Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
rubygems Security Advisories
Loading...
High
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE
Rack has possible DoS Vulnerability in Multipart MIME parsingEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjcnItOXZtZy04NjR2
Improper Input Validation in Active RecordEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 5 years ago
High
Ecosystems: rubygems
Packages: thumbshooter
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcWotY2c3OS1mMnB2
Thumbshooter vulnerable to Code InjectionEcosystems: rubygems
Packages: thumbshooter
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1ycmZjLTdnOHAtOTlxOM4AAwSi
Possible XSS vulnerability with certain configurations of rails-html-sanitizerEcosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS05aDlnLTkzZ2MtNjIzaM4AAwSh
Possible XSS vulnerability with certain configurations of rails-html-sanitizerEcosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS0yMjhnLTk0OHItODNneM4AAwSd
Improper neutralization of data URIs may allow XSS in LoofahEcosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyZjUtam02Zi0yZm1t
Active Record subject to strong parameters protection bypassEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 5 years ago
High
Ecosystems: rubygems
Packages: em-http-request
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyN2YtdjNyNi05djc3
Improper Certificate Validation in EM-HTTP-RequestEcosystems: rubygems
Packages: em-http-request
Source: GitHub Advisory Database
Published: about 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjNTYtY3Btdy04OXg3
Out-of-bounds read in nokogiriEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: geminabox
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY1M20tcjMzeC0zOWZm
Geminabox contains Cross-site ScriptingEcosystems: rubygems
Packages: geminabox
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3
Uncontrolled Resource Consumption in RackEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
Ecosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS01Y3FtLWNyeG0tNnFwds0bSA
Buffer overrun in CGI.escape_htmlEcosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: rubygems
Packages: bundler
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5OG0tOTZnOS13Zmpx
Insecure path handling in BundlerEcosystems: rubygems
Packages: bundler
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: agoo
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzODUtNTJqNi05OTg0
Withdrawn: HTTP Request Smuggling in AgooEcosystems: rubygems
Packages: agoo
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: rubygems
Packages: rubygems-update
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS05cXZtLTJ2aGYtcTY0Oc4AAYC6
RubyGems Regular Expression Denial of ServiceEcosystems: rubygems
Packages: rubygems-update
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
Ecosystems: maven, rubygems
Packages: org.jruby:jruby-stdlib, rubygems-update
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1tYzZqLWg5NDgtdjJwNs4AATbI
RubyGems Improper Verification of Cryptographic Signature vulnerabilityEcosystems: maven, rubygems
Packages: org.jruby:jruby-stdlib, rubygems-update
Source: GitHub Advisory Database
Published: about 1 year ago
Low
Ecosystems: rubygems
Packages: ruby_parser
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS04bXZ3LTIycjctdzZmcc3iEg
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable nameEcosystems: rubygems
Packages: ruby_parser
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxdmYtODkyci12am01
Improper Certificate Validation in PuppetEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS0ycWM2LW1jdnctOTJjd84AAvaT
Update bundled libxml2 to v2.10.3 to resolve multiple CVEsEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 8 months ago
Low
Ecosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS0zeGc4LWNjOGYtOXd2Ms4AAv9V
Unsanitized input leading to code injection in DalliEcosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1wNzVjLTV4M2gtY3hjZ84AAvNV
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpointEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: rubygems
Packages: redcarpet
Source: GitHub Advisory Database
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczMjItOW14Ni01ajJt
redcarpet Buffer Overflow vulnerabilityEcosystems: rubygems
Packages: redcarpet
Source: GitHub Advisory Database
Published: almost 5 years ago
High
Ecosystems: rubygems
Packages: addressable
Source: GitHub Advisory Database
Published: almost 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4aGMtcTg1Ny0zajZn
Regular Expression Denial of Service in Addressable templatesEcosystems: rubygems
Packages: addressable
Source: GitHub Advisory Database
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycDktdjc0NC1td2pq
Remote code execution in KramdownEcosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: twitter-stream
