rubygems

954 tracked vulnerabilities.

CVE-2014-2322
Arabic Prawn 0.0.1 - Remote Code Execution via Shell Metacharacters in Downloaded File or URL
May 02, 2014
EPSS 0.01
CVE-2014-2888
sfpagent <0.4.15 - Command Injection
Apr 23, 2014
EPSS 0.01
CVE-2014-0036
rbovirt <0.0.24 - Man-in-the-middle
Apr 17, 2014
EPSS 0.01
CVE-2014-2538
rack-ssl < 1.4.0 - Cross-Site Scripting via URI Handling
Mar 25, 2014
EPSS 0.00
CVE-2014-0046
ember.js 1.2.x-1.2.1, 1.3.x-1.3.1, 1.4.x-beta.5 - Cross-Site Scripting via link-to Helper Title Attribute
Feb 27, 2014
EPSS 0.01
CVE-2014-0082
Ruby on Rails 3.x - Denial of Service via MIME Type String Conversion
Feb 20, 2014
EPSS 0.06
CVE-2014-0081
Ruby on Rails < 3.2.17, 4.0.x < 4.0.3, 4.1.x < 4.1.0.beta2 - Cross-Site Scripting via Number Helper Parameters
Feb 20, 2014
EPSS 0.01
CVE-2014-0080
Ruby on Rails <4.0.3 & 4.1.0.beta1 - SQL Injection
Feb 20, 2014
EPSS 0.00
CVE-2014-1234
paratrooper-newrelic 1.0.1 - Exposure of Sensitive Information via Process Listing
Jan 10, 2014
EPSS 0.00
CVE-2014-1233
paratrooper-pingdom - Exposure of Sensitive Information via Process Listing
Jan 10, 2014
EPSS 0.00
CVE-2013-2513 CRITICAL
flash_tool <0.6.0 - Command Injection
Dec 12, 2023
CVSS 9.8
EPSS 0.01
CVE-2013-4170 MEDIUM
ember.js < 1.0.0 - Cross-Site Scripting via Ember.View tagName Property
Jun 30, 2022
CVSS 6.1
EPSS 0.00
CVE-2013-2512 CRITICAL
ftpd gem 0.2.1 - Remote Code Execution via FTP LIST/NLST Command Argument
Jan 26, 2021
CVSS 9.8
EPSS 0.03
CVE-2013-1607 CRITICAL
pdfkit < 0.5.3 - Remote Code Execution
Feb 11, 2020
CVSS 9.8
EPSS 0.01
CVE-2013-4318 MEDIUM
Ruby gem Features 0.3.0 - File Injection via Malicious HTML
Dec 26, 2019
CVSS 5.4
EPSS 0.00
CVE-2013-4593 HIGH
omniauth-facebook < 1.5.0 - Improper Authentication
Dec 11, 2019
CVSS 7.5
EPSS 0.00
CVE-2013-2095 CRITICAL
OpenShift Origin Controller - OS Command Injection via URI.parse() in cartridge_cache.rb
Dec 10, 2019
CVSS 9.8
EPSS 0.03
CVE-2013-6461 MEDIUM
Nokogiri 1.5.0-1.5.10 - Denial of Service via XML Entity Expansion
Nov 05, 2019
CVSS 6.5
EPSS 0.02
CVE-2013-6460 MEDIUM
Nokogiri 1.5.0-1.5.10 - Denial of Service via XML Entity Expansion
Nov 05, 2019
CVSS 6.5
EPSS 0.03
CVE-2013-2516 HIGH
fileutils < 0.7 - Command Injection via URL Variable
Feb 15, 2019
CVSS 8.8
EPSS 0.02
CVE-2013-7463 HIGH
aescrypt gem 1.0.0 - Info Disclosure
Apr 19, 2017
CVSS 7.5
EPSS 0.00
CVE-2013-0334
Bundler < 1.7.0 - Arbitrary Gem Installation via Duplicate Gem Name in Multiple Sources
Oct 31, 2014
EPSS 0.00
CVE-2013-1756
Dragonfly gem 0.7-0.8.5 and 0.9.x < 0.9.13 - Remote Code Execution
Jun 09, 2014
EPSS 0.02
CVE-2013-2090
Creme Fraiche < 0.6.1 - Remote Code Execution via Email Attachment Filename
May 27, 2014
EPSS 0.01
CVE-2013-4489
GitLab 5.2-5.4.1 and 6.x-6.2.3 - Authenticated Remote Code Execution via Grit Gem Search Feature
May 17, 2014
EPSS 0.00
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV