rubygems
965 tracked vulnerabilities.
CVE-2011-3186
Ruby on Rails 2.3.x < 2.3.13 - HTTP Response Splitting via Content-Type Header
Aug 29, 2011
EPSS 0.02
CVE-2011-2932
Ruby on Rails 2.x < 2.3.13, 3.0.x < 3.0.10, 3.1.x < 3.1.0.rc5 - Cross-Site Scripting via Malformed Unicode String
Aug 29, 2011
EPSS 0.02
CVE-2011-2931
Ruby on Rails < 2.3.13, 3.0.x < 3.0.10, 3.1.x < 3.1.0.rc5 - Cross-Site Scripting via Invalid Tag Name
Aug 29, 2011
EPSS 0.02
CVE-2011-2930
Ruby on Rails < 2.3.13, 3.0.x < 3.0.10, 3.1.x < 3.1.0.rc5 - SQL Injection via Crafted Column Name
Aug 29, 2011
EPSS 0.02
CVE-2011-2929
Ruby on Rails 3.0.x-3.0.9 and 3.1.x-3.1.0.rc5 - Remote Arbitrary View Rendering via Glob Character Handling
Aug 29, 2011
EPSS 0.02
CVE-2011-2197
Ruby on Rails <2.3.12, <3.0.8, <3.1.0.rc2 - XSS
Jun 30, 2011
EPSS 0.02
CVE-2011-0995
rubygem-sqlite3 < 1.2.4 - Privilege Escalation via Weak File Permissions
May 13, 2011
EPSS 0.00
CVE-2011-0449
Ruby on Rails 3.0.x < 3.0.4 - Unauthenticated Access Restriction Bypass via Case-Insensitive Action Name
Feb 21, 2011
EPSS 0.02
CVE-2011-0448
Ruby on Rails 3.0.x < 3.0.4 - SQL Injection via Non-Numeric Limit Argument
Feb 21, 2011
EPSS 0.02
CVE-2011-0447
Ruby on Rails 2.1.x-2.3.10 and 3.x < 3.0.4 - Cross-Site Request Forgery via X-Requested-With Header
Feb 14, 2011
EPSS 0.01
CVE-2011-0446
Ruby on Rails < 2.3.11 and 3.x < 3.0.4 - Cross-Site Scripting via mail_to Helper
Feb 14, 2011
EPSS 0.02
CVE-2011-0739
Ruby Mail gem < 2.2.14 - Remote Code Execution via Shell Metacharacters in Email Address
Feb 02, 2011
EPSS 0.03
CVE-2010-5312
MEDIUM
jQuery UI <1.10.0 - XSS
Nov 24, 2014
CVSS 6.1
EPSS 0.18
CVE-2010-5142
Chef < 0.9.0 - Authenticated User Account Management via Unrestricted API Endpoint
Aug 08, 2012
EPSS 0.02
CVE-2010-3978
Spree 0.11.0-0.11.1 and 0.30.x < 0.30.0 - Unauthenticated Sensitive Information Exposure via JSON Hijacking
Nov 17, 2010
EPSS 0.03
CVE-2010-3933
Ruby on Rails 2.3.9 and 3.0.0 - Arbitrary Record Modification via Nested Attributes Parameter Manipulation
Oct 28, 2010
EPSS 0.02
CVE-2010-0156
Puppet 0.24.0-0.24.8 and 0.25.0-0.25.1 - Arbitrary File Write via Symlink Attack on Temporary Files
Mar 03, 2010
EPSS 0.00
CVE-2009-4123
HIGH
jruby-openssl <0.6 - Info Disclosure
Dec 12, 2023
CVSS 7.5
EPSS 0.01
CVE-2009-4492
WEBrick 1.3.1 - Terminal Emulator Escape Sequence Injection via HTTP Request
Jan 13, 2010
EPSS 0.16
CVE-2009-4214
Ruby on Rails <2.2.s & <2.3.5 - XSS
Dec 07, 2009
EPSS 0.03
CVE-2009-3287
Thin < 1.2.4 - IP Address Spoofing via X-Forwarded-For Header
Sep 22, 2009
EPSS 0.01
CVE-2009-3086
Ruby on Rails 2.1.0-2.2.2 and 2.3.x < 2.3.4 - Timing Attack via Cookie Digest Verification
Sep 08, 2009
EPSS 0.02
CVE-2009-3009
Ruby on Rails 2.x < 2.2.3 and 2.3.x < 2.3.4 - Cross-Site Scripting via Malformed Unicode Strings
Sep 08, 2009
EPSS 0.03
CVE-2009-2422
CRITICAL
Ruby on Rails < 2.3.3 - Authentication Bypass via Invalid Username
Jul 10, 2009
CVSS 9.8
EPSS 0.03
CVE-2008-7311
Spree 0.2.0 - Session Cookie Secret Key Exposure
Apr 05, 2012
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters