Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
rubygems Security Advisories
Loading...
Moderate
Ecosystems: pypi, pub, packagist, cargo, rubygems, swift, nuget, go, maven, npm
Packages: pubnub, pubnub/pubnub, https://github.com/pubnub/swift, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Published: 3 days ago
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerabilityEcosystems: pypi, pub, packagist, cargo, rubygems, swift, nuget, go, maven, npm
Packages: pubnub, pubnub/pubnub, https://github.com/pubnub/swift, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Published: 9 days ago
GSA_kwCzR0hTQS1neGh4LWc0ZnEtNDloas4AA3a3
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSSEcosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
Ecosystems: rubygems
Packages: rmagick
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1mcmdmLThqcjUtajJqds4AA2zW
memory leak flaw was found in ruby-magickEcosystems: rubygems
Packages: rmagick
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: rubygems
Packages: encoded_id-rails
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS0zcHg3LWptMnAtNmgyY84AA2oN
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDsEcosystems: rubygems
Packages: encoded_id-rails
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: rubygems
Packages: svg_optimizer
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS02aHZnLTYycTgtOTV2N84AA2mT
svg_optimizer rubygem external XML entity (XXE) vulnerabilityEcosystems: rubygems
Packages: svg_optimizer
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
Ecosystems: rubygems
Packages: bolt
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS0yODltLTI5NjQtZjhxNc4AA2Rv
Puppet Bolt privilege escalation vulnerabilityEcosystems: rubygems
Packages: bolt
Source: GitHub Advisory Database
Published: 2 months ago
Critical
Ecosystems: rubygems
Packages: geokit-rails
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS03eHZjLXY0NGotNDZmaM4AA2RG
geokit-rails Command Injection vulnerabilityEcosystems: rubygems
Packages: geokit-rails
Source: GitHub Advisory Database
Published: 2 months ago
High
Ecosystems: rubygems
Packages: decidim, decidim-templates
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS02MzloLTg2aHctcWNqcc4AA2Qo
Decidim has broken access control in templatesEcosystems: rubygems
Packages: decidim, decidim-templates
Source: GitHub Advisory Database
Published: 2 months ago
Critical
Ecosystems: rubygems
Packages: foreman
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS05amZxLTU0dmMtOXJyMs4AA2Ai
Foreman Transpilation Enables OS Command InjectionEcosystems: rubygems
Packages: foreman
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS0zcWMyLXYzaHAtNmN2OM4AA13Y
sidekiq Denial of Service vulnerabilityEcosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Published: 3 months ago
Low
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS1jcjVxLTZxOWYtcnE2cc4AA1eP
Active Support Possibly Discloses Locally Encrypted FilesEcosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 4 months ago
Critical
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS02OHhnLWdxcW0tdmdqOM4AA1Yw
Puma HTTP Request/Response Smuggling vulnerabilityEcosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS03dmg3LWZ3ODgtd2o4N84AA1Il
Several quadratic complexity bugs may lead to denial of service in CommonmarkerEcosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: rubygems
Packages: protocol-http1
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS02andjLXFyMnEtN3h3as4AA1CM
protocol-http1 HTTP Request/Response Smuggling vulnerabilityEcosystems: rubygems
Packages: protocol-http1
Source: GitHub Advisory Database
Published: 4 months ago
High
Ecosystems: rubygems
Packages: rswag
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS12Yzc5LTY1cHItcTgyds4AA0uC
rswag vulnerable to arbitrary JSON and YAML file read via directory traversalEcosystems: rubygems
Packages: rswag
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS00NjloLW1xZzgtNTM1cs4AA0m3
Decidim Cross-site Scripting vulnerability in the external link redirectionsEcosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS01NjUyLTkycjktM2Z4Oc4AA0m4
Decidim Cross-site Scripting vulnerability in the processes filterEcosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: rubygems
Packages: decidim-meetings, decidim
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1qbTc5LTlwbTQtdnJ3Oc4AA0m2
Decidim vulnerable to sensitive data disclosureEcosystems: rubygems
Packages: decidim-meetings, decidim
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS02NjI4LXE2ajktdzh2Z84AA0dX
gRPC Reachable Assertion issueEcosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS05aHhmLXBwanYtdzZycc4AA0dy
gRPC connection termination issueEcosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1mNXd3LWNxM20tcTNnN84AA0Xi
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element contentEcosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1jZmdwLTI5NzctMmZtbc4AA0N9
Connection confusion in gRPCEcosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: rubygems
Packages: uri
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1od3cyLTVnODUtNDI5bc4AA0Ip
URI gem has ReDoS vulnerabilityEcosystems: rubygems
Packages: uri
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS00Zzh2LXZnNDMtd3BnZs4AA0Io
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_toEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 5 months ago
Low
Ecosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS05N3doLTZobWotZzhqOc4AA0GL
Spina Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: npm, nuget, rubygems
Packages: jquery, org.webjars.npm:jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS0yNTdxLXB2ODktdjN4ds4AA0D1
jQuery Cross Site Scripting vulnerabilityEcosystems: npm, nuget, rubygems
Packages: jquery, org.webjars.npm:jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS03dzJjLXc0N2gtNzg5d84AAzyW
Doorkeeper Improper Authentication vulnerabilityEcosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS14cDVoLWY4amYtcmM4cc4AAzxa
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML ElementsEcosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: rubygems
Packages: kredis
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1oMndtLXAydmctNnB3NM4AAzxZ
Kredis JSON Possible Deserialization of Untrusted Data VulnerabilityEcosystems: rubygems
Packages: kredis
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: rubygems
Packages: RedCloth
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1xY20zLXZmcTUtd2ZyMs4AAzr_
RedCloth Regular Expression Denial of Service issueEcosystems: rubygems
Packages: RedCloth
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS04NmgyLTJnNGctMjlxeM4AAzr6
avo possible unsafe reflection / partial DoS vulnerabilityEcosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS01Y3I5LTVqeDMtMmczOc4AAzrM
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fieldsEcosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Published: 6 months ago
Critical
Ecosystems: rubygems
Packages: ruby-saml
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS1yMzY0LTJwajQtcGY3Zs4AAzf1
ruby-saml vulnerable to XPath injectionEcosystems: rubygems
Packages: ruby-saml
Source: GitHub Advisory Database
Published: 7 months ago
Critical
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS14NDg3LTg2Nm0tcDhocs4AAze4
Server-Side Template Injection in Camaleon CMSEcosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 7 months ago
Low
Ecosystems: rubygems
Packages: audited
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS1oanAzLTVnMnEtN2p3d84AAzCk
Race Condition leading to logging errorsEcosystems: rubygems
Packages: audited
Source: GitHub Advisory Database
Published: 7 months ago
Critical
Ecosystems: rubygems, pypi
Packages: sha3, pysha3
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS02dzRtLTJ4aGctMjY1OM4AAy-v
Buffer overflow in sponge queue functionsEcosystems: rubygems, pypi
Packages: sha3, pysha3
Source: GitHub Advisory Database
Published: 8 months ago
Low
Ecosystems: rubygems
Packages: kitchen-terraform
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS02NWcyLXg1M3EtY21mNs4AAy9A
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-TerraformEcosystems: rubygems
Packages: kitchen-terraform
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1oM3I4LWg1cXctNHIzNc4AAy6H
sidekiq vulnerable to cross-site scriptingEcosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: rubygems
Packages: pay
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1jcWYzLXZweDctcnhod84AAy5d
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in PayEcosystems: rubygems
Packages: pay
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS00OHdwLXA5cXYtNGo2NM4AAytp
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of serviceEcosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1weHZnLTJxajUtMzdqcc4AAytn
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEsEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 8 months ago
Low
Ecosystems: rubygems
Packages: govuk_tech_docs
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS14Mnh3LWh3OGctNjc3M84AAyrS
govuk_tech_docs vulnerable to unescaped HTML on search results pageEcosystems: rubygems
Packages: govuk_tech_docs
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: rubygems
Packages: fluentd-ui, fluentd
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS13cnhmLXg4cm0tNmdnZ84AAyiM
Fluent Fluentd and Fluent-ui use default passwordEcosystems: rubygems
Packages: fluentd-ui, fluentd
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: rubygems
Packages: uri
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1odjVqLTNoOWYtOTljMs4AAyes
Ruby URI component ReDoS issueEcosystems: rubygems
Packages: uri
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: rubygems
Packages: time
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1mZzd4LWc4MnItOTRxY84AAyet
Ruby Time component ReDoS issueEcosystems: rubygems
Packages: time
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: unpoly-rails
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1tODc1LTN4ZjYtbWY3OM4AAyeB
unpoly-rails Denial of Service vulnerabilityEcosystems: rubygems
Packages: unpoly-rails
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: rubygems
Packages: twitter-bootstrap-rails
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS12cHF2LW1xdmMtcGN4Ms4AAyKB
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-railsEcosystems: rubygems
Packages: twitter-bootstrap-rails
Source: GitHub Advisory Database
Published: 9 months ago
Low
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq
Possible Denial of Service Vulnerability in Rack's header parsingEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS1wajczLXY1bXctcG05as4AAyIp
Possible XSS Security Vulnerability in SafeBuffer#bytespliceEcosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 9 months ago
High
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE
Rack has possible DoS Vulnerability in Multipart MIME parsingEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 9 months ago
Critical
Ecosystems: rubygems
Packages: pdf_info
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS05ZmgzLWo5OW0tZjR2N84AAxys
Code injection in pdf_infoEcosystems: rubygems
Packages: pdf_info
Source: GitHub Advisory Database
Published: 10 months ago
High
Ecosystems: rubygems
Packages: metasploit-framework
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS02cG0yLWoydjgtaDNjas4AAxcI
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-frameworkEcosystems: rubygems
Packages: metasploit-framework
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
Ecosystems: rubygems
Packages: clockwork_web
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS1wNHh4LXc2ZnItYzR3Oc4AAxVr
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2Ecosystems: rubygems
Packages: clockwork_web
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS1nN2dmLTJycXctNXJ3eM4AAxPk
Publify contains Weak Password RequirementsEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1mdzNnLTJoM2otcW1tN84AAxPa
Improper neutralization of `noscript` element content may allow XSS in SanitizeEcosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 11 months ago
High
Ecosystems: rubygems
Packages: flash_tool
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS02MzI1LTZnMzItN3AzNc4AAxNI
flash_tool Gem for Ruby File Download Handling Arbitrary Command ExecutionEcosystems: rubygems
Packages: flash_tool
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS03NDZnLTNnZnAtaGZod84AAxNH
Devise Gem for Ruby Unauthorized Access Using "Remember Me" CookieEcosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: xaviershay-dm-rails
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS04OHA4LTR2djUtODJqN84AAxNG
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process tableEcosystems: rubygems
Packages: xaviershay-dm-rails
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS02MzZmLXhtNWotcGo5bc4AAxIx
Several quadratic complexity bugs may lead to denial of service in CommonmarkerEcosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 11 months ago
High
Ecosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1xOTVoLWNxcnYtOGp2Nc4AAxGB
ExifTool vulnerable to arbitrary code executionEcosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: jruby-openssl
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS14Z3Y3LXBxcWgtaDJ3Oc4AAxEu
jruby-openssl gem for JRuby fails to do proper certificate validationEcosystems: rubygems
Packages: jruby-openssl
Source: GitHub Advisory Database
Published: 11 months ago
Low
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0
Denial of Service Vulnerability in Rack Content-Disposition parsingEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 months ago
Low
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1wODR2LTQ1eGotd3dxas4AAxDz
ReDoS based DoS vulnerability in Action DispatchEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 months ago
Low
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1qNmdjLTc5Mm0tcWdtMs4AAxDy
ReDoS based DoS vulnerability in Active Support's underscoreEcosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS05NDQ1LTRjcjYtMzM2cs4AAxDx
Open Redirect Vulnerability in Action PackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 months ago
High
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS01Nzl3LTIyajQtNDc0Oc4AAxDw
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapterEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 months ago
Low
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS04eHd3LXgzZzMtNmpjds4AAxDv
ReDoS based DoS vulnerability in Action DispatchEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 months ago
High
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1ocTdwLWozNzctNnY2M84AAxDu
SQL Injection Vulnerability via ActiveRecord commentsEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 months ago
High
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt
Denial of service via header parsing in RackEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 months ago
Low
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs
Denial of service via multipart parsing in RackEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 months ago
Low
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalIDEcosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS12bTc0LWo0d3EtODJ4as4AAxBY
Sisimai Inefficient Regular Expression Complexity vulnerabilityEcosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: 11 months ago
High
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1wcGhmLWdmcm0tdjMycs4AAxAx
Code injection in ruby gitEcosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 11 months ago
Critical
Ecosystems: rubygems
Packages: curupira
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS04NWdmLXdyNjctZjgzd84AAw_f
curupira is vulnerable to SQL injectionEcosystems: rubygems
Packages: curupira
Source: GitHub Advisory Database
Published: 11 months ago
Critical
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1yYzQyLWpnaGYtdnI4Zs4AAw-0
Integer overflow in publify_coreEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 11 months ago
Critical
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1xM3JtLWY1MjctZ2h4as4AAw-1
Publify Improper Input Validation vulnerabilityEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS03OXdxLWc0djktZ2ZqNM4AAw-2
Publify Core does not strip metadata from imagesEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 11 months ago
High
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1wZnByLTM0NjMtYzZqaM4AAw1C
ruby-git has potential remote code execution vulnerabilityEcosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: inline_svg
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1wMzNxLTRoNG0tajk5NM4AAwy7
Inline SVG vulnerable to Cross-site ScriptingEcosystems: rubygems
Packages: inline_svg
Source: GitHub Advisory Database
Published: 11 months ago
High
Ecosystems: rubygems
Packages: pghero
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS12Zjk5LXh3MjYtODZnNc4AAwwE
PgHero Allows Information Disclosure Through EXPLAIN FeatureEcosystems: rubygems
Packages: pghero
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: httparty
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS01cHE3LTUybWctaHI0Ms4AAwuQ
httparty has multipart/form-data request tampering vulnerabilityEcosystems: rubygems
Packages: httparty
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: keynote
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS0zOTlwLXZxMjgtNWhnOM4AAwre
keynote Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: keynote
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: oxidized-web
Source: GitHub Advisory Database
Published: 12 months ago
GSA_kwCzR0hTQS04cXdoLXJtNmMtanY5Ns4AAwnZ
Oxidized Web vulnerable to Cross-site ScriptingEcosystems: rubygems
Packages: oxidized-web
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
Ecosystems: rubygems
Packages: text_helpers
Source: GitHub Advisory Database
Published: 12 months ago
GSA_kwCzR0hTQS03NGhjLTU3bTUtODNjaM4AAwgl
text_helpers uses web link to untrusted target with window.opener accessEcosystems: rubygems
Packages: text_helpers
Source: GitHub Advisory Database
Published: 12 months ago
High
Ecosystems: rubygems
Packages: active_attr
Source: GitHub Advisory Database
Published: 12 months ago
GSA_kwCzR0hTQS00d2hmLXJteDUtOGZyds4AAwZi
active_attr Improper Resource Shutdown or Release vulnerabilityEcosystems: rubygems
Packages: active_attr
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
GSA_kwCzR0hTQS1ycmZjLTdnOHAtOTlxOM4AAwSi
Possible XSS vulnerability with certain configurations of rails-html-sanitizerEcosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
GSA_kwCzR0hTQS05aDlnLTkzZ2MtNjIzaM4AAwSh
Possible XSS vulnerability with certain configurations of rails-html-sanitizerEcosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
GSA_kwCzR0hTQS1tY3ZmLTJxMm0teDcybc4AAwSg
Improper neutralization of data URIs may allow XSS in rails-html-sanitizerEcosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
High
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
GSA_kwCzR0hTQS01eDc5LXc4MmYtZ3c4d84AAwSf
Inefficient Regular Expression Complexity in rails-html-sanitizerEcosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
High
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 12 months ago
GSA_kwCzR0hTQS0zeDhyLXg2eHAtcTR2bc4AAwSe
Uncontrolled Recursion in LoofahEcosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 12 months ago
GSA_kwCzR0hTQS0yMjhnLTk0OHItODNneM4AAwSd
Improper neutralization of data URIs may allow XSS in LoofahEcosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 12 months ago
High
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 12 months ago
GSA_kwCzR0hTQS00ODZmLWhqajktOXZoaM4AAwSc
Inefficient Regular Expression Complexity in LoofahEcosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 12 months ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1xdjRxLW1yNXItcXByas4AAwNH
Unchecked return value from xmlTextReaderExpandEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS0yeDh4LWptcnAtcGh4d84AAwGK
Sinatra vulnerable to Reflected File Download attackEcosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Published: about 1 year ago
Low
Ecosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS0zeGc4LWNjOGYtOXd2Ms4AAv9V
Unsanitized input leading to code injection in DalliEcosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS12YzQ3LTZycWctYzdmNc4AAv82
HTTP response splitting in CGIEcosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Published: about 1 year ago
Low
Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1mcHBxLW1qNzYtZnBqMs4AAvrA
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Published: about 1 year ago
Low
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS05Y2hyLTRmamgtNXJnd84AAvjh
Cross-site Scripting in actionpackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS0ycWM2LW1jdnctOTJjd84AAvaT
Update bundled libxml2 to v2.10.3 to resolve multiple CVEsEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1wNzVjLTV4M2gtY3hjZ84AAvNV
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpointEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Filter by Severity
Filter by Ecosystem
Filter by Package
actionpack
63
nokogiri
40
rubygems-update
25
activerecord
24
rack
20
puppet
16
activesupport
15
publify_core
14
actionview
14
passenger
13
rails-html-sanitizer
12
fat_free_crm
11
jquery-rails
11
jquery
10
rails
10
puma
10
org.webjars.npm:jquery
9
org.webjars.npm:jquery-ui
8
jQuery.UI.Combined
8
jquery-ui-rails
8
jquery-ui
8
jQuery
8
org.jruby:jruby-stdlib
7
doorkeeper
7
camaleon_cms
6
ember-source
6
loofah
6
bundler
5
katello
5
spree
5
commonmarker
5
spree_auth_devise
5
mail
4
fluentd
4
devise
4
sanitize
4
safemode
4
sidekiq
4
rubyzip
4
decidim
4
sinatra
4
dragonfly
4
webrick
3
grpcio
3
io.grpc:grpc-protobuf
3
grpc
3
geminabox
3
private_address_check
3
carrierwave
3
rails_admin
3
gollum
3
rest-client
3
bootstrap
3
paperclip
3
git
3
chartkick
3
cgi
3
omniauth
3
sprockets
3
activestorage
3
openssl
3
ruby-saml
3
bootstrap-sass
2
bootstrap
2
uri
2
yajl-ruby
2
redcarpet
2
kramdown
2
administrate
2
pageflow
2
qiita-markdown
2
sup
2
echor
2
activemodel
2
net-ldap
2
pyarrow
2
red-arrow
2
rack-cors
2
jquery
2
rack-mini-profiler
2
yard
2
VladTheEnterprising
2
mini_magick
2
json
2
pdfkit
2
omniauth-facebook
2
devise-two-factor
2
decidim-core
2
mapbox-rails
2
mapbox.js
2
pghero
2
google-protobuf
2
cocoapods-downloader
2
solidus_frontend
2
com.google.protobuf:protobuf-java
2
solidus_core
2
com.google.protobuf:protobuf-kotlin
2
mechanize
2
festivaltts4r
2
metasploit-framework
2
radiant
2
ox
2
secure_headers
2
spina
2
user_agent_parser
2
i18n
2
faye
2
httparty
2
facter
2
rdoc
2
bson
2
avo
2
field_test
2
logstash-core
2
minitar
2
archive-tar-minitar
2
twitter-bootstrap-rails
2
json-jwt
2
colorscore
2
espeak-ruby
2
git-fastclone
2
web-console
2
ruby-openid
2
foreman_ansible
1
encoded_id-rails
1
omniauth-oauth2
1
show_in_browser
1
will_paginate
1
railties
1
sqlite3
1
com.google.protobuf:protobuf-javalite
1
airbrake-ruby
1
com.google.protobuf:protobuf-kotlin-lite
1
curupira
1
restforce
1
text_helpers
1
keynote
1
sentry-raven
1
sfpagent
1
openshift-origin-node
1
curl
1
rgpg
1
svg_optimizer
1
sounder
1
cremefraiche
1
fastreader
1
kelredd-pruview
1
gollum-lib
1
rubocop
1
clockwork_web
1
tzinfo
1
geokit-rails
1
kredis
1
sqlite3-ruby
1
sensu
1
decidim-templates
1
codders-dataset
1
iodine
1
actionpack-page_caching
1
paratrooper-newrelic
1
grape
1
haml
1
paratrooper-pingdom
1
ruby-mysql
1
gyazo
1
paranoid2
1
delayed_job_web
1
http
1
many_versioned_gem
1
jmespath
1
marginalia
1
datagrid
1
padrino-contrib
1
bolt
1
bibtex-ruby
1
octokit
1
arr-pm
1
excon
1
geocoder
1
RedCloth
1
rack-ssl
1
activeresource
1
doorkeeper-openid_connect
1
actionmailer
1
command_wrap
1
devise_token_auth
1
wicked
1
personnummer
1
open-uri-cached
1
solidus_backend
1
active-support
1
ruby_parser
1
arabic-prawn
1
gitlab-grit
1
diffy
1
rmagick
1
rwiki
1
uap-core
1
sorcery
1
websocket-extensions
1
shrine
1
multi_xml
1
spree_api
1
pgsync
1
faye-websocket
1
pubnub
1
com.pubnub:pubnub-kotlin
1
com.pubnub:pubnub
1
github.com/pubnub/go/v7
1
github.com/pubnub/go
1
github.com/pubnub/go/v6
1
github.com/pubnub/go/v5
1
Pubnub
1
https://github.com/pubnub/swift
1
pubnub
1
pubnub
1
apollo_upload_server
1
karo
1
govuk_tech_docs
1
crack
1
em-imap
1
pdf_info
1
elastic-apm
1
org.webjars.npm:jquery
1
fog-dragonfly
1
goliath
1
narou
1
rexml
1
opensearch-ruby
1
uglifier
1
update_by_case
1
alchemy_cms
1
cap-strap
1
brbackup
1
sprout
1
pubnub
1
date
1
matestack-ui-core
1
netaddr
1
ruby-jss
1
kaminari
1
solidus_api
1
omniauth-auth0
1
uglify-js
1
smart_proxy_dynflow
1
hub
1
better_errors
1
trestle-auth
1
solidus_auth_devise
1
rails_multisite
1
mcollective-client
1
github.com/github/hub
1
mysql-binuuid-rails
1
hiera
1
kubeclient
1
bootstrap.sass
1
message_bus
1
view_component
1
image_processing
1
time
1
octopoller
1
gibbon
1
random_password_generator
1
trilogy
1
omniauth_amazon
1
pysha3
1
blazer
1
pay
1
sha3
1
coming-soon
1
webbynode
1
pubnub
1
oxidized-web
1
inline_svg
1
audited
1
newrelic_rpm
1
bio-basespace-sdk
1
rbovirt
1
active_attr
1
openshift-origin-controller
1
kitchen-terraform
1
asciidoctor-include-ext
1
tmpdir
1
csv-safe
1
fileutils
1
features
1
aescrypt
1
smalruby
1
kafo
1
xapian-core
1
omniauth-weibo-oauth2
1
thin
1
rswag
1
point-cli
1
hammer_cli_foreman
1
ccsv
1
smalruby-editor
1
ldap_fluff
1
xaviershay-dm-rails
1
authlogic
1