rubygems

965 tracked vulnerabilities.

CVE-2012-2140
Mail gem < 2.4.3 - Remote Code Execution via Shell Metacharacters in Sendmail/Exim Delivery
Jul 18, 2012
EPSS 0.04
CVE-2012-2139
Mail gem < 2.4.4 - Path Traversal via File Delivery To Parameter
Jul 18, 2012
EPSS 0.05
CVE-2012-1989
Puppet 2.7.x < 2.7.13 & Puppet Enterprise 1.2.x, 2.0.x, 2.5.x - Arbitrary File Write via Symlink
Jun 27, 2012
EPSS 0.00
CVE-2012-2695
Ruby on Rails <3.0.14, <3.1.x <3.1.6, <3.2.x <3.2.6 - SQL Injection
Jun 22, 2012
EPSS 0.03
CVE-2012-2694
Ruby on Rails <3.0.14, <3.1.6, <3.2.6 - Info Disclosure
Jun 22, 2012
EPSS 0.04
CVE-2012-2661
Ruby on Rails <3.0.13, <3.1.5, <3.2.4 - SQL Injection
Jun 22, 2012
EPSS 0.04
CVE-2012-2660
Ruby on Rails <3.0.13, <3.1.5, <3.2.4 - Info Disclosure
Jun 22, 2012
EPSS 0.05
CVE-2012-2671
Rack::Cache 0.3.0-1.1 - Sensitive Header Caching
Jun 17, 2012
EPSS 0.02
CVE-2012-1988
Puppet 2.6.0-2.6.14 and 2.7.0-2.7.12 - Authenticated Remote Code Execution via Filebucket Request
May 29, 2012
EPSS 0.03
CVE-2012-1987
Puppet 2.6.0-2.6.14 and 2.7.0-2.7.12 - Authenticated Denial of Service via REST Requests
May 29, 2012
EPSS 0.03
CVE-2012-1906
Puppet 2.6.x < 2.6.15, 2.7.x < 2.7.13, Puppet Enterprise < 2.5.1 - Arbitrary File Write via Symlink Attack
May 29, 2012
EPSS 0.00
CVE-2012-1053
Puppet <2.6.14-2.7.11 & PE - Privilege Escalation
May 29, 2012
EPSS 0.00
CVE-2012-1099
Ruby on Rails 3.0.x-3.0.11, 3.1.x-3.1.3, 3.2.x-3.2.1 - Cross-Site Scripting in Form Options Helper
Mar 13, 2012
EPSS 0.03
CVE-2012-1098
Ruby on Rails 3.0.x < 3.0.12, 3.1.x < 3.1.4, 3.2.x < 3.2.2 - Cross-Site Scripting via SafeBuffer Manipulation
Mar 13, 2012
EPSS 0.02
CVE-2011-10026 CRITICAL
Spreecommerce < 0.50.x - Unauthenticated Remote Code Execution via API Search Parameter
Aug 20, 2025
CVSS 9.8
EPSS 0.02
CVE-2011-10019 CRITICAL
Spreecommerce < 0.60.2 - Unauthenticated Remote Code Execution via Search Parameter
Aug 13, 2025
CVSS 9.8
EPSS 0.04
CVE-2011-1497 MEDIUM
Rails < 3.0.6 - Cross-Site Scripting via auto_link Function
Oct 19, 2021
CVSS 6.1
EPSS 0.01
CVE-2011-0528
Puppet 2.6.0-2.6.3 - Authenticated Node Resource Access Control Bypass
Feb 17, 2014
EPSS 0.02
CVE-2011-4969
jQuery < 1.6.3 - Cross-Site Scripting via location.hash Element Selection
Mar 08, 2013
EPSS 0.19
CVE-2011-5036
Rack < 1.1.3, 1.2.x < 1.2.5, 1.3.x < 1.3.6 - Denial of Service via Hash Collision
Dec 30, 2011
EPSS 0.04
CVE-2011-4319
Ruby on Rails <3.0.11 & <3.1.2 - XSS
Nov 28, 2011
EPSS 0.02
CVE-2011-3871
Puppet <2.7.5, <2.6.11, <0.25 - Code Injection
Oct 27, 2011
EPSS 0.00
CVE-2011-3870
Puppet <2.7.5, <2.6.11, <0.25 - Privilege Escalation
Oct 27, 2011
EPSS 0.00
CVE-2011-3869
Puppet <2.7.5, <2.6.11, <0.25 - Local File Overwrite
Oct 27, 2011
EPSS 0.00
CVE-2011-3187
Ruby on Rails 3.0.5 - Improper Input Validation in X-Forwarded-For Header
Aug 29, 2011
EPSS 0.07