Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

rubygems Security Advisories

Browse all Security Advisories for rubygems

Loading...
Moderate
GSA_kwCzR0hTQS1mZnAyLThwMmgtNG01as4ABBly
Password Pusher rate limiter can be bypassed by forging proxy headers
Ecosystems: rubygems
Packages: pwpush
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 12 hours ago
Moderate
GSA_kwCzR0hTQS1qNGg2LWdjajctN3Y5ds4ABBTI
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Ecosystems: rubygems
Packages: decidim-meetings
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 8 days ago
High
GSA_kwCzR0hTQS1jeHdmLXFjMzItMzc1Zs4ABBP0
Decidim-Awesome has SQL injection in AdminAccountability
Ecosystems: rubygems
Packages: decidim-decidim_awesome
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1oeHgyLTd2Y3ctbXFyM84ABA2z
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Ecosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1qOTQ1LWM0NHYtOTdnNs4ABAt9
MPXJ has a Potential Path Traversal Vulnerability
Ecosystems: nuget, pypi, rubygems, maven
Packages: MPXJ.Net, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, mpxj, net.sf.mpxj:mpxj
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS0ycnhwLXY2cHctY2g2bc4ABAtZ
REXML ReDoS vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: 24 days ago
High
GSA_kwCzR0hTQS12NDZqLWg0M2gtcndybc4ABAq6
Autolab Misconfigured Reset Password Permissions
Ecosystems: rubygems
Packages: Autolab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1oaHhnLXJ2YzktODcyNs4ABAld
camaleon_cms affected by cross site scripting
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1oNDdoLW13cDktYzZxNs4ABATf
Possible ReDoS vulnerability in block_format in Action Mailer
Ecosystems: rubygems
Packages: actionmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13d2h2LXd4djktcnBnd84ABATc
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
Ecosystems: rubygems
Packages: actiontext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12Zmc5LXIzZnEtanZ4NM4ABATd
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14NzZ3LTZ2anItOHhnas4ABATe
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00eHF2LTQ3cm0tMzdtbc4AA_7R
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Ecosystems: pypi, npm, rubygems
Packages: openc3, @openc3/tool-common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS04anhyLW1jY2MtbXdnOM4AA_7Q
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
Ecosystems: pypi, rubygems
Packages: openc3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12Zmo4LTVwajctMmY5Z84AA_7P
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Ecosystems: pypi, npm, rubygems
Packages: openc3, @openc3/tool-common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jYzRnLW0zZzcteG13OM4AA_5i
Decidim has a cross-site scripting vulnerability in the version control page
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03NWoyLTlnbWMtbTg1Nc4AA_yE
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS12cmN4LWd4M2ctajNoOM4AA_xx
Heap-based Buffer Overflow in sqlite-vec
Ecosystems: cargo, rubygems, npm, pypi
Packages: sqlite-vec
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04Zng4LTNyZzItNzl4d84AA_uz
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zaHA4LTZqMjQtbTVnbc4AA_uy
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS02ZjYyLTM1OTYtZzZ3N84AA_to
HTTP Request Smuggling in ruby webrick
Ecosystems: rubygems
Packages: webrick
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05aGY0LTY3ZmMtNHZmNM4AA_tB
Puma's header normalization allows for client to clobber proxy set headers
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 2 months ago
High
GSA_kwCzR0hTQS03MzVmLXBjOGotdjl3OM4AA_sT
protobuf-java has potential Denial of Service issue
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-java, com.google.protobuf:protobuf-javalite, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-kotlin-lite, google-protobuf
Source: GitHub Advisory Database
Blast Radius: 61.8
Published: 2 months ago
High
GSA_kwCzR0hTQS03eDR3LWNqOXItaDR2Oc4AA_rE
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yOWNyLXFtZnctcG1yY84AA_rD
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 2 months ago
High
GSA_kwCzR0hTQS1jcDY1LTVtOXItdmMyY84AA_rC
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 2 months ago
High
GSA_kwCzR0hTQS13bWpnLXZxaHYtcTVwNc4AA_ph
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xanhmLW1jNzItd2pyMs4AA_nR
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Ecosystems: rubygems
Packages: devise-two-factor
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12dnF3LWZxd3gtbXFtbc4AA_kB
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yeDlmLTVnZ3YtNXJoNs4AA_kA
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
Ecosystems: rubygems
Packages: decidim-admin
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1jdnA4LTVyOGctZmh2cc4AA_eZ
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
Ecosystems: rubygems
Packages: omniauth-saml
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qdzljLW1mZzctOXJ4Ms4AA_cX
SAML authentication bypass via Incorrect XPath selector
Ecosystems: rubygems
Packages: ruby-saml
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mcnAyLTVxZmMtN3I4bc4AA-6Q
request_store has Incorrect Default Permissions
Ecosystems: rubygems
Packages: request_store
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 3 months ago
High
GSA_kwCzR0hTQS12bXdyLW1jN3gtNXZjM84AA-4Z
REXML denial of service vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0ybTk2LTUycjMtMmYzZ84AA-xU
fugit parse and parse_nat stall on lengthy input
Ecosystems: rubygems
Packages: fugit
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1xdjMyLTV3bTItcDMyaM4AA-nr
Command Injection in sequenceserver
Ecosystems: rubygems
Packages: sequenceserver
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01ODY2LTQ5Z3ItMjJ2NM4AA-WF
REXML DoS vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yNTVjLTU5cW0tdmp3Ns4AA-U_
REXML DoS vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13cXczLXA4M2ctcjI0ds4AA-ID
Cross-Site Request Forgery in Spina
Ecosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00eHFxLW0yaHgtMjV2OM4AA98F
REXML denial of service vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS05bXZqLWY3dzgtcHZoMs4AA9zw
Bootstrap Cross-Site Scripting (XSS) vulnerability
Ecosystems: maven, packagist, nuget, rubygems, npm
Packages: org.webjars.npm:bootstrap, org.webjars:bootstrap, twbs/bootstrap, bootstrap.sass, bootstrap-sass, bootstrap
Source: GitHub Advisory Database
Blast Radius: 157.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12Yzh3LWpyOXYtdmo3Zs4AA90M
Bootstrap Cross-Site Scripting (XSS) vulnerability
Ecosystems: maven, packagist, nuget, rubygems, npm
Packages: org.webjars.npm:bootstrap, org.webjars:bootstrap, twbs/bootstrap, bootstrap.sass, bootstrap
Source: GitHub Advisory Database
Blast Radius: 153.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01MjlwLWpqNDctdzNtM84AA9w5
Decidim cross-site scripting (XSS) in the admin panel
Ecosystems: rubygems
Packages: decidim-admin
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS03Y3g4LTQ0cGMteHYzcc4AA9w4
Decidim cross-site scripting (XSS) in the pagination
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xY2o2LXZ4d3gtNHJxds4AA9wt
Decidim vulnerable to data disclosure through the embed feature
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS04cWdtLWcydnYtdnd2Y84AA9n1
RailsAdmin Cross-site Scripting vulnerability in the list view
Ecosystems: rubygems
Packages: rails_admin
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1md2hyLTg4cXgtaDlnN84AA8tD
Missing security headers in Action Pack on non-HTML responses
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wcmpwLWg0OGYtamdmNs4AA8tC
ActionText ContentAttachment can Contain Unsanitized HTML
Ecosystems: rubygems
Packages: actiontext
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: 6 months ago
High
GSA_kwCzR0hTQS05bWc2LXg0NXYtaGNmbc4AA8mX
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: 6 months ago
High
GSA_kwCzR0hTQS04YzhxLTJ4dzMtajg2Oc4AA8i6
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
Ecosystems: rubygems
Packages: rack-contrib
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03cjNqLXFtcjQtamZwas4AA8i4
Kaminari Insecure File Permissions Vulnerability
Ecosystems: rubygems
Packages: kaminari
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12ZzNyLXJtN3ctMnhnaM4AA8Kv
REXML contains a denial of service vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 6 months ago
Low
GSA_kwCzR0hTQS1yOTVoLTl4OGYtcjNmN84AA74p
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xanFwLXhyOTYtY2o5Oc4AA70j
Trix Editor Arbitrary Code Execution Vulnerability
Ecosystems: rubygems, npm
Packages: actiontext, trix
Source: GitHub Advisory Database
Blast Radius: 44.9
Published: 7 months ago
High
GSA_kwCzR0hTQS05cDU3LWg5ODctNHZneM4AA7eG
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xNjU1LTNwajgtOWZ4cc4AA7WM
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 7 months ago
High
GSA_kwCzR0hTQS1nN3hxLXh2OGMtaDk4Y84AA7Da
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12Zm12LWpmYzUtcGpqd84AA6Re
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 8 months ago
Low
GSA_kwCzR0hTQS01OTJqLTk5NWgtcDIzas4AA6RV
RDoc RCE vulnerability with .rdoc_options
Ecosystems: rubygems
Packages: rdoc
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS12NWg2LWMyaHYtaHYzcs4AA6RU
StringIO buffer overread vulnerability
Ecosystems: rubygems
Packages: stringio
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12Y2MzLXJ3NmYtanY5N84AA6Gq
Use-after-free in libxml2 via Nokogiri::XML::Reader
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS14Mmg4LXFtajQtZzYyZs4AA6Fh
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Ecosystems: rubygems
Packages: rotp
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 8 months ago
High
GSA_kwCzR0hTQS1tcDc2LTd3NXYtcHI3Nc4AA6CN
TurboBoost Commands vulnerable to arbitrary method invocation
Ecosystems: npm, rubygems
Packages: @turbo-boost/commands, turbo_boost-commands
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS04ODMyLTRtbTUteDJyNs4AA6Aa
discordrb OS Command Injection vulnerability
Ecosystems: rubygems
Packages: discordrb
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: 8 months ago
High
GSA_kwCzR0hTQS1mNzhqLTR3M2ctNHE2Nc4AA56t
StimulusReflex arbitrary method call
Ecosystems: npm, rubygems
Packages: stimulus_reflex
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: 8 months ago
High
GSA_kwCzR0hTQS0yNDJwLTR2MzktMnY4Z84AA56s
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1maHg4LTVjMjMteDd4Nc4AA5rk
Cross Site Scripting vulnerability in Contribsys Sidekiq
Ecosystems: rubygems
Packages: sidekiq-unique-jobs
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1jOHY2LTc4Nmctdmp4Ns4AA5mu
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Ecosystems: rubygems
Packages: json-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 9 months ago
Low
GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD
Rack has possible DoS Vulnerability with Range Header
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04bXE0LTlqamgtOXhyY84AA5l2
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Ecosystems: rubygems
Packages: yard
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04aDIyLThjZjctaHE2Z84AA5jP
Rails has possible Sensitive Session Information Leak in Active Storage
Ecosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS05ODIyLTZtOTMteHFmNM4AA5jO
Rails has possible XSS Vulnerability in Action Controller
Ecosystems: rubygems
Packages: rails, actionpack
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 9 months ago
Low
GSA_kwCzR0hTQS1qamh4LWpodnAtNzR3cc4AA5jN
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS03ODVnLTI4MnEtcHd2eM4AA5gh
Rack CORS Middleware has Insecure File Permissions
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS05dzk5LTc4cmotaG14cc4AA5Zn
Cross-site scripting (XSS) in the dynamic file uploads
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS13M3E4LW00OTItNHB3cM4AA5Zd
Possibility to circumvent the invitation token expiry period
Ecosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1mM3FtLXZmYzMtamc2ds4AA5ZJ
Possible CSRF attack at questionnaire templates preview
Ecosystems: rubygems
Packages: decidim-templates
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 9 months ago
Low
GSA_kwCzR0hTQS1yMjc1LWo1N2MtN21mMs4AA5ZI
Race condition in Endorsements
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 9 months ago
High
GSA_kwCzR0hTQS1jbWg5LXJ4ODUteGozOM4AA5P5
XSS sidekiq-unique-jobs UI server vulnerability
Ecosystems: rubygems
Packages: sidekiq-unique-jobs
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS14Yzl4LWpqNzctOXA5as4AA5Ek
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1nOHZwLTJ2NXAtOXFmaM4AA4ir
Cross-site scripting (XSS) in Action messages on Avo
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 10 months ago
High
GSA_kwCzR0hTQS1naGp2LW1oNngtN3E2aM4AA4eR
avo vulnerable to stored cross-site scripting (XSS) in key_value field
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1jMmY0LWN2cW0tNjV3Ms4AA4Qh
Puma HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13ZjJ4LTh3NmotcXczN84AA4My
view_component Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: view_component
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 11 months ago
High
GSA_kwCzR0hTQS01ZzY2LTYyOGYtN2N2as4AA4Lx
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Ecosystems: rubygems
Packages: omniauth-microsoft_graph
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS14aHZ2LTNqd3ctYzQ4N84AA4D6
ActiveAdmin CSV Injection leading to sensitive information disclosure
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yOHh4LTh2bTgteDZ3as4AA34N
Resque vulnerable to Reflected Cross Site Scripting through pathnames
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1nYzNqLXZ2d2YtNHJwOM4AA34M
Resque vulnerable to reflected XSS in resque-web failed and queues lists
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yOW1xLW03MngtMjU3Z84AA34L
Resque vulnerable to reflected XSS in Queue Endpoint
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05aG1xLWZtMzMteDR4eM4AA34I
Resque Scheduler Reflected XSS In Delayed Jobs View
Ecosystems: rubygems
Packages: resque-scheduler
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 11 months ago
High
GSA_kwCzR0hTQS0zNTZqLWhnNDUteDUyNc4AA323
Potential CSV export data leak
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1neGh4LWc0ZnEtNDloas4AA3a3
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1mcmdmLThqcjUtajJqds4AA2zW
memory leak flaw was found in ruby-magick
Ecosystems: rubygems
Packages: rmagick
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zcHg3LWptMnAtNmgyY84AA2oN
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
Ecosystems: rubygems
Packages: encoded_id-rails
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02aHZnLTYycTgtOTV2N84AA2mT
svg_optimizer rubygem external XML entity (XXE) vulnerability
Ecosystems: rubygems
Packages: svg_optimizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0yODltLTI5NjQtZjhxNc4AA2Rv
Puppet Bolt privilege escalation vulnerability
Ecosystems: rubygems
Packages: bolt
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: about 1 year ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 299
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
actionpack 60 nokogiri 43 rubygems-update 25 rack 23 puppet 23 activerecord 21 publify_core 14 camaleon_cms 14 activesupport 14 passenger 13 puma 12 actionview 12 decidim 11 rails 11 fat_free_crm 10 jquery-rails 9 rails-html-sanitizer 9 bootstrap 9 bootstrap 9 org.webjars:bootstrap 9 twbs/bootstrap 9 bootstrap 9 bootstrap-sass 8 org.webjars.npm:jquery 8 jquery 8 bootstrap.sass 7 jquery-ui-rails 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 rexml 7 jquery-ui 7 jQuery 7 org.jruby:jruby-stdlib 7 katello 6 ember-source 6 doorkeeper 6 loofah 6 grpcio 5 grpc 5 sinatra 5 commonmarker 5 sidekiq 5 spree 5 bootstrap-sass 5 bundler 5 spree_auth_devise 5 webrick 5 fluentd 4 rails_admin 4 avo 4 mail 4 carrierwave 4 activestorage 4 dragonfly 4 devise 4 ruby-saml 4 sanitize 4 actiontext 3 rest-client 3 git 3 com.google.protobuf:protobuf-java 3 devise-two-factor 3 decidim-admin 3 spina 3 activeadmin 3 json-jwt 3 openssl 3 openc3 3 openc3 3 chartkick 3 decidim-core 3 google-protobuf 3 io.grpc:grpc-protobuf 3 yard 3 private_address_check 3 cgi 3 geminabox 3 resque 3 rdoc 3 omniauth 3 rack-cors 3 gollum 3 com.google.protobuf:protobuf-kotlin 3 phlex 3 rubyzip 3 view_component 2 paperclip 2 solidus_core 2 user_agent_parser 2 kramdown 2 git-fastclone 2 httparty 2 org.webjars.npm:bootstrap 2 decidim-meetings 2 mini_magick 2 redcarpet 2 pghero 2 sprockets 2 secure_headers 2 echor 2 bson 2 safemode 2 faye 2 maximebf/debugbar 2 qiita-markdown 2 uri 2 decidim-templates 2 pageflow 2 kaminari 2 mapbox.js 2 mapbox-rails 2 twitter-bootstrap-rails 2 omniauth-facebook 2 field_test 2 facter 2 actionmailer 2 i18n 2 sidekiq-unique-jobs 2 com.google.protobuf:protobuf-kotlin-lite 2 com.google.protobuf:protobuf-javalite 2 radiant 2 mechanize 2 sup 2 omniauth-saml 2 solidus_frontend 2 pdfkit 2 net-ldap 2 ox 2 VladTheEnterprising 2 logstash-core 2 red-arrow 2 @openc3/tool-common 2 cocoapods-downloader 2 json 2 ruby-openid 2 pyarrow 2 yajl-ruby 2 administrate 2 net.sf.mpxj-for-vb 1 mongrel 1 MPXJ.Net 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 ruby_parser 1 netaddr 1 better_errors 1 paratrooper-newrelic 1 pwpush 1 octopoller 1 date 1 sounder 1 md2pdf 1 recurly 1 asciidoctor-include-ext 1 diffy 1 discordrb 1 turbo_boost-commands 1 @turbo-boost/commands 1 jmespath 1 rotp 1 gtk2 1 ruby-mysql 1 rubocop 1 trilogy 1 bindata 1 decidim-decidim_awesome 1 jquery 1 sentry-raven 1 net.sf.mpxj:mpxj 1 mpxj 1 mpxj 1 rails_multisite 1 Autolab 1 open-uri-cached 1 kredis 1 RedCloth 1 kitchen-terraform 1 apollo_upload_server 1 goliath 1 moped 1 solidus_api 1 sisimai 1 exiftool_vendored 1 globalid 1 uglify-js 1 uglifier 1 paratrooper-pingdom 1 sfpagent 1 ldoce 1 omniauth-oauth2 1 random_password_generator 1 gollum-lib 1 rake 1 uap-core 1 bibtex-ruby 1 handlebars 1 bootstrap-wysihtml5-rails 1 ruby_parser-legacy 1 mysql-binuuid-rails 1 haml 1
Filter by Repository
https://github.com/rails/rails 59 https://github.com/sparklemotion/nokogiri 32 https://github.com/rubygems/rubygems 18 https://github.com/rack/rack 18 https://github.com/decidim/decidim 15 https://github.com/puppetlabs/puppet 15 https://github.com/publify/publify 13 https://github.com/puma/puma 12 https://github.com/owen2345/camaleon-cms 11 https://github.com/phusion/passenger 10 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/jquery/jquery 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/twbs/bootstrap 7 https://github.com/ruby/rexml 7 https://github.com/doorkeeper-gem/doorkeeper 6 https://github.com/flavorjones/loofah 6 https://github.com/jquery/jquery-ui 6 https://github.com/sinatra/sinatra 5 https://github.com/solidusio/solidus 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/avo-hq/avo 4 https://github.com/rgrove/sanitize 4 https://github.com/ruby/openssl 4 https://github.com/carrierwaveuploader/carrierwave 4 https://github.com/mikel/mail 4 https://github.com/markevans/dragonfly 4 https://github.com/fluent/fluentd 4 https://github.com/Katello/katello 4 https://github.com/grpc/grpc 4 https://github.com/activeadmin/activeadmin 3 https://github.com/cyu/rack-cors 3 https://github.com/sidekiq/sidekiq 3 https://github.com/SAML-Toolkits/ruby-saml 3 https://github.com/rubyzip/rubyzip 3 https://github.com/ruby/webrick 3 https://github.com/geminabox/geminabox 3 https://github.com/gjtorikian/commonmarker 3 https://github.com/ruby-git/ruby-git 3 https://github.com/rubygems/rubygems.org 3 https://github.com/gollum/gollum 3 https://github.com/rest-client/rest-client 3 https://github.com/resque/resque 3 https://github.com/jtdowney/private_address_check 3 https://github.com/lsegal/yard 3 https://github.com/OpenC3/cosmos 3 https://github.com/protocolbuffers/protobuf 3 https://github.com/phlex-ruby/phlex 3 https://github.com/spree/spree 3 https://github.com/mperham/sidekiq 2 https://github.com/ruby/uri 2 https://github.com/nov/json-jwt 2 https://github.com/ohler55/ox 2 https://github.com/ruby/rdoc 2 https://github.com/increments/qiita-markdown 2 https://github.com/sup-heliotrope/sup 2 https://github.com/ruby-ldap/ruby-net-ldap 2 https://github.com/brianmario/yajl-ruby 2 https://github.com/svenfuchs/i18n 2 https://github.com/svenfuchs/safemode 2 https://github.com/omniauth/omniauth 2 https://github.com/twitter/secure_headers 2 https://github.com/openid/ruby-openid 2 https://github.com/CocoaPods/cocoapods-downloader 2 https://github.com/codevise/pageflow 2 https://github.com/github/cmark-gfm 2 https://github.com/gettalong/kramdown 2 https://github.com/plataformatec/devise 2 https://github.com/emberjs/ember.js 2 https://github.com/railsadminteam/rails_admin 2 https://github.com/tinfoil/devise-two-factor 2 https://github.com/faye/faye 2 https://github.com/kaminari/kaminari 2 https://github.com/vmg/redcarpet 2 https://github.com/mhenrixon/sidekiq-unique-jobs 2 https://github.com/ankane/chartkick 2 https://github.com/square/git-fastclone 2 https://github.com/ankane/field_test 2 https://github.com/ankane/pghero 2 https://github.com/sparklemotion/mechanize 2 https://github.com/jnunemaker/httparty 2 https://github.com/mongodb/bson-ruby 2 https://github.com/thoughtbot/paperclip 2 https://gitlab.com/gitlab-org/cves 2 https://github.com/GNOME/libxml2 1 https://github.com/webbynode/webbynode 1 https://github.com/github/view_component 1 https://github.com/github/trilogy 1 https://github.com/github/hub 1 https://github.com/unpoly/unpoly-rails 1 https://github.com/getsentry/raven-ruby 1 https://github.com/ffi/ffi 1 https://github.com/geokit/geokit-rails 1 https://github.com/wycats/handlebars.js 1 https://github.com/whiteleaf7/narou 1 https://github.com/ua-parser/uap-ruby 1 https://github.com/gazay/gon 1 https://github.com/fnando/svg_optimizer 1 https://github.com/madler/zlib 1 https://github.com/floraison/fugit 1 https://github.com/macournoyer/thin 1 https://github.com/lynndylanhurley/devise_token_auth 1 https://github.com/flori/json 1 https://github.com/jirutka/asciidoctor-include-ext 1 https://github.com/jgarber/redcloth 1 https://github.com/jekyll/jekyll 1 https://github.com/jmespath/jmespath.rb 1 https://github.com/janko/image_processing 1 https://github.com/jamesmartin/inline_svg 1 https://github.com/inukshuk/bibtex-ruby 1 https://github.com/jnunemaker/crack 1 https://github.com/joniles/mpxj 1 https://github.com/jordansissel/ruby-arr-pm 1 https://github.com/josh/rack-ssl 1 https://github.com/voloko/twitter-stream 1 https://github.com/imsebao/404team 1 https://github.com/igrigorik/em-http-request 1 https://github.com/hopsoft/turbo_boost-commands 1 https://github.com/heartcombo/devise 1 https://github.com/ViewComponent/view_component 1 https://github.com/haml/haml 1 https://github.com/halostatue/minitar 1 https://github.com/Gurpartap/aescrypt 1 https://github.com/VulnSphere/LLMVulnSphere 1 https://github.com/wconrad/ftpd 1 https://github.com/camilova/activerecord-update-by-case 1 https://github.com/bvsatyaram/random_password_generator 1 https://github.com/bundler/bundler 1 https://github.com/boazsegev/iodine 1 https://github.com/binarylogic/authlogic 1 https://github.com/BetterErrors/better_errors 1 https://github.com/beenhero/omniauth-weibo-oauth2 1 https://github.com/bdmac/strong_password 1 https://github.com/bbatsov/rubocop 1 https://github.com/basecamp/trix 1 https://github.com/basecamp/marginalia 1 https://github.com/basecamp/easymon 1 https://github.com/aws/aws-sdk-ruby 1 https://gitlab.com/2013/11 1 https://github.com/autolab/Autolab 1 https://github.com/auth0/omniauth-auth0 1 https://github.com/asteinhauser/fat_free_crm 1 https://github.com/asciidoctor/asciidoctor 1 https://github.com/ankane/pgsync 1 https://github.com/ankane/clockwork_web 1 https://github.com/ankane/chartkick.js 1 https://github.com/ankane/blazer 1 https://github.com/amro/gibbon 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/alexreisner/geocoder 1 https://github.com/AlchemyCMS/alchemy_cms 1 https://github.com/airbrake/airbrake-ruby 1 https://github.com/ahorner/text-helpers 1 https://github.com/affix/CVE-2022-36231 1 https://github.com/wurmlab/sequenceserver 1 https://github.com/faye/websocket-extensions-ruby 1 https://github.com/faye/faye-websocket-ruby 1 https://github.com/XKCP/XKCP 1 https://github.com/exiftool-rb/exiftool_vendored.rb 1 https://github.com/excon/excon 1 https://github.com/evan/ccsv 1 https://github.com/elastic/logstash 1 https://github.com/elastic/apm-agent-ruby 1 https://github.com/ejschmitt/delayed_job_web 1 https://github.com/dspinhirne/netaddr-rb 1 https://github.com/doorkeeper-gem/doorkeeper-openid_connect 1 https://github.com/ytti/oxidized-web 1 https://github.com/dmendel/bindata 1 https://github.com/discourse/rails_multisite 1 https://github.com/discourse/message_bus 1 https://github.com/devise-two-factor/devise-two-factor 1 https://github.com/denkGroot/Spina 1 https://github.com/dejan/espeak-ruby 1 https://github.com/decidim-ice/decidim-module-decidim_awesome 1 https://github.com/zendesk/samlr 1 https://github.com/datamapper/extlib 1 https://github.com/zenspider/ruby_parser-legacy 1 https://github.com/ConradIrwin/em-imap 1 https://github.com/collectiveidea/audited 1 https://github.com/codders/dataset 1 https://github.com/chef/mixlib-archive 1 https://github.com/cgriego/active_attr 1 https://github.com/zvory/csv-safe 1 https://github.com/stimulusreflex/stimulus_reflex 1 https://github.com/ruby/rake 1 https://github.com/ruby-grape/grape 1 https://github.com/synth/omniauth-microsoft_graph 1 https://github.com/rubygems/bundler 1 https://github.com/ruby/fileutils 1 https://github.com/ruby/date 1 https://github.com/ruby/cgi 1 https://github.com/rtomayko/rack-cache 1 https://github.com/rswag/rswag 1 https://github.com/rsantamaria/papercrop 1 https://github.com/rmagick/rmagick 1 https://github.com/theforeman/foreman_ansible 1 https://github.com/rf-/keynote 1 https://github.com/restforce/restforce 1 https://github.com/theforeman/foreman_fog_proxmox 1