rubygems
965 tracked vulnerabilities.
CVE-2014-3248
Puppet Enterprise <2.8.7, Puppet <2.7.26 & 3.x <3.6.2 - Privilege E...
Nov 16, 2014
EPSS 0.01
CVE-2014-7819
Sprockets Path Traversal via Double Slash or URL-Encoded Dot-Dot-Slash Sequences
Nov 08, 2014
EPSS 0.04
CVE-2014-7818
Ruby on Rails Path Traversal via URL-Encoded Dot-Dot-Slash Sequence
Nov 08, 2014
EPSS 0.03
CVE-2014-5441
Fat Free CRM < 0.13.3 - Stored Cross-Site Scripting via User Profile Fields
Sep 12, 2014
EPSS 0.02
CVE-2014-3514
Ruby on Rails Active Record 4.0.0-4.0.8 - Strong Parameters Protection Bypass via create_with
Aug 20, 2014
EPSS 0.03
CVE-2014-4326
Elasticsearch Logstash <1.4.2 - RCE
Jul 22, 2014
EPSS 0.03
CVE-2014-3483
Ruby on Rails 4.x < 4.0.7 and 4.1.x < 4.1.3 - SQL Injection via PostgreSQL Range Quoting
Jul 07, 2014
EPSS 0.04
CVE-2014-3482
Ruby on Rails 2.x and 3.x - SQL Injection via PostgreSQL Bitstring Quoting
Jul 07, 2014
EPSS 0.04
CVE-2014-0177
hub <1.12.1 - Local Privilege Escalation
May 27, 2014
EPSS 0.00
CVE-2014-0135
Kafo <0.3.17 & 0.4.x <0.5.2 - Info Disclosure
May 08, 2014
EPSS 0.00
CVE-2014-0130
HIGH
KEV
Ruby on Rails <3.2.18, <4.0.5, <4.1.1 - Path Traversal
May 07, 2014
CVSS 7.5
EPSS 0.54
CVE-2014-2322
Arabic Prawn 0.0.1 - Remote Code Execution via Shell Metacharacters in Downloaded File or URL
May 02, 2014
EPSS 0.02
CVE-2014-2888
sfpagent <0.4.15 - Command Injection
Apr 23, 2014
EPSS 0.02
CVE-2014-0036
rbovirt <0.0.24 - Man-in-the-middle
Apr 17, 2014
EPSS 0.02
CVE-2014-2538
rack-ssl < 1.4.0 - Cross-Site Scripting via URI Handling
Mar 25, 2014
EPSS 0.02
CVE-2014-0046
ember.js 1.2.x-1.2.1, 1.3.x-1.3.1, 1.4.x-beta.5 - Cross-Site Scripting via link-to Helper Title Attribute
Feb 27, 2014
EPSS 0.01
CVE-2014-0082
Ruby on Rails 3.x - Denial of Service via MIME Type String Conversion
Feb 20, 2014
EPSS 0.06
CVE-2014-0081
Ruby on Rails < 3.2.17, 4.0.x < 4.0.3, 4.1.x < 4.1.0.beta2 - Cross-Site Scripting via Number Helper Parameters
Feb 20, 2014
EPSS 0.04
CVE-2014-0080
Ruby on Rails <4.0.3 & 4.1.0.beta1 - SQL Injection
Feb 20, 2014
EPSS 0.01
CVE-2014-1234
paratrooper-newrelic 1.0.1 - Exposure of Sensitive Information via Process Listing
Jan 10, 2014
EPSS 0.01
CVE-2014-1233
paratrooper-pingdom - Exposure of Sensitive Information via Process Listing
Jan 10, 2014
EPSS 0.00
CVE-2013-2513
CRITICAL
flash_tool <0.6.0 - Command Injection
Dec 12, 2023
CVSS 9.8
EPSS 0.02
CVE-2013-4170
MEDIUM
ember.js < 1.0.0 - Cross-Site Scripting via Ember.View tagName Property
Jun 30, 2022
CVSS 6.1
EPSS 0.01
CVE-2013-2512
CRITICAL
ftpd gem 0.2.1 - Remote Code Execution via FTP LIST/NLST Command Argument
Jan 26, 2021
CVSS 9.8
EPSS 0.04
CVE-2013-1607
CRITICAL
pdfkit < 0.5.3 - Remote Code Execution
Feb 11, 2020
CVSS 9.8
EPSS 0.03
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters