rubygems
965 tracked vulnerabilities.
CVE-2013-1802
extlib < 0.9.15 - Remote Code Execution and Denial of Service via String Cast Handling
Apr 09, 2013
EPSS 0.03
CVE-2013-1801
httparty < 0.9.0 - Remote Code Execution via YAML Type Conversion
Apr 09, 2013
EPSS 0.04
CVE-2013-1800
crack < 0.3.1 - Remote Code Execution via String Cast Injection
Apr 09, 2013
EPSS 0.05
CVE-2013-0285
nori_gem 1.0.x < 1.0.3, 1.1.x < 1.1.4, 2.0.x < 2.0.2 - Remote Code Execution via String Cast Injection
Apr 09, 2013
EPSS 0.02
CVE-2013-0284
New Relic Ruby Agent 3.2.0-3.5.2 - Exposure of Sensitive Information via Network Serialization
Apr 09, 2013
EPSS 0.01
CVE-2013-1911
ldoce 0.0.2 - Remote Code Execution via Shell Metacharacters in MP3 URL or File Name
Apr 03, 2013
EPSS 0.02
CVE-2013-2617
Ruby Gem Curl - Remote Code Execution via Shell Metacharacters in URL
Mar 20, 2013
EPSS 0.04
CVE-2013-2616
MiniMagick Gem 1.3.1 - Command Injection
Mar 20, 2013
EPSS 0.04
CVE-2013-2615
fastreader 1.0.8 - Remote Code Execution via URL Shell Metacharacters
Mar 20, 2013
EPSS 0.02
CVE-2013-1875
command_wrap - Remote Code Execution via Shell Metacharacters in URL or Filename
Mar 20, 2013
EPSS 0.04
CVE-2013-1655
Puppet 2.7.0-2.7.20 and 3.1.0 - Remote Code Execution via Serialized Attributes
Mar 20, 2013
EPSS 0.05
CVE-2013-1857
Redhat Enterprise Linux < 2.3.17 - XSS
Mar 19, 2013
EPSS 0.02
CVE-2013-1856
Ruby on Rails 3.0.x-3.1.x < 3.1.12 and 3.2.x < 3.2.13 - XML External Entity Injection via ActiveSupport::XmlMini_JDOM
Mar 19, 2013
EPSS 0.02
CVE-2013-1855
Ruby on Rails < 2.3.18, 3.0.x-3.1.x < 3.1.12, 3.2.x < 3.2.13 - Cross-Site Scripting via CSS Token Sequence
Mar 19, 2013
EPSS 0.03
CVE-2013-1854
Ruby on Rails 2.3.x < 2.3.18, 3.1.x < 3.1.12, 3.2.x < 3.2.13 - Denial of Service via Active Record Query Processing
Mar 19, 2013
EPSS 0.03
CVE-2013-2506
Spree <1.1.6, 1.2.x, 1.3.x - Privilege Escalation
Mar 08, 2013
EPSS 0.01
CVE-2013-1656
Spree Commerce 1.0.0-1.3.2 - Authenticated Remote Code Execution via Unsafe Constantize Function
Mar 08, 2013
EPSS 0.02
CVE-2013-0256
RDoc 2.3.0-3.12 and 4.x < 4.0.0.preview2.1 - Cross-Site Scripting via darkfish.js
Mar 01, 2013
EPSS 0.04
CVE-2013-0184
Rack 1.1.x-1.1.4, 1.2.x-1.2.6, 1.3.x-1.3.8, 1.4.x-1.4.3 - Denial of Service via Symbolized Arbitrary Strings
Mar 01, 2013
EPSS 0.02
CVE-2013-0183
Rack 1.3.0-1.3.7 and 1.4.0-1.4.2 - Denial of Service via Long String in Multipart HTTP Packet
Mar 01, 2013
EPSS 0.04
CVE-2013-0162
ruby_parser < 3.1.1 - Arbitrary File Write via Symlink Attack on Temporary File
Mar 01, 2013
EPSS 0.00
CVE-2013-0277
Ruby on Rails < 2.3.17 and 3.x < 3.1.0 - Remote Code Execution via YAML Deserialization
Feb 13, 2013
EPSS 0.07
CVE-2013-0276
Ruby on Rails < 2.3.17, 3.1.x < 3.1.11, 3.2.x < 3.2.12 - Unauthenticated Protected Attribute Bypass via Crafted Request
Feb 13, 2013
EPSS 0.02
CVE-2013-0269
JSON gem < 1.5.5, 1.6.x < 1.6.8, 1.7.x < 1.7.7 - DoS and Mass Assignment Bypass via Crafted JSON
Feb 13, 2013
EPSS 0.14
CVE-2013-0263
Rack <1.5.2, <1.4.5, <1.3.10, <1.2.8, <1.1.6 - RCE
Feb 08, 2013
EPSS 0.05
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters