rubygems

954 tracked vulnerabilities.

CVE-2015-4619 HIGH
Spina - Cross-Site Request Forgery
Sep 07, 2017
CVSS 8.8
EPSS 0.00
CVE-2015-7225 MEDIUM
tinfoilsecurity devise-two-factor < 2.0.0 - One-Time Password Reuse via RFC 6238 Non-Compliance
Sep 06, 2017
CVSS 5.3
EPSS 0.01
CVE-2015-3649 HIGH
open-uri-cached RubyGem - Local Cache Directory Ruby Code Execution
Aug 18, 2017
CVSS 7.8
EPSS 0.00
CVE-2015-1820 CRITICAL
REST client <1.8.0 - Info Disclosure
Aug 09, 2017
CVSS 9.8
EPSS 0.04
CVE-2015-9097 MEDIUM
mail < 2.5.5 - SMTP Command Injection via CRLF Sequences in RCPT TO or MAIL FROM
Jun 12, 2017
CVSS 6.1
EPSS 0.01
CVE-2015-7565 MEDIUM
Ember.js <1.11.4, <1.12.2, <1.13.12, <2.0.3, <2.1.2, <2.2.1 - Cross-Site Scripting
Apr 13, 2017
CVSS 6.1
EPSS 0.00
CVE-2015-8857 CRITICAL
Uglifyjs < 2.4.24 - Security Feature Bypass
Jan 23, 2017
CVSS 9.8
EPSS 0.00
CVE-2015-8969 CRITICAL
git-fastclone < 1.0.5 - Command Injection via Shell Command Arguments
Nov 03, 2016
CVSS 9.8
EPSS 0.02
CVE-2015-8968 HIGH
git-fastclone < 1.0.1 - Remote Code Execution via .gitmodules
Nov 03, 2016
CVSS 8.8
EPSS 0.03
CVE-2015-8806 HIGH
libxml2 < 2.9.4 - Denial of Service via Heap-Based Buffer Over-Read in dict.c
Apr 13, 2016
CVSS 7.5
EPSS 0.09
CVE-2015-7581 HIGH
Ruby on Rails <4.2.5.1, <5.0.0.beta1.1 - DoS
Feb 16, 2016
CVSS 7.5
EPSS 0.09
CVE-2015-7580 MEDIUM
rails-html-sanitizer < 1.0.3 - Cross-Site Scripting via CDATA Node
Feb 16, 2016
CVSS 6.1
EPSS 0.00
CVE-2015-7579 MEDIUM
rails-html-sanitizer < 1.0.2 - Cross-Site Scripting via HTML Entity Mishandling
Feb 16, 2016
CVSS 6.1
EPSS 0.00
CVE-2015-7578 MEDIUM
rails-html-sanitizer < 1.0.3 - Cross-Site Scripting via Crafted Tag Attributes
Feb 16, 2016
CVSS 6.1
EPSS 0.00
CVE-2015-7577 MEDIUM
Ruby on Rails 3.1.x-3.2.22, 4.0.x-4.1.14, 4.2.x-4.2.5, 5.x-beta1 - Improper Access Control via Nested Attributes
Feb 16, 2016
CVSS 5.3
EPSS 0.01
CVE-2015-7576 LOW
Ruby on Rails <3.2.22.1, <4.0.x, <4.1.x-4.1.14.1, <4.2.x-4.2.5.1, <...
Feb 16, 2016
CVSS 3.7
EPSS 0.01
CVE-2015-7541 CRITICAL
colorscore < 0.0.5 - OS Command Injection via Histogram Image Path
Jan 08, 2016
CVSS 10.0
EPSS 0.01
CVE-2015-7519 LOW
Phusion Passenger <4.0.60, 5.0.x <5.0.22 - Header Spoofing
Jan 08, 2016
CVSS 3.7
EPSS 0.00
CVE-2015-7499
libxml2 < 2.9.2 - Heap-based Buffer Overflow via xmlGROW Function
Dec 15, 2015
EPSS 0.01
CVE-2015-5312
libxml2 <2.9.3 - DoS
Dec 15, 2015
EPSS 0.01
CVE-2015-7314
gollum < 4.0.1 - Unauthenticated Arbitrary File Read via Precious Module
Oct 06, 2015
EPSS 0.00
CVE-2015-4020
Oracle Solaris < 2.0.17 - Improper Input Validation
Aug 25, 2015
EPSS 0.01
CVE-2015-1819
Debian Linux < 5.0 - Resource Management Error
Aug 14, 2015
EPSS 0.02
CVE-2015-3227
Ruby on Rails <4.1.11 & <4.2.2 - DoS
Jul 26, 2015
EPSS 0.03
CVE-2015-3226
Ruby on Rails 3.x-4.1.x/4.2.x - XSS
Jul 26, 2015
EPSS 0.00
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV