rubygems
965 tracked vulnerabilities.
CVE-2024-26146
MEDIUM
Rack 0.4-2.0.9.3, 3.0.0-3.0.9.0 - Denial of Service via Header Parsing
Feb 29, 2024
CVSS 5.3
EPSS 0.02
CVE-2024-26141
MEDIUM
Rack 1.3.0-2.2.8.0 and 3.0.0-3.0.9.0 - Denial of Service via Range Header
Feb 29, 2024
CVSS 5.8
EPSS 0.02
CVE-2024-25126
MEDIUM
Rack 0.4-2.2.8.1 and 3.0.0-3.0.9.1 - Denial of Service via Content-Type Header Parsing
Feb 29, 2024
CVSS 5.3
EPSS 0.35
CVE-2024-27285
MEDIUM
yard < 0.9.36 - Cross-Site Scripting in frames.erb Template
Feb 28, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-26144
MEDIUM
Rails 5.2.0-6.1.7.6 - Sensitive Session Information Leak via Active Storage Blob Set-Cookie Header
Feb 27, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-26143
MEDIUM
Rails 7.0.0-7.0.8.1 - Cross-Site Scripting via Translation Helper Default Key
Feb 27, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-26142
HIGH
Rails 7.1.0-7.1.3 - Denial of Service via Accept Header Parsing ReDoS
Feb 27, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27456
CRITICAL
Rack CORS Middleware <2.0.1 - Info Disclosure
Feb 26, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-25122
HIGH
sidekiq-unique-jobs - Stored Cross-Site Scripting in Admin Web UI
Feb 13, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-22411
MEDIUM
Avo < 2.47.0 and 3.0.0.beta1-3.3.0 - Stored Cross-Site Scripting via Action Toast Notification
Jan 16, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-22191
HIGH
Avo < 2.47.0 and >=3.0.0.beta1 <3.2.4 - Stored Cross-Site Scripting in Key Value Field
Jan 16, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-21654
MEDIUM
rubygems.org < 2024-01-08 - Unauthenticated Account Takeover via Forgotten Password MFA Bypass
Jan 12, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-21647
MEDIUM
Puma < 5.6.8 and 6.0.0-6.4.2 - HTTP Request Smuggling via Chunked Transfer Encoding
Jan 08, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-22051
CRITICAL
CommonMarker <0.23.4 - Memory Corruption
Jan 04, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-22050
HIGH
Iodine < 0.7.33 - Unauthenticated Path Traversal via Static File Service
Jan 04, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-22049
MEDIUM
httparty <0.21.0 - Info Disclosure
Jan 04, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-22048
MEDIUM
govuk_tech_docs 2.0.2-3.3.0 - Stored Cross-Site Scripting via Search Result
Jan 04, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-22047
LOW
Audited <5.3.3 - Privilege Escalation
Jan 04, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-0241
HIGH
Diaconou Encodedid < 1.0.0 - Denial of Service
Jan 04, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-21636
MEDIUM
view_component < 2.83.0 and 3.0.0-3.8.9 - Cross-Site Scripting via #call and #output_postamble Methods
Jan 04, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-21632
HIGH
omniauth-microsoft_graph < 2.0.0 - Improper Authentication via Email Attribute Misconfiguration
Jan 02, 2024
CVSS 8.6
EPSS 0.01
CVE-2023-38037
MEDIUM
ActiveSupport 5.2.0-6.1.7.5 and 7.0.0-7.0.7.1 - Unprotected Temporary File Exposure via EncryptedFile
Jan 09, 2025
CVSS 5.5
EPSS 0.00
CVE-2023-28362
MEDIUM
Rails - Open Redirect
Jan 09, 2025
CVSS 4.0
EPSS 0.00
CVE-2023-28120
MEDIUM
ActiveSupport 7.0.0-7.0.4.2 and 6.1.7.3 - Cross-Site Scripting via SafeBuffer bytesplice
Jan 09, 2025
CVSS 5.3
EPSS 0.01
CVE-2023-27539
MEDIUM
Rack 2.0.0-2.2.6.3 - Denial of Service in Header Parsing
Jan 09, 2025
CVSS 5.3
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters