rubygems
965 tracked vulnerabilities.
CVE-2015-7577
MEDIUM
Ruby on Rails 3.1.x-3.2.22, 4.0.x-4.1.14, 4.2.x-4.2.5, 5.x-beta1 - Improper Access Control via Nested Attributes
Feb 16, 2016
CVSS 5.3
EPSS 0.04
CVE-2015-7576
LOW
Ruby on Rails <3.2.22.1, <4.0.x, <4.1.x-4.1.14.1, <4.2.x-4.2.5.1, <...
Feb 16, 2016
CVSS 3.7
EPSS 0.05
CVE-2015-7541
CRITICAL
colorscore < 0.0.5 - OS Command Injection via Histogram Image Path
Jan 08, 2016
CVSS 10.0
EPSS 0.04
CVE-2015-7519
LOW
Phusion Passenger <4.0.60, 5.0.x <5.0.22 - Header Spoofing
Jan 08, 2016
CVSS 3.7
EPSS 0.02
CVE-2015-7499
libxml2 < 2.9.2 - Heap-based Buffer Overflow via xmlGROW Function
Dec 15, 2015
EPSS 0.06
CVE-2015-5312
libxml2 <2.9.3 - DoS
Dec 15, 2015
EPSS 0.05
CVE-2015-7314
gollum < 4.0.1 - Unauthenticated Arbitrary File Read via Precious Module
Oct 06, 2015
EPSS 0.02
CVE-2015-4020
Oracle Solaris < 2.0.17 - Improper Input Validation
Aug 25, 2015
EPSS 0.03
CVE-2015-1819
Debian Linux < 5.0 - Resource Management Error
Aug 14, 2015
EPSS 0.06
CVE-2015-3227
Ruby on Rails <4.1.11 & <4.2.2 - DoS
Jul 26, 2015
EPSS 0.04
CVE-2015-3226
Ruby on Rails 3.x-4.1.x/4.2.x - XSS
Jul 26, 2015
EPSS 0.03
CVE-2015-3225
Rack < 1.5.4 and 1.6.x < 1.6.2 - Denial of Service via Large Parameter Depth
Jul 26, 2015
EPSS 0.08
CVE-2015-3224
NUCLEI
rubyonrails/web_console < 2.1.2 and rubygems/web-console < 2.1.3 - Improper Access Control via X-Forwarded-For Header
Jul 26, 2015
EPSS 0.45
CVE-2015-1840
Fedora < 3.1.2 - Information Disclosure
Jul 26, 2015
EPSS 0.04
CVE-2015-5147
Redcarpet < 3.3.2 - Stack-Based Buffer Overflow in HTML Renderer
Jul 14, 2015
EPSS 0.03
CVE-2015-2963
thoughtbot paperclip < 4.2.2 - Cross-Site Scripting via Spoofed Content-Type
Jul 10, 2015
EPSS 0.02
CVE-2015-3900
RubyGems <2.0.16, <2.2.4, <2.4.7 - Open Redirect
Jun 24, 2015
EPSS 0.09
CVE-2015-3448
REST client for Ruby <1.7.3 - Info Disclosure
Apr 29, 2015
EPSS 0.00
CVE-2015-1426
Puppet Labs Facter <2.4.0 - Info Disclosure
Feb 23, 2015
EPSS 0.00
CVE-2015-1585
Fat Free CRM < 0.13.6 - Cross-Site Request Forgery via Missing Authenticity Token
Feb 19, 2015
EPSS 0.01
CVE-2014-0156
CRITICAL
ManageIQ Awesome Spawn 1.2.0-1.4.9 and Rubygems Awesome Spawn <1.2.0 - OS Command Injection via Command Arguments
Jun 30, 2022
CVSS 9.8
EPSS 0.03
CVE-2014-3211
HIGH
Publify < 8.0.1 - Denial of Service
Jan 09, 2020
CVSS 7.5
EPSS 0.01
CVE-2014-0084
MEDIUM
Ruby gem openshift-origin-node <2014-02-14 - DoS
Nov 21, 2019
CVSS 5.5
EPSS 0.00
CVE-2014-0083
MEDIUM
Ruby net-ldap <0.11 - Info Disclosure
Nov 21, 2019
CVSS 5.5
EPSS 0.00
CVE-2014-10077
HIGH
I18n < 0.8.0 - Improper Input Validation
Nov 06, 2018
CVSS 7.5
EPSS 0.03
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters