016
CVSS 9.8
EPSS 0.09
CVE-2016-6317
HIGH
Ruby on Rails 4.2.x <4.2.7.1 - Info Disclosure
Sep 07, 2016
CVSS 7.5
EPSS 0.04
CVE-2016-6316
MEDIUM
Ruby on Rails <3.2.22.3-4.2.7.1-5.0.0.1 - XSS
Sep 07, 2016
CVSS 6.1
EPSS 0.03
CVE-2016-2785
CRITICAL
Puppet Server < 2.3.2 and Puppet 4.0.0-4.4.1 - Improper Access Control via URL Decoding Bypass
Jun 10, 2016
CVSS 9.8
EPSS 0.03
CVE-2016-3072
HIGH
Katello - Authenticated SQL Injection via Scoped Search Parameters
Jun 07, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-3693
HIGH
Safemode < 1.2.4 - Exposure of Sensitive Information via Inspect Method
May 20, 2016
CVSS 8.1
EPSS 0.02
CVE-2016-2098
HIGH
Debian Linux < 3.2.22.1 - Improper Input Validation
Apr 07, 2016
CVSS 7.3
EPSS 0.81
CVE-2016-2097
MEDIUM
Ruby on Rails < 3.2.22.2 and 4.x < 4.1.14.2 - Directory Traversal via Render Method
Apr 07, 2016
CVSS 5.3
EPSS 0.04
CVE-2016-0753
MEDIUM
Ruby on Rails <4.1.14.1, <4.2.5.1, <5.0.0.beta1.1 - Info Disclosure
Feb 16, 2016
CVSS 5.3
EPSS 0.07
CVE-2016-0752
HIGH
KEV
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Feb 16, 2016
CVSS 7.5
EPSS 0.96
CVE-2016-0751
HIGH
Ruby on Rails <3.2.22.1, <4.0.x, <4.1.x<4.1.14.1, <4.2.x<4.2.5.1, <...
Feb 16, 2016
CVSS 7.5
EPSS 0.10
CVE-2015-8314
HIGH
Devise < 3.5.4 - Cleartext Storage of Sensitive Information in Remember Me Cookies
Dec 12, 2023
CVSS 7.5
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters