rubygems
965 tracked vulnerabilities.
CVE-2013-0262
Rack 1.4.x < 1.4.5 and 1.5.x < 1.5.2 - Path Traversal via PATH_INFO Environment Variable
Feb 08, 2013
EPSS 0.03
CVE-2013-0333
Ruby on Rails 2.3.x-2.3.15 and 3.0.x-3.0.19 - Remote Code Execution via YAML Deserialization
Jan 30, 2013
EPSS 0.99
CVE-2013-0156
Ruby on Rails JSON Processor YAML Deserialization Code Execution
Jan 13, 2013
EPSS 0.99
CVE-2013-0155
Ruby on Rails 3.0.x < 3.0.19, 3.1.x < 3.1.10, 3.2.x < 3.2.11 - SQL Query Manipulation via JSON Parameter Handling
Jan 13, 2013
EPSS 0.08
CVE-2012-6685
HIGH
Nokogiri < 1.5.4 - XML External Entity Injection
Feb 19, 2020
CVSS 7.5
EPSS 0.02
CVE-2012-6135
HIGH
RubyGems passenger 4.0.0 beta1-beta2 - Arbitrary File Deletion
Nov 19, 2019
CVSS 7.5
EPSS 0.02
CVE-2012-6708
MEDIUM
jQuery < 1.9.0 - Cross-Site Scripting via jQuery(strInput) Function
Jan 18, 2018
CVSS 6.1
EPSS 0.09
CVE-2012-6684
RedCloth < 4.2.9 - Cross-Site Scripting via JavaScript URI
Jan 08, 2015
EPSS 0.02
CVE-2012-6662
Redhat Enterprise Linux Desktop < 1.10.0 - XSS
Nov 24, 2014
EPSS 0.06
CVE-2012-2126
RubyGems < 1.8.23 - Man-in-the-Middle Attack via Unverified SSL Certificate
Oct 01, 2013
EPSS 0.01
CVE-2012-2125
RubyGems < 1.8.23 - HTTPS to HTTP Redirection
Oct 01, 2013
EPSS 0.02
CVE-2012-6134
omniauth-oauth2 < 1.1.1 - Cross-Site Request Forgery
Apr 09, 2013
EPSS 0.01
CVE-2012-6109
Rack < 1.1.4, 1.2.x < 1.2.6, 1.3.x < 1.3.7, 1.4.x < 1.4.2 - Denial of Service via Crafted Content-Disposition Header
Mar 01, 2013
EPSS 0.03
CVE-2012-5604
Red Hat CloudForms 1.1 - Unauthenticated Authentication Bypass via LDAP Fluff Gem
Mar 01, 2013
EPSS 0.01
CVE-2012-6497
Rails < 3.2.10 - SQL Injection
Jan 04, 2013
EPSS 0.03
CVE-2012-6496
Ruby on Rails < 3.0.18, 3.1.x < 3.1.9, 3.2.x < 3.2.10 - SQL Injection via Dynamic Finders
Jan 04, 2013
EPSS 0.04
CVE-2012-3503
CRITICAL
Katello < 1.0 - Use of Hard-coded Credentials in Installation Script
Aug 25, 2012
CVSS 9.8
EPSS 0.03
CVE-2012-3465
Ruby on Rails < 3.0.17, 3.1.x < 3.1.8, 3.2.x < 3.2.8 - Cross-Site Scripting via Malformed HTML Markup
Aug 10, 2012
EPSS 0.02
CVE-2012-3464
Ruby on Rails < 3.0.17, 3.1.x < 3.1.8, 3.2.x < 3.2.8 - Cross-Site Scripting via Quote Character Handling
Aug 10, 2012
EPSS 0.03
CVE-2012-3463
Ruby on Rails 3.x < 3.0.17, 3.1.x < 3.1.8, 3.2.x < 3.2.8 - Cross-Site Scripting via select_tag Helper Prompt Field
Aug 10, 2012
EPSS 0.01
CVE-2012-3424
Ruby on Rails 3.x < 3.0.16, 3.1.x < 3.1.7, 3.2.x < 3.2.7 - Denial of Service via Digest Authentication String Conversion
Aug 08, 2012
EPSS 0.02
CVE-2012-3867
Puppet < 2.6.17 and 2.7.x < 2.7.18 - Certificate Signing Request Spoofing via ANSI Control Sequences
Aug 06, 2012
EPSS 0.02
CVE-2012-3866
Puppet 2.7.x < 2.7.18 & Puppet Enterprise < 2.5.2 - Sensitive Config Exposure via last_run_report.yaml
Aug 06, 2012
EPSS 0.00
CVE-2012-3865
Puppet < 2.6.17 and 2.7.x < 2.7.18 - Authenticated Arbitrary File Deletion via Node Name Path Traversal
Aug 06, 2012
EPSS 0.02
CVE-2012-3408
Puppet < 2.7.18 and Puppet Enterprise < 2.5.2 - Improper Authentication via IP Address Spoofing
Aug 06, 2012
EPSS 0.02
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters