rubygems
965 tracked vulnerabilities.
CVE-2024-7106
MEDIUM
Spina CMS 2.18.0 - Cross-Site Request Forgery via /admin/media_folders
Jul 25, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39908
MEDIUM
REXML < 3.3.2 - Denial of Service via Malformed XML Parsing
Jul 16, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-32469
HIGH
Decidim < 0.27.6 and 0.28.0.rc1-0.28.1 - Cross-Site Scripting via Pagination GET Parameter
Jul 10, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-27095
MEDIUM
decidim < 0.27.6 - Cross-Site Scripting in Admin Panel
Jul 10, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-27090
MEDIUM
Decidim < 0.27.6 - Unauthorized Data Exposure via Embedded Resource Slug Inference
Jul 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39308
MEDIUM
rails_admin < 2.3.0 and >=3.0.0.beta <3.1.3 - Cross-Site Scripting via List View HTML Title Attribute
Jul 08, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-39316
MEDIUM
Rack 3.1.0-3.1.5 - Denial of Service via HTTP Accept Header Parsing
Jul 02, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-32464
MEDIUM
Action Text <7.1.3.4,7.2.0.beta2 - XSS
Jun 04, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-28103
MEDIUM
Rails 6.1.0-6.1.7.7 - Improper Input Validation in Permissions-Policy Header
Jun 04, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-37031
MEDIUM
Rubygems Activeadmin < 3.2.2 - XSS
Jun 03, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-35221
MEDIUM
rubygems.org - Remote Denial of Service via YAML Alias Bomb in Gem Metadata
May 29, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-35231
HIGH
rack-contrib < 2.5.0 - Denial of Service via Unconstrained profiler_runs Parameter
May 27, 2024
CVSS 8.6
EPSS 0.01
CVE-2024-32978
MEDIUM
Kaminari 0.15.0-0.16.1 - Insecure File Permissions
May 27, 2024
CVSS 6.6
EPSS 0.01
CVE-2024-35176
MEDIUM
REXML < 3.2.7 - Denial of Service via Malformed XML Attribute
May 16, 2024
CVSS 5.3
EPSS 0.02
CVE-2024-27281
MEDIUM
RDoc <6.6.2 - Remote Code Execution
May 14, 2024
CVSS 4.5
EPSS 0.02
CVE-2024-27280
CRITICAL
StringIO < 3.0.1.1 - Buffer Overread via ungetbyte/ungetc Methods
May 14, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-34341
MEDIUM
Trix < 2.1.1 - Stored Cross-Site Scripting via Pasting Malicious Markup
May 07, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-32970
HIGH
Phlex < 1.9.3 - Cross-Site Scripting via Malicious HTML Attributes
Apr 30, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-32887
MEDIUM
Sidekiq >=7.2.0 <7.2.4 - Reflected Cross-Site Scripting via substr Parameter
Apr 26, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-32463
HIGH
Phlex 1.4.0-1.10.0 - Cross-Site Scripting via Whitespace Bypass in href Attribute
Apr 17, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-29034
MEDIUM
CarrierWave < 2.2.6 and 3.0.0-3.0.7 - Cross-Site Scripting via Content-Type Header Bypass
Mar 24, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-28862
MEDIUM
rotp 6.2.1-6.2.9 - Incorrect Default Permissions
Mar 16, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-28181
HIGH
turboboost_commands < 0.1.3 - Improper Method Invocation Restriction
Mar 14, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-28121
HIGH
Stimulus Reflex < 3.4.2/3.5.0.rc4 - Unsafe Reflex Method Invocation
Mar 12, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-28199
HIGH
phlex < 1.0.1 and >=1.9.0 <1.9.1 - Cross-Site Scripting via Improper Case-Sensitivity Handling
Mar 11, 2024
CVSS 7.1
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters