rubygems

954 tracked vulnerabilities.

CVE-2016-5697 HIGH
ruby-saml < 1.3.0 - XML Signature Wrapping Attack
Jan 23, 2017
CVSS 7.5
EPSS 0.00
CVE-2016-7954 CRITICAL
Bundler 1.x - Remote Code Execution via Gem Name Collision
Dec 22, 2016
CVSS 9.8
EPSS 0.03
CVE-2016-4658 CRITICAL
Apple Iphone OS < 10.0 - Memory Corruption
Sep 25, 2016
CVSS 9.8
EPSS 0.11
CVE-2016-6317 HIGH
Ruby on Rails 4.2.x <4.2.7.1 - Info Disclosure
Sep 07, 2016
CVSS 7.5
EPSS 0.00
CVE-2016-6316 MEDIUM
Ruby on Rails <3.2.22.3-4.2.7.1-5.0.0.1 - XSS
Sep 07, 2016
CVSS 6.1
EPSS 0.02
CVE-2016-2785 CRITICAL
Puppet Server < 2.3.2 and Puppet 4.0.0-4.4.1 - Improper Access Control via URL Decoding Bypass
Jun 10, 2016
CVSS 9.8
EPSS 0.00
CVE-2016-3072 HIGH
Katello - Authenticated SQL Injection via Scoped Search Parameters
Jun 07, 2016
CVSS 8.8
EPSS 0.00
CVE-2016-3693 HIGH
Safemode < 1.2.4 - Exposure of Sensitive Information via Inspect Method
May 20, 2016
CVSS 8.1
EPSS 0.01
CVE-2016-2098 HIGH
Debian Linux < 3.2.22.1 - Improper Input Validation
Apr 07, 2016
CVSS 7.3
EPSS 0.84
CVE-2016-2097 MEDIUM
Ruby on Rails < 3.2.22.2 and 4.x < 4.1.14.2 - Directory Traversal via Render Method
Apr 07, 2016
CVSS 5.3
EPSS 0.02
CVE-2016-0753 MEDIUM
Ruby on Rails <4.1.14.1, <4.2.5.1, <5.0.0.beta1.1 - Info Disclosure
Feb 16, 2016
CVSS 5.3
EPSS 0.02
CVE-2016-0752 HIGH KEV
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Feb 16, 2016
CVSS 7.5
EPSS 0.90
CVE-2016-0751 HIGH
Ruby on Rails <3.2.22.1, <4.0.x, <4.1.x<4.1.14.1, <4.2.x<4.2.5.1, <...
Feb 16, 2016
CVSS 7.5
EPSS 0.09
CVE-2015-8314 HIGH
Devise < 3.5.4 - Cleartext Storage of Sensitive Information in Remember Me Cookies
Dec 12, 2023
CVSS 7.5
EPSS 0.00
CVE-2015-2179 MEDIUM
xaviershay-dm-rails 0.10.3.8 - Info Disclosure
Dec 12, 2023
CVSS 5.5
EPSS 0.00
CVE-2015-20108 CRITICAL
ruby-saml < 1.0.0 - XPath Injection and Code Execution via Prepared Statement Bypass
May 27, 2023
CVSS 9.8
EPSS 0.00
CVE-2015-10053 MEDIUM
Prodigasistemas Curupira <0.1.3 - SQL Injection
Jan 16, 2023
CVSS 5.5
EPSS 0.00
CVE-2015-4411 HIGH
mongodb/bson < 3.0.4 - Denial of Service via Crafted String in ObjectId.legal?
Feb 20, 2020
CVSS 7.5
EPSS 0.04
CVE-2015-4410 HIGH
Moped < 1.5.3 - Denial of Service and Cross-Site Scripting via ObjectId Validation
Feb 20, 2020
CVSS 7.5
EPSS 0.02
CVE-2015-2784 CRITICAL
papercrop < 0.3.0 - Improper Input Validation
Jan 21, 2020
CVSS 9.8
EPSS 0.00
CVE-2015-9284 HIGH
omniauth < 2.0.0 - Cross-Site Request Forgery in Ruby on Rails Request Phase
Apr 26, 2019
CVSS 8.8
EPSS 0.00
CVE-2015-4412 CRITICAL
bson-ruby < 3.0.4 - Denial of Service via Crafted String in legal? Function
Feb 05, 2018
CVSS 9.8
EPSS 0.02
CVE-2015-9251 MEDIUM
jQuery < 3.0.0 - Cross-Site Scripting via Cross-Domain Ajax Request
Jan 18, 2018
CVSS 6.1
EPSS 0.18
CVE-2015-1828 MEDIUM
http.rb < 0.7.3 - Sensitive Information Exposure via SSL Hostname Verification Bypass
Oct 06, 2017
CVSS 5.9
EPSS 0.00
CVE-2015-1866 MEDIUM
Ember.js 1.10.x < 1.10.1 and 1.11.x < 1.11.2 - Cross-Site Scripting
Sep 20, 2017
CVSS 6.1
EPSS 0.00
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV