rubygems
954 tracked vulnerabilities.
CVE-2025-28382
HIGH
OpenC3 COSMOS < 6.1.0 - Path Traversal via openc3-api/tables Endpoint
Jun 13, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-49007
MEDIUM
Rack 3.1.0-3.1.15 - Denial of Service via Content-Disposition Header Parsing
Jun 04, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-48069
MEDIUM
Shopify ejson2env < 2.0.8 - OS Command Injection via Unsanitized stdout Output
May 21, 2025
CVSS 6.6
EPSS 0.01
CVE-2025-46336
MEDIUM
Rack::Session <2.1.1 - Privilege Escalation
May 08, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-46727
HIGH
Rack <2.2.14,3.0.16,3.1.14 - Info Disclosure
May 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-32441
MEDIUM
Rack < 2.2.14 - Unauthenticated Session Restoration via Race Condition in Rack::Session::Pool
May 07, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-46551
LOW
JRuby-OpenSSL 0.12.1-0.15.3 and JRuby 9.3.4.0-9.4.12.0 and 10.0.0.0 - Improper Certificate Validation
May 07, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-43857
MEDIUM
Net::IMAP DoS via Malicious Server Literal Byte Count
Apr 28, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-30221
MEDIUM
Pitchfork <0.11.0 - HTTP Response Header Injection
Mar 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-2304
CRITICAL
Camaleon CMS < 2.9.1 - Privilege Escalation via Mass Assignment in UsersController
Mar 14, 2025
EPSS 0.00
CVE-2025-25293
HIGH
ruby-saml < 1.12.4 - Denial of Service via Compressed SAML Response Bypass
Mar 12, 2025
CVSS 7.5
EPSS 0.06
CVE-2025-25292
CRITICAL
ruby-saml <1.12.4,1.18.0 - Auth Bypass
Mar 12, 2025
CVSS 9.8
EPSS 0.04
CVE-2025-25291
CRITICAL
NUCLEI
ruby-saml <1.12.4,1.18.0 - Auth Bypass
Mar 12, 2025
CVSS 9.8
EPSS 0.21
CVE-2025-27407
CRITICAL
graphql-ruby Remote Code Execution via Malicious Schema Definition
Mar 12, 2025
CVSS 9.0
EPSS 0.01
CVE-2025-27788
HIGH
ruby-lang javascript_object_notation 2.10.0-2.10.1 - Out-of-bounds Read
Mar 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-27610
HIGH
Rack < 2.2.13 - Path Traversal via Encoded Path Sequences
Mar 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27111
HIGH
Rack <2.2.12, <3.0.13, <3.1.11 - Log Injection
Mar 04, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27221
LOW
URI gem < 0.11.3 - Authentication Credential Leakage via URI Handling Methods
Mar 04, 2025
CVSS 3.2
EPSS 0.00
CVE-2025-27220
MEDIUM
CGI gem < 0.3.5.1 - Regular Expression Denial of Service in Util#escapeElement
Mar 04, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-27219
MEDIUM
CGI gem < 0.4.2 - Denial of Service via Unbounded Cookie Value Parsing
Mar 04, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-27590
CRITICAL
oxidized-web < 0.15.0 - Unauthenticated Path Traversal
Mar 03, 2025
CVSS 9.0
EPSS 0.17
CVE-2025-26803
MEDIUM
Phusion Passenger 6.0.21-6.0.25 - Denial of Service via Invalid HTTP Method Parsing
Feb 24, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-25184
MEDIUM
Rack <2.2.11, 3.0.12, 3.1.10 - Info Disclosure
Feb 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-25186
MEDIUM
Net::IMAP 0.3.2-0.3.7, 0.4.0-0.4.18, 0.5.0-0.5.5 - Denial of Service via Memory Exhaustion in Response Parser
Feb 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-39311
MEDIUM
Publify < 10.0.1 - Cross-Site Scripting via Redirect Functionality
Mar 28, 2025
CVSS 5.4
EPSS 0.00
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
ruby-saml 10
jquery-rails 9
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
katello 7
lodash-rails 7
net-imap 7
spree 7
avo 6
Quick Filters