rubygems

965 tracked vulnerabilities.

CVE-2015-7577 MEDIUM
Ruby on Rails 3.1.x-3.2.22, 4.0.x-4.1.14, 4.2.x-4.2.5, 5.x-beta1 - Improper Access Control via Nested Attributes
Feb 16, 2016
CVSS 5.3
EPSS 0.04
CVE-2015-7576 LOW
Ruby on Rails <3.2.22.1, <4.0.x, <4.1.x-4.1.14.1, <4.2.x-4.2.5.1, <...
Feb 16, 2016
CVSS 3.7
EPSS 0.05
CVE-2015-7541 CRITICAL
colorscore < 0.0.5 - OS Command Injection via Histogram Image Path
Jan 08, 2016
CVSS 10.0
EPSS 0.04
CVE-2015-7519 LOW
Phusion Passenger <4.0.60, 5.0.x <5.0.22 - Header Spoofing
Jan 08, 2016
CVSS 3.7
EPSS 0.02
CVE-2015-7499
libxml2 < 2.9.2 - Heap-based Buffer Overflow via xmlGROW Function
Dec 15, 2015
EPSS 0.06
CVE-2015-5312
libxml2 <2.9.3 - DoS
Dec 15, 2015
EPSS 0.05
CVE-2015-7314
gollum < 4.0.1 - Unauthenticated Arbitrary File Read via Precious Module
Oct 06, 2015
EPSS 0.02
CVE-2015-4020
Oracle Solaris < 2.0.17 - Improper Input Validation
Aug 25, 2015
EPSS 0.03
CVE-2015-1819
Debian Linux < 5.0 - Resource Management Error
Aug 14, 2015
EPSS 0.06
CVE-2015-3227
Ruby on Rails <4.1.11 & <4.2.2 - DoS
Jul 26, 2015
EPSS 0.04
CVE-2015-3226
Ruby on Rails 3.x-4.1.x/4.2.x - XSS
Jul 26, 2015
EPSS 0.03
CVE-2015-3225
Rack < 1.5.4 and 1.6.x < 1.6.2 - Denial of Service via Large Parameter Depth
Jul 26, 2015
EPSS 0.08
CVE-2015-3224 NUCLEI
rubyonrails/web_console < 2.1.2 and rubygems/web-console < 2.1.3 - Improper Access Control via X-Forwarded-For Header
Jul 26, 2015
EPSS 0.45
CVE-2015-1840
Fedora < 3.1.2 - Information Disclosure
Jul 26, 2015
EPSS 0.04
CVE-2015-5147
Redcarpet < 3.3.2 - Stack-Based Buffer Overflow in HTML Renderer
Jul 14, 2015
EPSS 0.03
CVE-2015-2963
thoughtbot paperclip < 4.2.2 - Cross-Site Scripting via Spoofed Content-Type
Jul 10, 2015
EPSS 0.02
CVE-2015-3900
RubyGems <2.0.16, <2.2.4, <2.4.7 - Open Redirect
Jun 24, 2015
EPSS 0.09
CVE-2015-3448
REST client for Ruby <1.7.3 - Info Disclosure
Apr 29, 2015
EPSS 0.00
CVE-2015-1426
Puppet Labs Facter <2.4.0 - Info Disclosure
Feb 23, 2015
EPSS 0.00
CVE-2015-1585
Fat Free CRM < 0.13.6 - Cross-Site Request Forgery via Missing Authenticity Token
Feb 19, 2015
EPSS 0.01
CVE-2014-0156 CRITICAL
ManageIQ Awesome Spawn 1.2.0-1.4.9 and Rubygems Awesome Spawn <1.2.0 - OS Command Injection via Command Arguments
Jun 30, 2022
CVSS 9.8
EPSS 0.03
CVE-2014-3211 HIGH
Publify < 8.0.1 - Denial of Service
Jan 09, 2020
CVSS 7.5
EPSS 0.01
CVE-2014-0084 MEDIUM
Ruby gem openshift-origin-node <2014-02-14 - DoS
Nov 21, 2019
CVSS 5.5
EPSS 0.00
CVE-2014-0083 MEDIUM
Ruby net-ldap <0.11 - Info Disclosure
Nov 21, 2019
CVSS 5.5
EPSS 0.00
CVE-2014-10077 HIGH
I18n < 0.8.0 - Improper Input Validation
Nov 06, 2018
CVSS 7.5
EPSS 0.03