rubygems
965 tracked vulnerabilities.
CVE-2013-4318
MEDIUM
Ruby gem Features 0.3.0 - File Injection via Malicious HTML
Dec 26, 2019
CVSS 5.4
EPSS 0.01
CVE-2013-4593
HIGH
omniauth-facebook < 1.5.0 - Improper Authentication
Dec 11, 2019
CVSS 7.5
EPSS 0.02
CVE-2013-2095
CRITICAL
OpenShift Origin Controller - OS Command Injection via URI.parse() in cartridge_cache.rb
Dec 10, 2019
CVSS 9.8
EPSS 0.02
CVE-2013-6461
MEDIUM
Nokogiri 1.5.0-1.5.10 - Denial of Service via XML Entity Expansion
Nov 05, 2019
CVSS 6.5
EPSS 0.02
CVE-2013-6460
MEDIUM
Nokogiri 1.5.0-1.5.10 - Denial of Service via XML Entity Expansion
Nov 05, 2019
CVSS 6.5
EPSS 0.02
CVE-2013-2516
HIGH
fileutils < 0.7 - Command Injection via URL Variable
Feb 15, 2019
CVSS 8.8
EPSS 0.03
CVE-2013-7463
HIGH
aescrypt gem 1.0.0 - Info Disclosure
Apr 19, 2017
CVSS 7.5
EPSS 0.01
CVE-2013-0334
Bundler < 1.7.0 - Arbitrary Gem Installation via Duplicate Gem Name in Multiple Sources
Oct 31, 2014
EPSS 0.04
CVE-2013-1756
Dragonfly gem 0.7-0.8.5 and 0.9.x < 0.9.13 - Remote Code Execution
Jun 09, 2014
EPSS 0.04
CVE-2013-2090
Creme Fraiche < 0.6.1 - Remote Code Execution via Email Attachment Filename
May 27, 2014
EPSS 0.04
CVE-2013-4489
GitLab 5.2-5.4.1 and 6.x-6.2.3 - Authenticated Remote Code Execution via Grit Gem Search Feature
May 17, 2014
EPSS 0.01
CVE-2013-4562
omniauth-facebook 1.4.1-1.5.0 - Cross-Site Request Forgery via State Parameter
May 13, 2014
EPSS 0.01
CVE-2013-5671
fog-dragonfly 0.8.2 - Remote Code Execution
May 12, 2014
EPSS 0.02
CVE-2013-7111
BaseSpace Ruby SDK 0.1.7 - Info Disclosure
Apr 29, 2014
EPSS 0.02
CVE-2013-2105
show_in_browser gem 0.0.3 - Symlink Attack via /tmp/browser.html
Apr 22, 2014
EPSS 0.00
CVE-2013-4413
wicked < 1.0.1 - Path Traversal via Step Parameter
Mar 11, 2014
EPSS 0.03
CVE-2013-2119
Phusion Passenger < 3.0.21 and 4.0.x < 4.0.5 - Denial of Service and Privilege Escalation via Temporary Config File
Jan 03, 2014
EPSS 0.00
CVE-2013-7249
Fat Free CRM <0.12.1 - Info Disclosure
Jan 02, 2014
EPSS 0.03
CVE-2013-7225
Fat Free CRM <0.12.1 - SQL Injection
Jan 02, 2014
EPSS 0.02
CVE-2013-7224
Fat Free CRM <0.12.1 - Info Disclosure
Jan 02, 2014
EPSS 0.03
CVE-2013-7223
Fat Free CRM < 0.12.1 - Cross-Site Request Forgery
Jan 02, 2014
EPSS 0.01
CVE-2013-7222
Fat Free CRM <0.12.1 - Info Disclosure
Jan 02, 2014
EPSS 0.02
CVE-2013-6459
will_paginate < 3.0.5 - Cross-Site Scripting via Pagination Links
Dec 31, 2013
EPSS 0.02
CVE-2013-7086
Webbynode <1.0.5.3 - Command Injection
Dec 19, 2013
EPSS 0.04
CVE-2013-6421
sprout 0.7.246 - OS Command Injection via Archive Filename or Path
Dec 12, 2013
EPSS 0.02
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters