rubygems

954 tracked vulnerabilities.

CVE-2024-45614 MEDIUM
Puma < 5.6.9 - Authorization Bypass via Underscore Header Clobbering
Sep 19, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-7254 HIGH
Google Protobuf < 3.25.5 - Uncontrolled Recursion via Nested Groups
Sep 19, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-46987 HIGH
Camaleon CMS 2.8.0-2.8.1 - Authenticated Path Traversal via MediaController Download
Sep 18, 2024
CVSS 7.7
EPSS 0.35
CVE-2024-46986 CRITICAL NUCLEI
Camaleon CMS < 2.8.2 - Authenticated Arbitrary File Write via MediaController Upload
Sep 18, 2024
CVSS 9.9
EPSS 0.92
CVE-2024-8796 MEDIUM
Devise-Two-Factor >=2.2.0 <6.0.0 - Info Disclosure
Sep 17, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39910 MEDIUM
decidim < 0.27.7 - Stored Cross-Site Scripting via QuillJS WYSIWYG Editor
Sep 16, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-32034 MEDIUM
decidim < 0.27.7 - Stored Cross-Site Scripting in Admin Activity Log
Sep 16, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-45409 CRITICAL NUCLEI
ruby-saml <=1.12.2 and 1.13.0-1.16.0 - Unauthenticated SAML Signature Verification Bypass
Sep 10, 2024
CVSS 10.0
EPSS 0.45
CVE-2024-43791 HIGH
request_store 1.3.2 - Arbitrary Code Execution via World-Writable Files
Aug 23, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-43398 MEDIUM
REXML < 3.3.6 - Denial of Service via Deep XML Element Parsing
Aug 22, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-43380 MEDIUM
fugit < 1.11.1 - Uncontrolled Resource Consumption in Natural Parser
Aug 19, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-42360 CRITICAL
SequenceServer < 3.1.2 - OS Command Injection via HTTP Endpoint Parameters
Aug 14, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-41946 MEDIUM
REXML < 3.3.3 - Denial of Service via Entity Expansion in SAX2 or Pull Parser
Aug 01, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-41123 MEDIUM
REXML < 3.2.7 and 3.3.0-3.3.2 - Denial of Service via Malformed XML Parsing
Aug 01, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-7106 MEDIUM
Spina CMS 2.18.0 - Cross-Site Request Forgery via /admin/media_folders
Jul 25, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39908 MEDIUM
REXML < 3.3.2 - Denial of Service via Malformed XML Parsing
Jul 16, 2024
CVSS 4.3
EPSS 0.08
CVE-2024-32469 HIGH
Decidim < 0.27.6 and 0.28.0.rc1-0.28.1 - Cross-Site Scripting via Pagination GET Parameter
Jul 10, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-27095 MEDIUM
decidim < 0.27.6 - Cross-Site Scripting in Admin Panel
Jul 10, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-27090 MEDIUM
Decidim < 0.27.6 - Unauthorized Data Exposure via Embedded Resource Slug Inference
Jul 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39308 MEDIUM
rails_admin < 2.3.0 and >=3.0.0.beta <3.1.3 - Cross-Site Scripting via List View HTML Title Attribute
Jul 08, 2024
CVSS 5.4
EPSS 0.07
CVE-2024-39316 MEDIUM
Rack 3.1.0-3.1.5 - Denial of Service via HTTP Accept Header Parsing
Jul 02, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-32464 MEDIUM
Action Text <7.1.3.4,7.2.0.beta2 - XSS
Jun 04, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-28103 MEDIUM
Rails 6.1.0-6.1.7.7 - Improper Input Validation in Permissions-Policy Header
Jun 04, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-37031 MEDIUM
Rubygems Activeadmin < 3.2.2 - XSS
Jun 03, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-35221 MEDIUM
rubygems.org - Remote Denial of Service via YAML Alias Bomb in Gem Metadata
May 29, 2024
CVSS 4.3
EPSS 0.00
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV