rubygems

954 tracked vulnerabilities.

CVE-2024-21654 MEDIUM
rubygems.org < 2024-01-08 - Unauthenticated Account Takeover via Forgotten Password MFA Bypass
Jan 12, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-21647 MEDIUM
Puma < 5.6.8 and 6.0.0-6.4.2 - HTTP Request Smuggling via Chunked Transfer Encoding
Jan 08, 2024
CVSS 5.9
EPSS 0.02
CVE-2024-22051 CRITICAL
CommonMarker <0.23.4 - Memory Corruption
Jan 04, 2024
CVSS 9.8
EPSS 0.12
CVE-2024-22050 HIGH
Iodine < 0.7.33 - Unauthenticated Path Traversal via Static File Service
Jan 04, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-22049 MEDIUM
httparty <0.21.0 - Info Disclosure
Jan 04, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-22048 MEDIUM
govuk_tech_docs 2.0.2-3.3.0 - Stored Cross-Site Scripting via Search Result
Jan 04, 2024
CVSS 6.1
EPSS 0.02
CVE-2024-22047 LOW
Audited <5.3.3 - Privilege Escalation
Jan 04, 2024
CVSS 3.1
EPSS 0.01
CVE-2024-0241 HIGH
Diaconou Encodedid < 1.0.0 - Denial of Service
Jan 04, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-21636 MEDIUM
view_component < 2.83.0 and 3.0.0-3.8.9 - Cross-Site Scripting via #call and #output_postamble Methods
Jan 04, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-21632 HIGH
omniauth-microsoft_graph < 2.0.0 - Improper Authentication via Email Attribute Misconfiguration
Jan 02, 2024
CVSS 8.6
EPSS 0.00
CVE-2023-38037 MEDIUM
ActiveSupport 5.2.0-6.1.7.5 and 7.0.0-7.0.7.1 - Unprotected Temporary File Exposure via EncryptedFile
Jan 09, 2025
CVSS 5.5
EPSS 0.00
CVE-2023-28362 MEDIUM
Rails - Open Redirect
Jan 09, 2025
CVSS 4.0
EPSS 0.00
CVE-2023-28120 MEDIUM
ActiveSupport 7.0.0-7.0.4.2 and 6.1.7.3 - Cross-Site Scripting via SafeBuffer bytesplice
Jan 09, 2025
CVSS 5.3
EPSS 0.00
CVE-2023-27539 MEDIUM
Rack 2.0.0-2.2.6.3 - Denial of Service in Header Parsing
Jan 09, 2025
CVSS 5.3
EPSS 0.00
CVE-2023-27531 MEDIUM
Kredis < 1.3.0.1 - Deserialization of Untrusted Data via JSON Deserialization
Jan 09, 2025
CVSS 5.3
EPSS 0.00
CVE-2023-23913 MEDIUM
Rails-ujs - Cross-Site Scripting
Jan 09, 2025
CVSS 6.3
EPSS 0.00
CVE-2023-46950 MEDIUM
Sidekiq 6.5.8 - Cross-Site Scripting via Filter Function URL Parameter
Mar 01, 2024
CVSS 6.1
EPSS 0.00
CVE-2023-51774 HIGH
json-jwt 1.16.0-1.16.5 - Identity Check Bypass via Sign/Encryption Confusion
Feb 29, 2024
CVSS 8.4
EPSS 0.00
CVE-2023-47634 LOW
Decidim 0.10.0-0.26.8 - Race Condition in Endorsement Feature
Feb 29, 2024
CVSS 3.1
EPSS 0.00
CVE-2023-51447 MEDIUM
Decidim 0.27.0-0.27.4 - Stored Cross-Site Scripting via Dynamic File Upload Filename
Feb 20, 2024
CVSS 6.3
EPSS 0.00
CVE-2023-48220 MEDIUM
Decidim 0.0.1.alpha3-0.26.8 - Use-After-Free via Expired Invitation Acceptance
Feb 20, 2024
CVSS 5.7
EPSS 0.01
CVE-2023-47635 MEDIUM
Decidim 0.23.0-0.27.4 - Server-Side Request Forgery via Questionnaire Templates Preview
Feb 20, 2024
CVSS 4.5
EPSS 0.00
CVE-2023-50448 MEDIUM
ActiveAdmin <2.12.0 - Info Disclosure
Dec 28, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-51763 CRITICAL
ActiveAdmin <3.2.0 - Code Injection
Dec 24, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-50727 MEDIUM
resque < 2.6.0 - Reflected Cross-Site Scripting via Queue Path
Dec 22, 2023
CVSS 6.3
EPSS 0.01
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV