rubygems
954 tracked vulnerabilities.
CVE-2015-3225
Rack < 1.5.4 and 1.6.x < 1.6.2 - Denial of Service via Large Parameter Depth
Jul 26, 2015
EPSS 0.13
CVE-2015-3224
NUCLEI
rubyonrails/web_console < 2.1.2 and rubygems/web-console < 2.1.3 - Improper Access Control via X-Forwarded-For Header
Jul 26, 2015
EPSS 0.85
CVE-2015-1840
Fedora < 3.1.2 - Information Disclosure
Jul 26, 2015
EPSS 0.00
CVE-2015-5147
Redcarpet < 3.3.2 - Stack-Based Buffer Overflow in HTML Renderer
Jul 14, 2015
EPSS 0.01
CVE-2015-2963
thoughtbot paperclip < 4.2.2 - Cross-Site Scripting via Spoofed Content-Type
Jul 10, 2015
EPSS 0.00
CVE-2015-3900
RubyGems <2.0.16, <2.2.4, <2.4.7 - Open Redirect
Jun 24, 2015
EPSS 0.02
CVE-2015-3448
REST client for Ruby <1.7.3 - Info Disclosure
Apr 29, 2015
EPSS 0.00
CVE-2015-1426
Puppet Labs Facter <2.4.0 - Info Disclosure
Feb 23, 2015
EPSS 0.00
CVE-2015-1585
Fat Free CRM < 0.13.6 - Cross-Site Request Forgery via Missing Authenticity Token
Feb 19, 2015
EPSS 0.00
CVE-2014-0156
CRITICAL
ManageIQ Awesome Spawn 1.2.0-1.4.9 and Rubygems Awesome Spawn <1.2.0 - OS Command Injection via Command Arguments
Jun 30, 2022
CVSS 9.8
EPSS 0.01
CVE-2014-3211
HIGH
Publify < 8.0.1 - Denial of Service
Jan 09, 2020
CVSS 7.5
EPSS 0.00
CVE-2014-0084
MEDIUM
Ruby gem openshift-origin-node <2014-02-14 - DoS
Nov 21, 2019
CVSS 5.5
EPSS 0.00
CVE-2014-0083
MEDIUM
Ruby net-ldap <0.11 - Info Disclosure
Nov 21, 2019
CVSS 5.5
EPSS 0.00
CVE-2014-10077
HIGH
I18n < 0.8.0 - Improper Input Validation
Nov 06, 2018
CVSS 7.5
EPSS 0.01
CVE-2014-10075
CRITICAL
karo 2.3.8 - Remote Command Injection via Host Field
Oct 05, 2018
CVSS 9.8
EPSS 0.11
CVE-2014-0014
MEDIUM
Ember.js <1.0.1-<1.4.0-beta.2 - XSS
Feb 15, 2018
CVSS 5.4
EPSS 0.00
CVE-2014-0013
MEDIUM
Ember.js <1.0.1, <1.1.3, <1.2.1, <1.3.1, <1.4.0-beta.2 - XSS
Feb 15, 2018
CVSS 5.4
EPSS 0.00
CVE-2014-1835
HIGH
echor 0.1.6 - Local Credential Exposure via Process Table
Feb 02, 2018
CVSS 7.8
EPSS 0.00
CVE-2014-1834
HIGH
echor 0.1.6 - OS Command Injection via Username or Password Parameter
Feb 02, 2018
CVSS 7.8
EPSS 0.00
CVE-2014-5004
HIGH
brbackup 0.1.1 - Exposure of Sensitive Information via MySQL Command Line
Jan 10, 2018
CVSS 7.8
EPSS 0.00
CVE-2014-5003
MEDIUM
ciborg 3.0.0 - Privilege Escalation
Jan 10, 2018
CVSS 5.5
EPSS 0.00
CVE-2014-5002
HIGH
lynx < 1.0.0 - Password Exposure via Command Line
Jan 10, 2018
CVSS 7.8
EPSS 0.00
CVE-2014-5001
HIGH
Ksymfony1.rb <2.1.6 - Info Disclosure
Jan 10, 2018
CVSS 7.8
EPSS 0.00
CVE-2014-5000
HIGH
lawn-login <0.0.7 - Info Disclosure
Jan 10, 2018
CVSS 7.8
EPSS 0.00
CVE-2014-4999
HIGH
kajam 1.0.3.rc2 - Exposure of Sensitive Information via MySQL Command Line
Jan 10, 2018
CVSS 7.8
EPSS 0.00
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
ruby-saml 10
jquery-rails 9
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
katello 7
lodash-rails 7
net-imap 7
spree 7
avo 6
Quick Filters