Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

rubygems Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS00eHFxLW0yaHgtMjV2OM4AA98F
REXML denial of service vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS01MjlwLWpqNDctdzNtM84AA9w5
Decidim cross-site scripting (XSS) in the admin panel
Ecosystems: rubygems
Packages: decidim-admin
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 12 days ago
High
GSA_kwCzR0hTQS03Y3g4LTQ0cGMteHYzcc4AA9w4
Decidim cross-site scripting (XSS) in the pagination
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1xY2o2LXZ4d3gtNHJxds4AA9wt
Decidim vulnerable to data disclosure through the embed feature
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS04cWdtLWcydnYtdnd2Y84AA9n1
RailsAdmin Cross-site Scripting vulnerability in the list view
Ecosystems: rubygems
Packages: rails_admin
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1md2hyLTg4cXgtaDlnN84AA8tD
Missing security headers in Action Pack on non-HTML responses
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wcmpwLWg0OGYtamdmNs4AA8tC
ActionText ContentAttachment can Contain Unsanitized HTML
Ecosystems: rubygems
Packages: actiontext
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: about 2 months ago
High
GSA_kwCzR0hTQS05bWc2LXg0NXYtaGNmbc4AA8mX
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS04YzhxLTJ4dzMtajg2Oc4AA8i6
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
Ecosystems: rubygems
Packages: rack-contrib
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03cjNqLXFtcjQtamZwas4AA8i4
Kaminari Insecure File Permissions Vulnerability
Ecosystems: rubygems
Packages: kaminari
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12ZzNyLXJtN3ctMnhnaM4AA8Kv
REXML contains a denial of service vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS1yOTVoLTl4OGYtcjNmN84AA74p
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xanFwLXhyOTYtY2o5Oc4AA70j
Trix Editor Arbitrary Code Execution Vulnerability
Ecosystems: rubygems, npm
Packages: actiontext, trix
Source: GitHub Advisory Database
Blast Radius: 44.9
Published: 3 months ago
High
GSA_kwCzR0hTQS05cDU3LWg5ODctNHZneM4AA7eG
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xNjU1LTNwajgtOWZ4cc4AA7WM
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 3 months ago
High
GSA_kwCzR0hTQS1nN3hxLXh2OGMtaDk4Y84AA7Da
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12Zm12LWpmYzUtcGpqd84AA6Re
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 4 months ago
High
GSA_kwCzR0hTQS01OTJqLTk5NWgtcDIzas4AA6RV
RDoc RCE vulnerability with .rdoc_options
Ecosystems: rubygems
Packages: rdoc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS12NWg2LWMyaHYtaHYzcs4AA6RU
StringIO buffer overread vulnerability
Ecosystems: rubygems
Packages: stringio
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12Y2MzLXJ3NmYtanY5N84AA6Gq
Use-after-free in libxml2 via Nokogiri::XML::Reader
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14Mmg4LXFtajQtZzYyZs4AA6Fh
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Ecosystems: rubygems
Packages: rotp
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 4 months ago
High
GSA_kwCzR0hTQS1tcDc2LTd3NXYtcHI3Nc4AA6CN
TurboBoost Commands vulnerable to arbitrary method invocation
Ecosystems: npm, rubygems
Packages: @turbo-boost/commands, turbo_boost-commands
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS04ODMyLTRtbTUteDJyNs4AA6Aa
discordrb OS Command Injection vulnerability
Ecosystems: rubygems
Packages: discordrb
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: 4 months ago
High
GSA_kwCzR0hTQS1mNzhqLTR3M2ctNHE2Nc4AA56t
StimulusReflex arbitrary method call
Ecosystems: npm, rubygems
Packages: stimulus_reflex
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: 4 months ago
High
GSA_kwCzR0hTQS0yNDJwLTR2MzktMnY4Z84AA56s
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jOHY2LTc4Nmctdmp4Ns4AA5mu
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Ecosystems: rubygems
Packages: json-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD
Rack has possible DoS Vulnerability with Range Header
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04bXE0LTlqamgtOXhyY84AA5l2
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Ecosystems: rubygems
Packages: yard
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04aDIyLThjZjctaHE2Z84AA5jP
Rails has possible Sensitive Session Information Leak in Active Storage
Ecosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS05ODIyLTZtOTMteHFmNM4AA5jO
Rails has possible XSS Vulnerability in Action Controller
Ecosystems: rubygems
Packages: rails, actionpack
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 5 months ago
Low
GSA_kwCzR0hTQS1qamh4LWpodnAtNzR3cc4AA5jN
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03ODVnLTI4MnEtcHd2eM4AA5gh
Rack CORS Middleware has Insecure File Permissions
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS05dzk5LTc4cmotaG14cc4AA5Zn
Cross-site scripting (XSS) in the dynamic file uploads
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13M3E4LW00OTItNHB3cM4AA5Zd
Possibility to circumvent the invitation token expiry period
Ecosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1mM3FtLXZmYzMtamc2ds4AA5ZJ
Possible CSRF attack at questionnaire templates preview
Ecosystems: rubygems
Packages: decidim-templates
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 5 months ago
Low
GSA_kwCzR0hTQS1yMjc1LWo1N2MtN21mMs4AA5ZI
Race condition in Endorsements
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 5 months ago
High
GSA_kwCzR0hTQS1jbWg5LXJ4ODUteGozOM4AA5P5
XSS sidekiq-unique-jobs UI server vulnerability
Ecosystems: rubygems
Packages: sidekiq-unique-jobs
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14Yzl4LWpqNzctOXA5as4AA5Ek
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nOHZwLTJ2NXAtOXFmaM4AA4ir
Cross-site scripting (XSS) in Action messages on Avo
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 6 months ago
High
GSA_kwCzR0hTQS1naGp2LW1oNngtN3E2aM4AA4eR
avo vulnerable to stored cross-site scripting (XSS) in key_value field
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jMmY0LWN2cW0tNjV3Ms4AA4Qh
Puma HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13ZjJ4LTh3NmotcXczN84AA4My
view_component Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: view_component
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 7 months ago
High
GSA_kwCzR0hTQS01ZzY2LTYyOGYtN2N2as4AA4Lx
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Ecosystems: rubygems
Packages: omniauth-microsoft_graph
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS14aHZ2LTNqd3ctYzQ4N84AA4D6
ActiveAdmin CSV Injection leading to sensitive information disclosure
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1yOHh4LTh2bTgteDZ3as4AA34N
Resque vulnerable to Reflected Cross Site Scripting through pathnames
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nYzNqLXZ2d2YtNHJwOM4AA34M
Resque vulnerable to reflected XSS in resque-web failed and queues lists
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1yOW1xLW03MngtMjU3Z84AA34L
Resque vulnerable to reflected XSS in Queue Endpoint
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05aG1xLWZtMzMteDR4eM4AA34I
Resque Scheduler Reflected XSS In Delayed Jobs View
Ecosystems: rubygems
Packages: resque-scheduler
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 7 months ago
High
GSA_kwCzR0hTQS0zNTZqLWhnNDUteDUyNc4AA323
Potential CSV export data leak
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1neGh4LWc0ZnEtNDloas4AA3a3
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1mcmdmLThqcjUtajJqds4AA2zW
memory leak flaw was found in ruby-magick
Ecosystems: rubygems
Packages: rmagick
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 9 months ago
High
GSA_kwCzR0hTQS0zcHg3LWptMnAtNmgyY84AA2oN
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
Ecosystems: rubygems
Packages: encoded_id-rails
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02aHZnLTYycTgtOTV2N84AA2mT
svg_optimizer rubygem external XML entity (XXE) vulnerability
Ecosystems: rubygems
Packages: svg_optimizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS0yODltLTI5NjQtZjhxNc4AA2Rv
Puppet Bolt privilege escalation vulnerability
Ecosystems: rubygems
Packages: bolt
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 10 months ago
Critical
GSA_kwCzR0hTQS03eHZjLXY0NGotNDZmaM4AA2RG
geokit-rails Command Injection vulnerability
Ecosystems: rubygems
Packages: geokit-rails
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 10 months ago
High
GSA_kwCzR0hTQS02MzloLTg2aHctcWNqcc4AA2Qo
Decidim has broken access control in templates
Ecosystems: rubygems
Packages: decidim, decidim-templates
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zcWMyLXYzaHAtNmN2OM4AA13Y
sidekiq Denial of Service vulnerability
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 10 months ago
High
GSA_kwCzR0hTQS1wMjVtLWpwajQtcWNycs4AA127
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
Ecosystems: pypi, rubygems
Packages: grpcio, grpc
Source: GitHub Advisory Database
Blast Radius: 61.2
Published: 10 months ago
Low
GSA_kwCzR0hTQS1jcjVxLTZxOWYtcnE2cc4AA1eP
Active Support Possibly Discloses Locally Encrypted Files
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS02OHhnLWdxcW0tdmdqOM4AA1Yw
Puma HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 54.9
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS03dmg3LWZ3ODgtd2o4N84AA1Il
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS02andjLXFyMnEtN3h3as4AA1CM
protocol-http1 HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: protocol-http1
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 12 months ago
High
GSA_kwCzR0hTQS12Yzc5LTY1cHItcTgyds4AA0uC
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
Ecosystems: rubygems
Packages: rswag
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NjloLW1xZzgtNTM1cs4AA0m3
Decidim Cross-site Scripting vulnerability in the external link redirections
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS01NjUyLTkycjktM2Z4Oc4AA0m4
Decidim Cross-site Scripting vulnerability in the processes filter
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qbTc5LTlwbTQtdnJ3Oc4AA0m2
Decidim vulnerable to sensitive data disclosure
Ecosystems: rubygems
Packages: decidim-meetings, decidim
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NjI4LXE2ajktdzh2Z84AA0dX
gRPC Reachable Assertion issue
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 89.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05aHhmLXBwanYtdzZycc4AA0dy
gRPC connection termination issue
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 63.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mNXd3LWNxM20tcTNnN84AA0Xi
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jZmdwLTI5NzctMmZtbc4AA0N9
Connection confusion in gRPC
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 88.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1od3cyLTVnODUtNDI5bc4AA0Ip
URI gem has ReDoS vulnerability
Ecosystems: rubygems
Packages: uri
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00Zzh2LXZnNDMtd3BnZs4AA0Io
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS05N3doLTZobWotZzhqOc4AA0GL
Spina Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03dzJjLXc0N2gtNzg5d84AAzyW
Doorkeeper Improper Authentication vulnerability
Ecosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14cDVoLWY4amYtcmM4cc4AAzxa
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oMndtLXAydmctNnB3NM4AAzxZ
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Ecosystems: rubygems
Packages: kredis
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xY20zLXZmcTUtd2ZyMs4AAzr_
RedCloth Regular Expression Denial of Service issue
Ecosystems: rubygems
Packages: RedCloth
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS04NmgyLTJnNGctMjlxeM4AAzr6
avo possible unsafe reflection / partial DoS vulnerability
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS01Y3I5LTVqeDMtMmczOc4AAzrM
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yMzY0LTJwajQtcGY3Zs4AAzf1
ruby-saml vulnerable to XPath injection
Ecosystems: rubygems
Packages: ruby-saml
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14NDg3LTg2Nm0tcDhocs4AAze4
Server-Side Template Injection in Camaleon CMS
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1oanAzLTVnMnEtN2p3d84AAzCk
Race Condition leading to logging errors
Ecosystems: rubygems
Packages: audited
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02dzRtLTJ4aGctMjY1OM4AAy-v
Buffer overflow in sponge queue functions
Ecosystems: rubygems, pypi
Packages: sha3, pysha3
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: about 1 year ago
Low
GSA_kwCzR0hTQS02NWcyLXg1M3EtY21mNs4AAy9A
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Ecosystems: rubygems
Packages: kitchen-terraform
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1oM3I4LWg1cXctNHIzNc4AAy6H
sidekiq vulnerable to cross-site scripting
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jcWYzLXZweDctcnhod84AAy5d
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
Ecosystems: rubygems
Packages: pay
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00OHdwLXA5cXYtNGo2NM4AAytp
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1weHZnLTJxajUtMzdqcc4AAytn
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS14Mnh3LWh3OGctNjc3M84AAyrS
govuk_tech_docs vulnerable to unescaped HTML on search results page
Ecosystems: rubygems
Packages: govuk_tech_docs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS13cnhmLXg4cm0tNmdnZ84AAyiM
Fluent Fluentd and Fluent-ui use default password
Ecosystems: rubygems
Packages: fluentd-ui, fluentd
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mZzd4LWc4MnItOTRxY84AAyet
Ruby Time component ReDoS issue
Ecosystems: rubygems
Packages: time
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1odjVqLTNoOWYtOTljMs4AAyes
Ruby URI component ReDoS issue
Ecosystems: rubygems
Packages: uri
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tODc1LTN4ZjYtbWY3OM4AAyeB
unpoly-rails Denial of Service vulnerability
Ecosystems: rubygems
Packages: unpoly-rails
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12cHF2LW1xdmMtcGN4Ms4AAyKB
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails
Ecosystems: rubygems
Packages: twitter-bootstrap-rails
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq
Possible Denial of Service Vulnerability in Rack's header parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wajczLXY1bXctcG05as4AAyIp
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Statistics
Advisories: 19,557
Packages: 8,629
Repositories: 287
Ecosystems: 12
Filter by Package
actionpack 58 nokogiri 43 rubygems-update 25 rack 23 puppet 23 activerecord 21 publify_core 14 activesupport 14 passenger 13 actionview 12 rails 11 puma 11 fat_free_crm 10 jquery-rails 9 decidim 9 rails-html-sanitizer 9 jquery 8 org.webjars.npm:jquery 8 org.jruby:jruby-stdlib 7 jQuery 7 jQuery.UI.Combined 7 jquery-ui 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 camaleon_cms 6 katello 6 doorkeeper 6 ember-source 6 loofah 6 spree_auth_devise 5 bundler 5 spree 5 sidekiq 5 commonmarker 5 grpc 4 grpcio 4 rails_admin 4 avo 4 devise 4 carrierwave 4 mail 4 sanitize 4 webrick 4 sinatra 4 dragonfly 4 fluentd 4 activestorage 4 yard 3 cgi 3 resque 3 bootstrap 3 gollum 3 omniauth 3 rest-client 3 geminabox 3 bootstrap 3 private_address_check 3 rexml 3 chartkick 3 rubyzip 3 io.grpc:grpc-protobuf 3 rdoc 3 rack-cors 3 phlex 3 json-jwt 3 decidim-core 3 activeadmin 3 git 3 openssl 3 ruby-saml 3 faye 2 twitter-bootstrap-rails 2 logstash-core 2 redcarpet 2 json 2 uri 2 httparty 2 VladTheEnterprising 2 omniauth-facebook 2 ox 2 echor 2 mini_magick 2 facter 2 yajl-ruby 2 git-fastclone 2 net-ldap 2 spina 2 bson 2 paperclip 2 kaminari 2 user_agent_parser 2 pghero 2 devise-two-factor 2 solidus_frontend 2 secure_headers 2 pdfkit 2 cocoapods-downloader 2 radiant 2 field_test 2 qiita-markdown 2 kramdown 2 decidim-templates 2 sprockets 2 mechanize 2 pyarrow 2 safemode 2 red-arrow 2 mapbox.js 2 i18n 2 google-protobuf 2 com.google.protobuf:protobuf-kotlin 2 administrate 2 sup 2 pageflow 2 mapbox-rails 2 com.google.protobuf:protobuf-java 2 bootstrap-sass 2 decidim-admin 2 view_component 2 ruby-openid 2 solidus_core 2 actiontext 2 paratrooper-newrelic 1 octopoller 1 jmespath 1 trilogy 1 date 1 github.com/github/hub 1 hub 1 sentry-raven 1 websocket-extensions 1 ruby_parser 1 railties 1 foreman_ansible 1 gitlab-grit 1 geokit-rails 1 multi_xml 1 keynote 1 padrino-contrib 1 bolt 1 omniauth-microsoft_graph 1 lynx 1 rubocop 1 ruby-mysql 1 kafo 1 hammer_cli_foreman 1 jruby-openssl 1 redcloth 1 em-http-request 1 command_wrap 1 gtk2 1 rotp 1 @turbo-boost/commands 1 activejob 1 personnummer 1 turbo_boost-commands 1 kcapifony 1 brbackup 1 discordrb 1 rmagick 1 diffy 1 recurly 1 solidus_backend 1 md2pdf 1 sounder 1 ldap_fluff 1 resque-scheduler 1 xapian-core 1 mixlib-archive 1 rswag 1 pdf_info 1 inline_svg 1 foreman_fog_proxmox 1 message_bus 1 shrine 1 papercrop 1 omniauth-auth0 1 spree_api 1 omniauth-apple 1 asciidoctor 1 audited 1 govuk_tech_docs 1 oauth 1 clockwork_web 1 trestle-auth 1 point-cli 1 openshift-origin-node 1 decidim-system 1 lean-ruport 1 flash_tool 1 tweetstream 1 ftpd 1 twitter-stream 1 pysha3 1 better_errors 1 sha3 1 mongrel 1 unpoly-rails 1 cap-strap 1 ruby-jss 1
Filter by Repository
https://github.com/rails/rails 55 https://github.com/sparklemotion/nokogiri 32 https://github.com/rubygems/rubygems 18 https://github.com/rack/rack 18 https://github.com/puppetlabs/puppet 15 https://github.com/publify/publify 13 https://github.com/decidim/decidim 11 https://github.com/puma/puma 11 https://github.com/phusion/passenger 10 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/jquery/jquery 9 https://github.com/doorkeeper-gem/doorkeeper 6 https://github.com/flavorjones/loofah 6 https://github.com/jquery/jquery-ui 6 https://github.com/solidusio/solidus 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/avo-hq/avo 4 https://github.com/rgrove/sanitize 4 https://github.com/ruby/openssl 4 https://github.com/sinatra/sinatra 4 https://github.com/owen2345/camaleon-cms 4 https://github.com/mikel/mail 4 https://github.com/markevans/dragonfly 4 https://github.com/carrierwaveuploader/carrierwave 4 https://github.com/Katello/katello 4 https://github.com/grpc/grpc 4 https://github.com/fluent/fluentd 4 https://github.com/activeadmin/activeadmin 3 https://github.com/cyu/rack-cors 3 https://github.com/sidekiq/sidekiq 3 https://github.com/rubyzip/rubyzip 3 https://github.com/ruby/rexml 3 https://github.com/geminabox/geminabox 3 https://github.com/ruby-git/ruby-git 3 https://github.com/rubygems/rubygems.org 3 https://github.com/gjtorikian/commonmarker 3 https://github.com/gollum/gollum 3 https://github.com/rest-client/rest-client 3 https://github.com/resque/resque 3 https://github.com/jtdowney/private_address_check 3 https://github.com/lsegal/yard 3 https://github.com/phlex-ruby/phlex 3 https://github.com/spree/spree 3 https://github.com/twbs/bootstrap 3 https://github.com/ruby/rdoc 2 https://github.com/brianmario/yajl-ruby 2 https://github.com/sup-heliotrope/sup 2 https://github.com/ruby-ldap/ruby-net-ldap 2 https://github.com/svenfuchs/i18n 2 https://github.com/svenfuchs/safemode 2 https://github.com/CocoaPods/cocoapods-downloader 2 https://github.com/codevise/pageflow 2 https://github.com/emberjs/ember.js 2 https://github.com/railsadminteam/rails_admin 2 https://github.com/faye/faye 2 https://github.com/thoughtbot/paperclip 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/gettalong/kramdown 2 https://github.com/plataformatec/devise 2 https://github.com/github/cmark-gfm 2 https://github.com/tinfoil/devise-two-factor 2 https://github.com/vmg/redcarpet 2 https://github.com/openid/ruby-openid 2 https://github.com/omniauth/omniauth 2 https://github.com/increments/qiita-markdown 2 https://github.com/ohler55/ox 2 https://github.com/nov/json-jwt 2 https://github.com/mperham/sidekiq 2 https://github.com/mongodb/bson-ruby 2 https://github.com/jnunemaker/httparty 2 https://github.com/kaminari/kaminari 2 https://github.com/twitter/secure_headers 2 https://github.com/ankane/chartkick 2 https://github.com/sparklemotion/mechanize 2 https://github.com/square/git-fastclone 2 https://github.com/ankane/field_test 2 https://github.com/ruby/webrick 2 https://github.com/ruby/uri 2 https://gitlab.com/gitlab-org/cves 2 https://github.com/ankane/pghero 2 https://github.com/igrigorik/em-http-request 1 https://github.com/amro/gibbon 1 https://github.com/hopsoft/turbo_boost-commands 1 https://github.com/heartcombo/devise 1 https://github.com/imsebao/404team 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/ankane/blazer 1 https://github.com/haml/haml 1 https://github.com/halostatue/minitar 1 https://github.com/Gurpartap/aescrypt 1 https://github.com/voloko/twitter-stream 1 https://github.com/GNOME/libxml2 1 https://github.com/wconrad/ftpd 1 https://github.com/github/view_component 1 https://github.com/github/trilogy 1 https://github.com/github/hub 1 https://github.com/ankane/chartkick.js 1 https://github.com/ankane/clockwork_web 1 https://github.com/getsentry/raven-ruby 1 https://github.com/geokit/geokit-rails 1 https://github.com/madler/zlib 1 https://github.com/macournoyer/thin 1 https://github.com/lynndylanhurley/devise_token_auth 1 https://github.com/tzinfo/tzinfo 1 https://github.com/ua-parser/uap-core 1 https://github.com/adamzaninovich/sounder 1 https://github.com/ua-parser/uap-ruby 1 https://github.com/unpoly/unpoly-rails 1 https://github.com/ViewComponent/view_component 1 https://github.com/josh/rack-ssl 1 https://github.com/jordansissel/ruby-arr-pm 1 https://github.com/affix/CVE-2022-36231 1 https://github.com/jnunemaker/crack 1 https://github.com/ahorner/text-helpers 1 https://github.com/jmespath/jmespath.rb 1 https://github.com/airbrake/airbrake-ruby 1 https://github.com/jirutka/asciidoctor-include-ext 1 https://github.com/jgarber/redcloth 1 https://github.com/jekyll/jekyll 1 https://github.com/janko/image_processing 1 https://github.com/jamesmartin/inline_svg 1 https://github.com/inukshuk/bibtex-ruby 1 https://github.com/AlchemyCMS/alchemy_cms 1 https://github.com/alexreisner/geocoder 1 https://github.com/webbynode/webbynode 1 https://github.com/denkGroot/Spina 1 https://github.com/dejan/espeak-ruby 1 https://github.com/zendesk/samlr 1 https://github.com/datamapper/extlib 1 https://github.com/zenspider/ruby_parser-legacy 1 https://github.com/ConradIrwin/em-imap 1 https://github.com/collectiveidea/audited 1 https://gitlab.com/2013/11 1 https://github.com/codders/dataset 1 https://github.com/aws/aws-sdk-ruby 1 https://github.com/chef/mixlib-archive 1 https://github.com/cgriego/active_attr 1 https://github.com/zvory/csv-safe 1 https://github.com/camilova/activerecord-update-by-case 1 https://github.com/bvsatyaram/random_password_generator 1 https://github.com/basecamp/easymon 1 https://github.com/basecamp/marginalia 1 https://github.com/bundler/bundler 1 https://github.com/basecamp/trix 1 https://github.com/bbatsov/rubocop 1 https://github.com/boazsegev/iodine 1 https://github.com/binarylogic/authlogic 1 https://github.com/BetterErrors/better_errors 1 https://github.com/beenhero/omniauth-weibo-oauth2 1 https://github.com/bdmac/strong_password 1 https://github.com/gazay/gon 1 https://github.com/fnando/svg_optimizer 1 https://github.com/ankane/pgsync 1 https://github.com/whiteleaf7/narou 1 https://github.com/flori/json 1 https://github.com/wycats/handlebars.js 1 https://github.com/ffi/ffi 1 https://github.com/faye/websocket-extensions-ruby 1 https://github.com/faye/faye-websocket-ruby 1 https://github.com/asciidoctor/asciidoctor 1 https://github.com/XKCP/XKCP 1 https://github.com/asteinhauser/fat_free_crm 1 https://github.com/exiftool-rb/exiftool_vendored.rb 1 https://github.com/excon/excon 1 https://github.com/evan/ccsv 1 https://github.com/auth0/omniauth-auth0 1 https://github.com/elastic/logstash 1 https://github.com/elastic/apm-agent-ruby 1 https://github.com/ejschmitt/delayed_job_web 1 https://github.com/dspinhirne/netaddr-rb 1 https://github.com/doorkeeper-gem/doorkeeper-openid_connect 1 https://github.com/ytti/oxidized-web 1 https://github.com/dmendel/bindata 1 https://github.com/discourse/rails_multisite 1 https://github.com/discourse/message_bus 1 https://github.com/ruby/stringio 1 https://github.com/ruby/ruby 1 https://github.com/stimulusreflex/stimulus_reflex 1 https://github.com/ruby/rake 1 https://github.com/ruby-grape/grape 1 https://github.com/synth/omniauth-microsoft_graph 1 https://github.com/rubygems/bundler 1 https://github.com/ruby/fileutils 1 https://github.com/ruby/date 1 https://github.com/ruby/cgi 1 https://github.com/rtomayko/rack-cache 1 https://github.com/rswag/rswag 1 https://github.com/rsantamaria/papercrop 1 https://github.com/rmagick/rmagick 1 https://github.com/theforeman/foreman_ansible 1 https://github.com/rf-/keynote 1 https://github.com/restforce/restforce 1 https://github.com/theforeman/foreman_fog_proxmox 1 https://github.com/resque/resque-scheduler 1 https://github.com/theforeman/ldap_fluff 1 https://github.com/redis-store/redis-store 1 https://github.com/recurly/recurly-client-ruby 1 https://github.com/rdoc/rdoc 1