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2cDgtcTRwai1mNzRt
Improper Certificate Validation in twitter-streamEcosystems: rubygems
Packages: twitter-stream
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: unpoly-rails
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS1tODc1LTN4ZjYtbWY3OM4AAyeB
unpoly-rails Denial of Service vulnerabilityEcosystems: rubygems
Packages: unpoly-rails
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NzctcHJxNC05eGZ3
Open Redirect in actionpackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 2 years ago
High
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmM3ctZzg2aC0zNXg0
Code Injection vulnerability in CarrierWave::RMagickEcosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: rubygems
Packages: administrate
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS1jYzhjLTI2cmotdjJ2eM4AAt2Q
administrate vulnerable to Cross-Site Request ForgeryEcosystems: rubygems
Packages: administrate
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
Ecosystems: rubygems
Packages: ember-source
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1yY3g2LTdqcDYtcHFmMs4AAVW9
ember-source Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: ember-source
Source: GitHub Advisory Database
Published: about 1 year ago
Low
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalIDEcosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: rubygems
Packages: private_address_check
Source: GitHub Advisory Database
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4dmotajNxaC14OGMz
Race Condition in private_address_checkEcosystems: rubygems
Packages: private_address_check
Source: GitHub Advisory Database
Published: almost 5 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4amotNXg2aC04dm1m
Cross-site Scripting in actionpackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5Z3ItdzU3Zi1ycGZ3
actionpack vulnerable to Path TraversalEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: rails_admin
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdqeDItN2hxcS04aDdt
rails_admin ruby gem XSS vulnerabilityEcosystems: rubygems
Packages: rails_admin
Source: GitHub Advisory Database
Published: over 2 years ago
High
Ecosystems: rubygems
Packages: pageflow
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS13cnJ3LWNycDgtOTc5cc4AAuzs
Pageflow vulnerable to sensitive user data extraction via Ransack query injectionEcosystems: rubygems
Packages: pageflow
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
Ecosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1qeDV2LTc4OGctcXc1OM4AARNZ
katello SQL Injection vulnerabilityEcosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Published: about 1 year ago
Low
Ecosystems: rubygems
Packages: gitaly
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1tbW1tLWNoamYtam12d84AAmp5
Gitaly Insufficient Session Expiration vulnerabilityEcosystems: rubygems
Packages: gitaly
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS01anJwLXc4ZnItbXJ3d83uVQ
Fluentd Escape Sequence Injection VulnerabilityEcosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1yMncyLWg2cjgtM3I1M84AAqXz
Camaleon CMS vulnerable to Uncaught ExceptionEcosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
Ecosystems: rubygems
Packages: strong_password
Source: GitHub Advisory Database
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVoNXItZmZjNC1jNDU1
strong_password Ruby gem malicious version causing Remote Code Execution vulnerabilityEcosystems: rubygems
Packages: strong_password
Source: GitHub Advisory Database
Published: almost 4 years ago
Moderate
Ecosystems: rubygems
Packages: qiita-markdown
Source: GitHub Advisory Database
Published: almost 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwMjktOTRocC04cnZj
qiita-markdown Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: qiita-markdown
Source: GitHub Advisory Database
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: codders-dataset
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS13OXZ2LWZ2dzgtajZxM84AAXfu
codders-dataset Process Table Local Plaintext Credential DisclosureEcosystems: rubygems
Packages: codders-dataset
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
Ecosystems: rubygems
Packages: lita-coin
Source: GitHub Advisory Database
Published: over 2 years ago
GSA_kwCzR0hTQS1xMmhtLWd4M2YtaDYzcc4AAuAZ
Backdoor / Malicious codeEcosystems: rubygems
Packages: lita-coin
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: rubygems
Packages: devise_invitable
Source: GitHub Advisory Database
Published: over 2 years ago
GSA_kwCzR0hTQS13ajVqLXhwY2otNDVnY84AAuAU
Cross-Site Request Forgery (CSRF)Ecosystems: rubygems
Packages: devise_invitable
Source: GitHub Advisory Database
Published: over 2 years ago
Critical
Ecosystems: rubygems
Packages: simple_captcha2
Source: GitHub Advisory Database
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnNmotcjI4bS03Mjkz
Code Injection in simple_captcha2Ecosystems: rubygems
Packages: simple_captcha2
Source: GitHub Advisory Database
Published: almost 4 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS02d2o5LTc3d3EtanE3cM1Auw
Nokogiri is vulnerable to XML External Entity (XXE) attackEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1xOTVoLWNxcnYtOGp2Nc4AAxGB
ExifTool vulnerable to arbitrary code executionEcosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4Y20tMzY0Zi1xOXFo
Ensure that doorkeeper_token is valid when authenticating requests in API v2 callsEcosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzZ3YtOWN4Zi02ZjU3
Cross-site Scripting in LoofahEcosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: over 3 years ago
Moderate
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS03OXdxLWc0djktZ2ZqNM4AAw-2
Publify Core does not strip metadata from imagesEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1weHZnLTJxajUtMzdqcc4AAytn
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEsEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: rubygems
Packages: activemodel
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0M3YtZ2oyYy1yM2No
activemodel contains Improper Input ValidationEcosystems: rubygems
Packages: activemodel
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
Ecosystems: rubygems
Packages: awesome_spawn
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1xcHF3LW1jODUtcXZtOc4AAtDn
OS Command Injection in awesome spawnEcosystems: rubygems
Packages: awesome_spawn
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4NXctdmM4NC13eGN4
Doorkeeper contains Cross-site Request ForgeryEcosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Published: over 4 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5OW0tbWNqbS05Y3c4
actionpack vulnerable to Cross-site ScriptingEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: gollum
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1majJ3LXFtanAtM3Jqbc4AAtaY
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialogEcosystems: rubygems
Packages: gollum
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS13Y2Z4LTNtNnYtNGZyZ84AAeVa
Fat Free CRM subject to Cross-site ScriptingEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1mMjVoLTNtajYtNGpwZ84AAe1f
Fat Free CRM vulnerable to Exposure of Sensitive InformationEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS05Z2dwLTVyZjQteDdxOc4AAe1h
Fat Free CRM vulnerable to SQL InjectionEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS00eHE5LXZ3ODktcDVjeM4AAe1N
Fat Free CRM allows remote attackers to obtain sensitive information via a direct requestEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1tY3ZxLTd4anEtNDZ4Ns4AAe1M
Fat Free CRM contains Cross-site Request Forgery vulnerablilitiesEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1nODk3LWNnZmMtN3E4ds4AAe1L
Fat Free CRM has fixed token valueEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1nbWc1LXIzYzQtM2ZtOc4AAg9y
Fat Free CRM Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: rubygems
Packages: backup_checksum, backup-agoddard
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS13cjVqLXEzNTktNnZyMs4AAXfh
backup-agoddard and backup_checksum have Information Exposure vulnerabilityEcosystems: rubygems
Packages: backup_checksum, backup-agoddard
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4cmMtOGMyOS1wNDVn
actionpack allows remote code execution via application's unrestricted use of render methodEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
High
Ecosystems: rubygems
Packages: moped
Source: GitHub Advisory Database
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5M2otaG1jci1qY3do
Data Injection Vulnerability in moped RubygemEcosystems: rubygems
Packages: moped
Source: GitHub Advisory Database
Published: almost 3 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4bWYtOGY1Ny02NHFm
actionpack Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjcWYtaDRoNC02OTVt
actionpack CRLF injection vulnerabilityEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
Ecosystems: rubygems
Packages: md2pdf
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5Y2gtOG12cC1nN201
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filenameEcosystems: rubygems
Packages: md2pdf
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjM20tdjI4Ni0yandq
actionview Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1cmotZzY5NS0zNDJy
Fat Free CRM vulnerable to Cross-site ScriptingEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: over 4 years ago
Moderate
Ecosystems: rubygems
Packages: private_address_check
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4aGotaHA5bS1xd2M0
private_address_check vulnerable to bypass of Resolv.getaddresses methodEcosystems: rubygems
Packages: private_address_check
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3NTktaHd2Yy1tM2pn
actionpack Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1weGYtZ2N3Mi1wdzVx
actionpack Improper Input Validation vulnerabilityEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00NnAtZ2dtNS01ajgz
Rails vulnerable to Cross-site ScriptingEcosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5NnIteHZqcS1yOXBn
activesupport vulnerable to Denial of Service via large XML document depthEcosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS12bTc0LWo0d3EtODJ4as4AAxBY
Sisimai Inefficient Regular Expression Complexity vulnerabilityEcosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxNWotZ3c3Zi1qZ2o4
CSRF Vulnerability in rails-ujsEcosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: almost 3 years ago
Critical
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1xM3JtLWY1MjctZ2h4as4AAw-1
Publify Improper Input Validation vulnerabilityEcosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2cXItaDV2cS01OWpj
Untrusted users can run pending migrations in production in RailsEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: almost 3 years ago
Moderate
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4dnAtNHh3Yy1qcHA2
activesupport Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4OWotNDZyaC1mcXI4
actionview Path Traversal vulnerabilityEcosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwdzctd3hqbS1jdzhy
actionpack allows bypass of database-query restrictionsEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS13eDdjLThqMzUtbXBnOM4AAWDM
Fat Free CRM Cross-Site Request Forgery vulnerabilityEcosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
Ecosystems: rubygems
Packages: omniauth_amazon, coming-soon, bitcoin_vanity, capistrano-colors, doge-coin, awesome-bot, blockchain_wallet, coin_base, cron_parser, rest-client
Source: GitHub Advisory Database
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzM2ctcnByNC03aHhx
Backdoor / Malicious codeEcosystems: rubygems
Packages: omniauth_amazon, coming-soon, bitcoin_vanity, capistrano-colors, doge-coin, awesome-bot, blockchain_wallet, coin_base, cron_parser, rest-client
Source: GitHub Advisory Database
Published: almost 4 years ago
High
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS04Y3cyLWp2NWMtYzgyNc4AAina
Missing Initialization of Resource in Apache ArrowEcosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
Ecosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xbTItY2dwci1wNG02
Unintended read access in kramdown gemEcosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Published: almost 3 years ago
Low
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS05Y2hyLTRmamgtNXJnd84AAvjh
Cross-site Scripting in actionpackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 7 months ago
High
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmNDItcDg0ai1mNThw
Sanitize vulnerable to Improper Input Validation and Cross-site ScriptingEcosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: about 5 years ago
Critical
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNjgtZjc0di05d2M2
Unintended unmarshalling in ActiveSupportEcosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: about 3 years ago
Critical
Ecosystems: rubygems
Packages: rest-client
Source: GitHub Advisory Database
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmaGYtNjkzOS1xZzhw
rest-client vulnerable to Session FixationEcosystems: rubygems
Packages: rest-client
Source: GitHub Advisory Database
Published: almost 5 years ago
High
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1janc0LTJ3OXItcjhtds4AAinR
Missing Initialization of Resource in Apache ArrowEcosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: rubygems
Packages: reel
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzdjQtcHh2bS02M2o4
HTTP Request Smuggling in reelEcosystems: rubygems
Packages: reel
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmOGYtdzI2Ny1tcTJo
The rack-cors rubygem may allow directory traveralEcosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Published: over 3 years ago
High
Ecosystems: rubygems
Packages: jekyll
Source: GitHub Advisory Database
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4amgtbTNxeC00OXdj
Jekyll allows attackers to access arbitrary files by specifying a symlink in the `include` key in the `_config.yml` fileEcosystems: rubygems
Packages: jekyll
Source: GitHub Advisory Database
Published: over 4 years ago
Moderate
Ecosystems: rubygems
Packages: bootstrap
Source: GitHub Advisory Database
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtdnItNXgyZy13ZmM4
Bootstrap Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: bootstrap
Source: GitHub Advisory Database
Published: over 4 years ago
High
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqOWMtOXZtdi03bTM5
Missing anchor in Rack-Cors allows malicious third party site to perform CORS requestEcosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Published: almost 5 years ago
Critical
Ecosystems: rubygems
Packages: paperclip
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVqY2YtYzVyZy1ybW04
paperclip Server-Side Request Forgery vulnerabilityEcosystems: rubygems
Packages: paperclip
Source: GitHub Advisory Database
Published: over 5 years ago
High
Ecosystems: rubygems
Packages: extlib
Source: GitHub Advisory Database
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloMzYtNGpmMi1oeDUz
extlib does not properly restrict casts of string valuesEcosystems: rubygems
Packages: extlib
Source: GitHub Advisory Database
Published: over 5 years ago
Filter by Severity
Filter by Ecosystem
Filter by Package
actionpack
57
nokogiri
28
rubygems-update
25
activerecord
24
rack
20
puppet
13
publify_core
13
rails-html-sanitizer
12
rails
12
actionview
12
activesupport
12
fat_free_crm
11
passenger
9
puma
9
org.jruby:jruby-stdlib
7
loofah
6
camaleon_cms
6
ember-source
6
doorkeeper
6
katello
5
spree
5
spree_auth_devise
5
bundler
4
safemode
4
devise
4
mail
4
commonmarker
4
rubyzip
4
sinatra
4
dragonfly
4
cgi
3
geminabox
3
private_address_check
3
rails_admin
3
fluentd
3
gollum
3
rest-client
3
bootstrap
3
sanitize
3
paperclip
3
ruby-saml
3
sidekiq
3
git
3
chartkick
3
omniauth
3
sprockets
3
activestorage
3
jquery-rails
3
httparty
2
red-arrow
2
administrate
2
kramdown
2
redcarpet
2
carrierwave
2
pageflow
2
qiita-markdown
2
activemodel
2
pyarrow
2
facter
2
json-jwt
2
avo
2
git-fastclone
2
ox
2
espeak-ruby
2
colorscore
2
web-console
2
bootstrap
2
jQuery
2
jquery
2
ruby-openid
2
bootstrap-sass
2
field_test
2
festivaltts4r
2
mechanize
2
metasploit-framework
2
radiant
2
rdoc
2
secure_headers
2
faye
2
yajl-ruby
2
user_agent_parser
2
bson
2
minitar
2
rack-cors
2
pdfkit
2
rack-mini-profiler
2
archive-tar-minitar
2
net-ldap
2
yard
2
mini_magick
2
i18n
2
json
2
VladTheEnterprising
2
omniauth-facebook
2
google-protobuf
2
sup
2
mapbox-rails
2
mapbox.js
2
webrick
2
pghero
2
com.google.protobuf:protobuf-java
2
com.google.protobuf:protobuf-kotlin
2
devise-two-factor
2
cocoapods-downloader
2
solidus_core
2
solidus_frontend
2
rubocop
1
airbrake-ruby
1
geocoder
1
uap-core
1
personnummer
1
activeresource
1
gemirro
1
solidus_backend
1
diffy
1
active-support
1
org.jruby:jruby-parent
1
sorcery
1
websocket-extensions
1
shrine
1
dependabot-omnibus
1
dependabot-common
1
spree_api
1
omniauth-apple
1
pgsync
1
faye-websocket
1
devise_token_auth
1
spina
1
gollum-lib
1
fileutils
1
em-imap
1
pdf_info
1
elastic-apm
1
thin
1
multi_xml
1
sqlite3-ruby
1
fog-dragonfly
1
newrelic_rpm
1
goliath
1
narou
1
railties
1
netaddr
1
rexml
1
paratrooper-newrelic
1
restforce
1
kcapifony
1
lynx
1
show_in_browser
1
update_by_case
1
ciborg
1
clearance
1
cap-strap
1
lawn-login
1
sensu
1
openshift-origin-node
1
simple_form
1
ruby-jss
1
date
1
matestack-ui-core
1
sfpagent
1
kaminari
1
solidus_api
1
omniauth-auth0
1
haml
1
brbackup
1
trestle-auth
1
better_errors
1
rails_multisite
1
redis-store
1
bibtex-ruby
1
twitter-bootstrap-rails
1
ffi
1
samlr
1
message_bus
1
padrino-contrib
1
marginalia
1
image_processing
1
datagrid
1
omniauth-saml
1
view_component
1
slanger
1
gibbon
1
random_password_generator
1
trilogy
1
pysha3
1
sha3
1
apollo_upload_server
1
blazer
1
kitchen-terraform
1
rack-ssl
1
pay
1
command_wrap
1
webbynode
1
nori
1
crack
1
rwiki
1
paranoid2
1
bootstrap-sass
1
audited
1
inline_svg
1
active_attr
1
asciidoctor-include-ext
1
oxidized-web
1
recurly
1
tmpdir
1
csv-safe
1
octopoller
1
mixlib-archive
1
smalruby-editor
1
smalruby
1
kafo
1
jmespath
1
chloride
1
features
1
omniauth-weibo-oauth2
1
point-cli
1
http
1
xapian-core
1
hammer_cli_foreman
1
smashing
1
ccsv
1
cairo
1
sentry-raven
1
ldap_fluff
1
xaviershay-dm-rails
1
authlogic
1
kajam
1
iodine
1
rexical
1
flash_tool
1
karteek-docsplit
1
lean-ruport
1
rbovirt
1
gtk2
1
tweetstream
1
gon
1
RedCloth
1
bootstrap
1
bootstrap.sass
1
text_helpers
1
arabic-prawn
1
delayed_job_web
1
chartkick
1
redcloth
1
many_versioned_gem
1
rack-cache
1
consul
1
ruby_parser-legacy
1
activejob
1
curupira
1
rack-protection
1
asciidoctor
1
rake
1
Bootstrap.Less
1
gyazo
1
easymon
1
activerecord-session_store
1
foreman_fog_proxmox
1
com.google.protobuf:protobuf-javalite
1
bindata
1
papercrop
1
oauth
1
devise_masquerade
1
cremefraiche
1
ldoce
1
cocaine
1
kelredd-pruview
1
keynote
1
jruby-openssl
1
jquery-ui
1
octokit
1
extlib
1
will_paginate
1
com.google.protobuf:protobuf-kotlin-lite
1
jekyll
1
jquery-ujs
1
reel
1
aescrypt
1
curl
1
actionmailer
1
actionpack-page_caching
1
cron_parser
1
coin_base
1
blockchain_wallet
1
awesome-bot
1
doge-coin
1
capistrano-colors
1
bitcoin_vanity
1
coming-soon
1
rgpg
1
foreman_ansible
1
time
1
govuk_tech_docs
1
sisimai
1
md2pdf
1
smart_proxy_dynflow
1
mcollective-client
1
backup_checksum
1
backup-agoddard
1
excon
1