rubygems

965 tracked vulnerabilities.

CVE-2025-27788 HIGH
ruby-lang javascript_object_notation 2.10.0-2.10.1 - Out-of-bounds Read
Mar 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27610 HIGH
Rack < 2.2.13 - Path Traversal via Encoded Path Sequences
Mar 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27111 HIGH
Rack <2.2.12, <3.0.13, <3.1.11 - Log Injection
Mar 04, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27221 LOW
URI gem < 0.11.3 - Authentication Credential Leakage via URI Handling Methods
Mar 04, 2025
CVSS 3.2
EPSS 0.00
CVE-2025-27220 MEDIUM
CGI gem < 0.3.5.1 - Regular Expression Denial of Service in Util#escapeElement
Mar 04, 2025
CVSS 4.0
EPSS 0.01
CVE-2025-27219 MEDIUM
CGI gem < 0.4.2 - Denial of Service via Unbounded Cookie Value Parsing
Mar 04, 2025
CVSS 5.8
EPSS 0.01
CVE-2025-27590 CRITICAL
oxidized-web < 0.15.0 - Unauthenticated Path Traversal
Mar 03, 2025
CVSS 9.0
EPSS 0.26
CVE-2025-26803 MEDIUM
Phusion Passenger 6.0.21-6.0.25 - Denial of Service via Invalid HTTP Method Parsing
Feb 24, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-25184 MEDIUM
Rack <2.2.11, 3.0.12, 3.1.10 - Info Disclosure
Feb 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-25186 MEDIUM
Net::IMAP 0.3.2-0.3.7, 0.4.0-0.4.18, 0.5.0-0.5.5 - Denial of Service via Memory Exhaustion in Response Parser
Feb 10, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-39311 MEDIUM
Publify < 10.0.1 - Cross-Site Scripting via Redirect Functionality
Mar 28, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-56733 MEDIUM
Password Pusher <1.50.3 - Info Disclosure
Dec 30, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-54133 LOW
Action Pack <7.0.8.7, <7.1.5.1, <7.2.2.1, <8.0.0.1 - XSS
Dec 10, 2024
EPSS 0.01
CVE-2024-53988 MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via Allowed Math and Style Elements
Dec 02, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-53987 MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via Style Element Injection
Dec 02, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-53986 MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via HTML5 Sanitization with Allowed math and style Elements
Dec 02, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-53985 MEDIUM
Rails::HTML::Sanitizer <1.16.8 - XSS
Dec 02, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-53989 MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via Noscript Tag Override
Dec 02, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-52796 MEDIUM
Rubygems Pwpush < 1.49.0 - Resource Allocation Without Limits
Nov 20, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-45594 HIGH
Decidim 0.28.0-0.28.2 - Cross-Site Scripting via Meeting Embed URL
Nov 13, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-43415 CRITICAL
decidim-decidim_awesome 0.9.1-0.10.2 and 0.11.0-0.11.1 - Authenticated SQL Injection in papertrail/version Model
Nov 12, 2024
CVSS 9.0
EPSS 0.01
CVE-2024-21510 MEDIUM
sinatra < 4.1.0 - Open Redirect via X-Forwarded-Host Header
Nov 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-49771 MEDIUM
MPXJ 8.3.5-13.5.0 - Path Traversal
Oct 28, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-49761 HIGH
REXML < 3.3.9 - Inefficient Regular Expression Complexity in Hex Numeric Character Reference Parsing
Oct 28, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-49376 HIGH
Autolab <3.0.0 - Privilege Escalation
Oct 25, 2024
CVSS 8.8
EPSS 0.00