rubygems

954 tracked vulnerabilities.

CVE-2011-0739
Ruby Mail gem < 2.2.14 - Remote Code Execution via Shell Metacharacters in Email Address
Feb 02, 2011
EPSS 0.01
CVE-2010-5312 MEDIUM
jQuery UI <1.10.0 - XSS
Nov 24, 2014
CVSS 6.1
EPSS 0.06
CVE-2010-5142
Chef < 0.9.0 - Authenticated User Account Management via Unrestricted API Endpoint
Aug 08, 2012
EPSS 0.00
CVE-2010-3978
Spree 0.11.0-0.11.1 and 0.30.x < 0.30.0 - Unauthenticated Sensitive Information Exposure via JSON Hijacking
Nov 17, 2010
EPSS 0.01
CVE-2010-3933
Ruby on Rails 2.3.9 and 3.0.0 - Arbitrary Record Modification via Nested Attributes Parameter Manipulation
Oct 28, 2010
EPSS 0.01
CVE-2010-0156
Puppet 0.24.0-0.24.8 and 0.25.0-0.25.1 - Arbitrary File Write via Symlink Attack on Temporary Files
Mar 03, 2010
EPSS 0.00
CVE-2009-4123 HIGH
jruby-openssl <0.6 - Info Disclosure
Dec 12, 2023
CVSS 7.5
EPSS 0.00
CVE-2009-4492
WEBrick 1.3.1 - Terminal Emulator Escape Sequence Injection via HTTP Request
Jan 13, 2010
EPSS 0.18
CVE-2009-4214
Ruby on Rails <2.2.s & <2.3.5 - XSS
Dec 07, 2009
EPSS 0.02
CVE-2009-3287
Thin < 1.2.4 - IP Address Spoofing via X-Forwarded-For Header
Sep 22, 2009
EPSS 0.00
CVE-2009-3086
Ruby on Rails 2.1.0-2.2.2 and 2.3.x < 2.3.4 - Timing Attack via Cookie Digest Verification
Sep 08, 2009
EPSS 0.01
CVE-2009-3009
Ruby on Rails 2.x < 2.2.3 and 2.3.x < 2.3.4 - Cross-Site Scripting via Malformed Unicode Strings
Sep 08, 2009
EPSS 0.02
CVE-2009-2422 CRITICAL
Ruby on Rails < 2.3.3 - Authentication Bypass via Invalid Username
Jul 10, 2009
CVSS 9.8
EPSS 0.00
CVE-2008-7311
Spree 0.2.0 - Session Cookie Secret Key Exposure
Apr 05, 2012
EPSS 0.00
CVE-2008-7310
Spree 0.2.0 - Unauthenticated Order State Manipulation via Mass Assignment
Apr 05, 2012
EPSS 0.00
CVE-2008-7248
Ruby on Rails <2.1.3 & <2.2.2 - CSRF
Dec 16, 2009
EPSS 0.11
CVE-2008-4310
Ruby 1.8.1 and 1.8.5 - Denial of Service via Crafted HTTP Request
Dec 09, 2008
EPSS 0.06
CVE-2008-5189
Ruby on Rails < 2.0.5 - CRLF Injection via redirect_to Function
Nov 21, 2008
EPSS 0.00
CVE-2008-4094
Ruby on Rails < 2.1.1 - SQL Injection via :limit and :offset Parameters
Sep 30, 2008
EPSS 0.03
CVE-2007-6612
Mongrel 1.0.4 and 1.1.x < 1.1.3 - Directory Traversal via Double-Encoded Sequences
Jan 03, 2008
EPSS 0.02
CVE-2007-6183
Ruby-GNOME2 < 0.17.0 - Use-After-Free in mdiag_initialize
Nov 30, 2007
EPSS 0.03
CVE-2007-6077
Rails 1.2.4 - Session Fixation via Incomplete Cookie Protection
Nov 21, 2007
EPSS 0.03
CVE-2007-5379
Ruby on Rails < 1.2.4 - Unauthenticated Arbitrary File Existence Disclosure and XML File Read via Hash.from_xml
Oct 19, 2007
EPSS 0.11
CVE-2007-5380
Ruby on Rails < 1.2.4 - Session Fixation via URL-based Sessions
Oct 19, 2007
EPSS 0.06
CVE-2007-3227
Ruby on Rails - Cross-Site Scripting via ActiveRecord::Base#to_json Input Values
Jun 14, 2007
EPSS 0.14
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV