rubygems
965 tracked vulnerabilities.
CVE-2025-27788
HIGH
ruby-lang javascript_object_notation 2.10.0-2.10.1 - Out-of-bounds Read
Mar 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27610
HIGH
Rack < 2.2.13 - Path Traversal via Encoded Path Sequences
Mar 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27111
HIGH
Rack <2.2.12, <3.0.13, <3.1.11 - Log Injection
Mar 04, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27221
LOW
URI gem < 0.11.3 - Authentication Credential Leakage via URI Handling Methods
Mar 04, 2025
CVSS 3.2
EPSS 0.00
CVE-2025-27220
MEDIUM
CGI gem < 0.3.5.1 - Regular Expression Denial of Service in Util#escapeElement
Mar 04, 2025
CVSS 4.0
EPSS 0.01
CVE-2025-27219
MEDIUM
CGI gem < 0.4.2 - Denial of Service via Unbounded Cookie Value Parsing
Mar 04, 2025
CVSS 5.8
EPSS 0.01
CVE-2025-27590
CRITICAL
oxidized-web < 0.15.0 - Unauthenticated Path Traversal
Mar 03, 2025
CVSS 9.0
EPSS 0.26
CVE-2025-26803
MEDIUM
Phusion Passenger 6.0.21-6.0.25 - Denial of Service via Invalid HTTP Method Parsing
Feb 24, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-25184
MEDIUM
Rack <2.2.11, 3.0.12, 3.1.10 - Info Disclosure
Feb 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-25186
MEDIUM
Net::IMAP 0.3.2-0.3.7, 0.4.0-0.4.18, 0.5.0-0.5.5 - Denial of Service via Memory Exhaustion in Response Parser
Feb 10, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-39311
MEDIUM
Publify < 10.0.1 - Cross-Site Scripting via Redirect Functionality
Mar 28, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-56733
MEDIUM
Password Pusher <1.50.3 - Info Disclosure
Dec 30, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-54133
LOW
Action Pack <7.0.8.7, <7.1.5.1, <7.2.2.1, <8.0.0.1 - XSS
Dec 10, 2024
EPSS 0.01
CVE-2024-53988
MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via Allowed Math and Style Elements
Dec 02, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-53987
MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via Style Element Injection
Dec 02, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-53986
MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via HTML5 Sanitization with Allowed math and style Elements
Dec 02, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-53985
MEDIUM
Rails::HTML::Sanitizer <1.16.8 - XSS
Dec 02, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-53989
MEDIUM
rails-html-sanitizer 1.6.0 - Cross-Site Scripting via Noscript Tag Override
Dec 02, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-52796
MEDIUM
Rubygems Pwpush < 1.49.0 - Resource Allocation Without Limits
Nov 20, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-45594
HIGH
Decidim 0.28.0-0.28.2 - Cross-Site Scripting via Meeting Embed URL
Nov 13, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-43415
CRITICAL
decidim-decidim_awesome 0.9.1-0.10.2 and 0.11.0-0.11.1 - Authenticated SQL Injection in papertrail/version Model
Nov 12, 2024
CVSS 9.0
EPSS 0.01
CVE-2024-21510
MEDIUM
sinatra < 4.1.0 - Open Redirect via X-Forwarded-Host Header
Nov 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-49771
MEDIUM
MPXJ 8.3.5-13.5.0 - Path Traversal
Oct 28, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-49761
HIGH
REXML < 3.3.9 - Inefficient Regular Expression Complexity in Hex Numeric Character Reference Parsing
Oct 28, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-49376
HIGH
Autolab <3.0.0 - Privilege Escalation
Oct 25, 2024
CVSS 8.8
EPSS 0.00
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters