rubygems
954 tracked vulnerabilities.
CVE-2014-4998
HIGH
lean-ruport 0.3.8 - Info Disclosure
Jan 10, 2018
CVSS 7.8
EPSS 0.00
CVE-2014-4997
HIGH
point-cli gem 0.0.1 - Info Disclosure
Jan 10, 2018
CVSS 7.8
EPSS 0.00
CVE-2014-4996
MEDIUM
VladTheEnterprising gem 0.2 - Local File Write
Jan 10, 2018
CVSS 5.5
EPSS 0.00
CVE-2014-4995
HIGH
VladTheEnterprising 0.2 - Info Disclosure
Jan 10, 2018
CVSS 7.0
EPSS 0.00
CVE-2014-4994
MEDIUM
gyazo 1.0.0-2.0.0 - Arbitrary File Write via Symlink Attack on Temporary File
Jan 10, 2018
CVSS 5.5
EPSS 0.00
CVE-2014-4993
HIGH
backup-agoddard and backup_checksum - Local Credential Exposure via OpenSSL Command Line
Jan 10, 2018
CVSS 7.8
EPSS 0.00
CVE-2014-4992
HIGH
cap-strap 0.1.5 - Exposure of Sensitive Information via Useradd Command Line
Jan 10, 2018
CVSS 7.8
EPSS 0.00
CVE-2014-4991
HIGH
codders-dataset <1.3.2.1 - Info Disclosure
Jan 10, 2018
CVSS 7.8
EPSS 0.00
CVE-2014-9489
HIGH
gollum <3.1.1 and gollum-lib <4.0.1 - Authenticated RCE
Oct 17, 2017
CVSS 8.8
EPSS 0.01
CVE-2014-1832
Phusion Passenger 4.0.37 - Local Privilege Escalation
Feb 19, 2015
EPSS 0.00
CVE-2014-1831
Phusion Passenger <4.0.37 - Local Privilege Escalation
Feb 19, 2015
EPSS 0.00
CVE-2014-9490
raven-ruby < 0.12.2 - Denial of Service via Large Exponent in Scientific Number
Jan 20, 2015
EPSS 0.01
CVE-2014-8144
doorkeeper < 1.4.1 - Cross-Site Request Forgery
Dec 31, 2014
EPSS 0.00
CVE-2014-7829
Opensuse < 4.1.8 - Path Traversal
Nov 18, 2014
EPSS 0.00
CVE-2014-3248
Puppet Enterprise <2.8.7, Puppet <2.7.26 & 3.x <3.6.2 - Privilege E...
Nov 16, 2014
EPSS 0.00
CVE-2014-7819
Sprockets Path Traversal via Double Slash or URL-Encoded Dot-Dot-Slash Sequences
Nov 08, 2014
EPSS 0.01
CVE-2014-7818
Ruby on Rails Path Traversal via URL-Encoded Dot-Dot-Slash Sequence
Nov 08, 2014
EPSS 0.00
CVE-2014-5441
Fat Free CRM < 0.13.3 - Stored Cross-Site Scripting via User Profile Fields
Sep 12, 2014
EPSS 0.00
CVE-2014-3514
Ruby on Rails Active Record 4.0.0-4.0.8 - Strong Parameters Protection Bypass via create_with
Aug 20, 2014
EPSS 0.00
CVE-2014-4326
Elasticsearch Logstash <1.4.2 - RCE
Jul 22, 2014
EPSS 0.01
CVE-2014-3483
Ruby on Rails 4.x < 4.0.7 and 4.1.x < 4.1.3 - SQL Injection via PostgreSQL Range Quoting
Jul 07, 2014
EPSS 0.01
CVE-2014-3482
Ruby on Rails 2.x and 3.x - SQL Injection via PostgreSQL Bitstring Quoting
Jul 07, 2014
EPSS 0.02
CVE-2014-0177
hub <1.12.1 - Local Privilege Escalation
May 27, 2014
EPSS 0.00
CVE-2014-0135
Kafo <0.3.17 & 0.4.x <0.5.2 - Info Disclosure
May 08, 2014
EPSS 0.00
CVE-2014-0130
HIGH
KEV
Ruby on Rails <3.2.18, <4.0.5, <4.1.1 - Path Traversal
May 07, 2014
CVSS 7.5
EPSS 0.53
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
ruby-saml 10
jquery-rails 9
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
katello 7
lodash-rails 7
net-imap 7
spree 7
avo 6
Quick Filters