rubygems

965 tracked vulnerabilities.

CVE-2015-2179 MEDIUM
xaviershay-dm-rails 0.10.3.8 - Info Disclosure
Dec 12, 2023
CVSS 5.5
EPSS 0.00
CVE-2015-20108 CRITICAL
ruby-saml < 1.0.0 - XPath Injection and Code Execution via Prepared Statement Bypass
May 27, 2023
CVSS 9.8
EPSS 0.01
CVE-2015-10053 MEDIUM
Prodigasistemas Curupira <0.1.3 - SQL Injection
Jan 16, 2023
CVSS 5.5
EPSS 0.01
CVE-2015-4411 HIGH
mongodb/bson < 3.0.4 - Denial of Service via Crafted String in ObjectId.legal?
Feb 20, 2020
CVSS 7.5
EPSS 0.06
CVE-2015-4410 HIGH
Moped < 1.5.3 - Denial of Service and Cross-Site Scripting via ObjectId Validation
Feb 20, 2020
CVSS 7.5
EPSS 0.06
CVE-2015-2784 CRITICAL
papercrop < 0.3.0 - Improper Input Validation
Jan 21, 2020
CVSS 9.8
EPSS 0.02
CVE-2015-9284 HIGH
omniauth < 2.0.0 - Cross-Site Request Forgery in Ruby on Rails Request Phase
Apr 26, 2019
CVSS 8.8
EPSS 0.02
CVE-2015-4412 CRITICAL
bson-ruby < 3.0.4 - Denial of Service via Crafted String in legal? Function
Feb 05, 2018
CVSS 9.8
EPSS 0.05
CVE-2015-9251 MEDIUM
jQuery < 3.0.0 - Cross-Site Scripting via Cross-Domain Ajax Request
Jan 18, 2018
CVSS 6.1
EPSS 0.30
CVE-2015-1828 MEDIUM
http.rb < 0.7.3 - Sensitive Information Exposure via SSL Hostname Verification Bypass
Oct 06, 2017
CVSS 5.9
EPSS 0.02
CVE-2015-1866 MEDIUM
Ember.js 1.10.x < 1.10.1 and 1.11.x < 1.11.2 - Cross-Site Scripting
Sep 20, 2017
CVSS 6.1
EPSS 0.01
CVE-2015-4619 HIGH
Spina - Cross-Site Request Forgery
Sep 07, 2017
CVSS 8.8
EPSS 0.01
CVE-2015-7225 MEDIUM
tinfoilsecurity devise-two-factor < 2.0.0 - One-Time Password Reuse via RFC 6238 Non-Compliance
Sep 06, 2017
CVSS 5.3
EPSS 0.02
CVE-2015-3649 HIGH
open-uri-cached RubyGem - Local Cache Directory Ruby Code Execution
Aug 18, 2017
CVSS 7.8
EPSS 0.00
CVE-2015-1820 CRITICAL
REST client <1.8.0 - Info Disclosure
Aug 09, 2017
CVSS 9.8
EPSS 0.04
CVE-2015-9097 MEDIUM
mail < 2.5.5 - SMTP Command Injection via CRLF Sequences in RCPT TO or MAIL FROM
Jun 12, 2017
CVSS 6.1
EPSS 0.03
CVE-2015-7565 MEDIUM
Ember.js <1.11.4, <1.12.2, <1.13.12, <2.0.3, <2.1.2, <2.2.1 - Cross-Site Scripting
Apr 13, 2017
CVSS 6.1
EPSS 0.01
CVE-2015-8857 CRITICAL
Uglifyjs < 2.4.24 - Security Feature Bypass
Jan 23, 2017
CVSS 9.8
EPSS 0.04
CVE-2015-8969 CRITICAL
git-fastclone < 1.0.5 - Command Injection via Shell Command Arguments
Nov 03, 2016
CVSS 9.8
EPSS 0.05
CVE-2015-8968 HIGH
git-fastclone < 1.0.1 - Remote Code Execution via .gitmodules
Nov 03, 2016
CVSS 8.8
EPSS 0.05
CVE-2015-8806 HIGH
libxml2 < 2.9.4 - Denial of Service via Heap-Based Buffer Over-Read in dict.c
Apr 13, 2016
CVSS 7.5
EPSS 0.05
CVE-2015-7581 HIGH
Ruby on Rails <4.2.5.1, <5.0.0.beta1.1 - DoS
Feb 16, 2016
CVSS 7.5
EPSS 0.07
CVE-2015-7580 MEDIUM
rails-html-sanitizer < 1.0.3 - Cross-Site Scripting via CDATA Node
Feb 16, 2016
CVSS 6.1
EPSS 0.02
CVE-2015-7579 MEDIUM
rails-html-sanitizer < 1.0.2 - Cross-Site Scripting via HTML Entity Mishandling
Feb 16, 2016
CVSS 6.1
EPSS 0.03
CVE-2015-7578 MEDIUM
rails-html-sanitizer < 1.0.3 - Cross-Site Scripting via Crafted Tag Attributes
Feb 16, 2016
CVSS 6.1
EPSS 0.02