rubygems

954 tracked vulnerabilities.

CVE-2012-1053
Puppet <2.6.14-2.7.11 & PE - Privilege Escalation
May 29, 2012
EPSS 0.00
CVE-2012-1099
Ruby on Rails 3.0.x-3.0.11, 3.1.x-3.1.3, 3.2.x-3.2.1 - Cross-Site Scripting in Form Options Helper
Mar 13, 2012
EPSS 0.00
CVE-2012-1098
Ruby on Rails 3.0.x < 3.0.12, 3.1.x < 3.1.4, 3.2.x < 3.2.2 - Cross-Site Scripting via SafeBuffer Manipulation
Mar 13, 2012
EPSS 0.00
CVE-2011-10026 CRITICAL
Spreecommerce < 0.50.x - Unauthenticated Remote Code Execution via API Search Parameter
Aug 20, 2025
CVSS 9.8
EPSS 0.69
CVE-2011-10019 CRITICAL
Spreecommerce < 0.60.2 - Unauthenticated Remote Code Execution via Search Parameter
Aug 13, 2025
CVSS 9.8
EPSS 0.69
CVE-2011-1497 MEDIUM
Rails < 3.0.6 - Cross-Site Scripting via auto_link Function
Oct 19, 2021
CVSS 6.1
EPSS 0.00
CVE-2011-0528
Puppet 2.6.0-2.6.3 - Authenticated Node Resource Access Control Bypass
Feb 17, 2014
EPSS 0.00
CVE-2011-4969
jQuery < 1.6.3 - Cross-Site Scripting via location.hash Element Selection
Mar 08, 2013
EPSS 0.06
CVE-2011-5036
Rack < 1.1.3, 1.2.x < 1.2.5, 1.3.x < 1.3.6 - Denial of Service via Hash Collision
Dec 30, 2011
EPSS 0.01
CVE-2011-4319
Ruby on Rails <3.0.11 & <3.1.2 - XSS
Nov 28, 2011
EPSS 0.01
CVE-2011-3871
Puppet <2.7.5, <2.6.11, <0.25 - Code Injection
Oct 27, 2011
EPSS 0.00
CVE-2011-3870
Puppet <2.7.5, <2.6.11, <0.25 - Privilege Escalation
Oct 27, 2011
EPSS 0.00
CVE-2011-3869
Puppet <2.7.5, <2.6.11, <0.25 - Local File Overwrite
Oct 27, 2011
EPSS 0.00
CVE-2011-3187
Ruby on Rails 3.0.5 - Improper Input Validation in X-Forwarded-For Header
Aug 29, 2011
EPSS 0.08
CVE-2011-3186
Ruby on Rails 2.3.x < 2.3.13 - HTTP Response Splitting via Content-Type Header
Aug 29, 2011
EPSS 0.01
CVE-2011-2932
Ruby on Rails 2.x < 2.3.13, 3.0.x < 3.0.10, 3.1.x < 3.1.0.rc5 - Cross-Site Scripting via Malformed Unicode String
Aug 29, 2011
EPSS 0.01
CVE-2011-2931
Ruby on Rails < 2.3.13, 3.0.x < 3.0.10, 3.1.x < 3.1.0.rc5 - Cross-Site Scripting via Invalid Tag Name
Aug 29, 2011
EPSS 0.01
CVE-2011-2930
Ruby on Rails < 2.3.13, 3.0.x < 3.0.10, 3.1.x < 3.1.0.rc5 - SQL Injection via Crafted Column Name
Aug 29, 2011
EPSS 0.01
CVE-2011-2929
Ruby on Rails 3.0.x-3.0.9 and 3.1.x-3.1.0.rc5 - Remote Arbitrary View Rendering via Glob Character Handling
Aug 29, 2011
EPSS 0.01
CVE-2011-2197
Ruby on Rails <2.3.12, <3.0.8, <3.1.0.rc2 - XSS
Jun 30, 2011
EPSS 0.00
CVE-2011-0995
rubygem-sqlite3 < 1.2.4 - Privilege Escalation via Weak File Permissions
May 13, 2011
EPSS 0.00
CVE-2011-0449
Ruby on Rails 3.0.x < 3.0.4 - Unauthenticated Access Restriction Bypass via Case-Insensitive Action Name
Feb 21, 2011
EPSS 0.01
CVE-2011-0448
Ruby on Rails 3.0.x < 3.0.4 - SQL Injection via Non-Numeric Limit Argument
Feb 21, 2011
EPSS 0.01
CVE-2011-0447
Ruby on Rails 2.1.x-2.3.10 and 3.x < 3.0.4 - Cross-Site Request Forgery via X-Requested-With Header
Feb 14, 2011
EPSS 0.01
CVE-2011-0446
Ruby on Rails < 2.3.11 and 3.x < 3.0.4 - Cross-Site Scripting via mail_to Helper
Feb 14, 2011
EPSS 0.01
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV