rubygems

965 tracked vulnerabilities.

CVE-2024-26146 MEDIUM
Rack 0.4-2.0.9.3, 3.0.0-3.0.9.0 - Denial of Service via Header Parsing
Feb 29, 2024
CVSS 5.3
EPSS 0.02
CVE-2024-26141 MEDIUM
Rack 1.3.0-2.2.8.0 and 3.0.0-3.0.9.0 - Denial of Service via Range Header
Feb 29, 2024
CVSS 5.8
EPSS 0.02
CVE-2024-25126 MEDIUM
Rack 0.4-2.2.8.1 and 3.0.0-3.0.9.1 - Denial of Service via Content-Type Header Parsing
Feb 29, 2024
CVSS 5.3
EPSS 0.35
CVE-2024-27285 MEDIUM
yard < 0.9.36 - Cross-Site Scripting in frames.erb Template
Feb 28, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-26144 MEDIUM
Rails 5.2.0-6.1.7.6 - Sensitive Session Information Leak via Active Storage Blob Set-Cookie Header
Feb 27, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-26143 MEDIUM
Rails 7.0.0-7.0.8.1 - Cross-Site Scripting via Translation Helper Default Key
Feb 27, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-26142 HIGH
Rails 7.1.0-7.1.3 - Denial of Service via Accept Header Parsing ReDoS
Feb 27, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27456 CRITICAL
Rack CORS Middleware <2.0.1 - Info Disclosure
Feb 26, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-25122 HIGH
sidekiq-unique-jobs - Stored Cross-Site Scripting in Admin Web UI
Feb 13, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-22411 MEDIUM
Avo < 2.47.0 and 3.0.0.beta1-3.3.0 - Stored Cross-Site Scripting via Action Toast Notification
Jan 16, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-22191 HIGH
Avo < 2.47.0 and >=3.0.0.beta1 <3.2.4 - Stored Cross-Site Scripting in Key Value Field
Jan 16, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-21654 MEDIUM
rubygems.org < 2024-01-08 - Unauthenticated Account Takeover via Forgotten Password MFA Bypass
Jan 12, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-21647 MEDIUM
Puma < 5.6.8 and 6.0.0-6.4.2 - HTTP Request Smuggling via Chunked Transfer Encoding
Jan 08, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-22051 CRITICAL
CommonMarker <0.23.4 - Memory Corruption
Jan 04, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-22050 HIGH
Iodine < 0.7.33 - Unauthenticated Path Traversal via Static File Service
Jan 04, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-22049 MEDIUM
httparty <0.21.0 - Info Disclosure
Jan 04, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-22048 MEDIUM
govuk_tech_docs 2.0.2-3.3.0 - Stored Cross-Site Scripting via Search Result
Jan 04, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-22047 LOW
Audited <5.3.3 - Privilege Escalation
Jan 04, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-0241 HIGH
Diaconou Encodedid < 1.0.0 - Denial of Service
Jan 04, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-21636 MEDIUM
view_component < 2.83.0 and 3.0.0-3.8.9 - Cross-Site Scripting via #call and #output_postamble Methods
Jan 04, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-21632 HIGH
omniauth-microsoft_graph < 2.0.0 - Improper Authentication via Email Attribute Misconfiguration
Jan 02, 2024
CVSS 8.6
EPSS 0.01
CVE-2023-38037 MEDIUM
ActiveSupport 5.2.0-6.1.7.5 and 7.0.0-7.0.7.1 - Unprotected Temporary File Exposure via EncryptedFile
Jan 09, 2025
CVSS 5.5
EPSS 0.00
CVE-2023-28362 MEDIUM
Rails - Open Redirect
Jan 09, 2025
CVSS 4.0
EPSS 0.00
CVE-2023-28120 MEDIUM
ActiveSupport 7.0.0-7.0.4.2 and 6.1.7.3 - Cross-Site Scripting via SafeBuffer bytesplice
Jan 09, 2025
CVSS 5.3
EPSS 0.01
CVE-2023-27539 MEDIUM
Rack 2.0.0-2.2.6.3 - Denial of Service in Header Parsing
Jan 09, 2025
CVSS 5.3
EPSS 0.01