Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

rubygems Security Advisories

Loading...
High
GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE
Rack has possible DoS Vulnerability in Multipart MIME parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjcnItOXZtZy04NjR2
Improper Input Validation in Active Record
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcWotY2c3OS1mMnB2
Thumbshooter vulnerable to Code Injection
Ecosystems: rubygems
Packages: thumbshooter
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1ycmZjLTdnOHAtOTlxOM4AAwSi
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05aDlnLTkzZ2MtNjIzaM4AAwSh
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yMjhnLTk0OHItODNneM4AAwSd
Improper neutralization of data URIs may allow XSS in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyZjUtam02Zi0yZm1t
Active Record subject to strong parameters protection bypass
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyN2YtdjNyNi05djc3
Improper Certificate Validation in EM-HTTP-Request
Ecosystems: rubygems
Packages: em-http-request
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjNTYtY3Btdy04OXg3
Out-of-bounds read in nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY1M20tcjMzeC0zOWZm
Geminabox contains Cross-site Scripting
Ecosystems: rubygems
Packages: geminabox
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3
Uncontrolled Resource Consumption in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS01Y3FtLWNyeG0tNnFwds0bSA
Buffer overrun in CGI.escape_html
Ecosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5OG0tOTZnOS13Zmpx
Insecure path handling in Bundler
Ecosystems: rubygems
Packages: bundler
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzODUtNTJqNi05OTg0
Withdrawn: HTTP Request Smuggling in Agoo
Ecosystems: rubygems
Packages: agoo
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05cXZtLTJ2aGYtcTY0Oc4AAYC6
RubyGems Regular Expression Denial of Service
Ecosystems: rubygems
Packages: rubygems-update
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tYzZqLWg5NDgtdjJwNs4AATbI
RubyGems Improper Verification of Cryptographic Signature vulnerability
Ecosystems: maven, rubygems
Packages: org.jruby:jruby-stdlib, rubygems-update
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04bXZ3LTIycjctdzZmcc3iEg
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name
Ecosystems: rubygems
Packages: ruby_parser
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxdmYtODkyci12am01
Improper Certificate Validation in Puppet
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ycWM2LW1jdnctOTJjd84AAvaT
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS0zeGc4LWNjOGYtOXd2Ms4AAv9V
Unsanitized input leading to code injection in Dalli
Ecosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wNzVjLTV4M2gtY3hjZ84AAvNV
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczMjItOW14Ni01ajJt
redcarpet Buffer Overflow vulnerability
Ecosystems: rubygems
Packages: redcarpet
Source: GitHub Advisory Database
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4aGMtcTg1Ny0zajZn
Regular Expression Denial of Service in Addressable templates
Ecosystems: rubygems
Packages: addressable
Source: GitHub Advisory Database
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycDktdjc0NC1td2pq
Remote code execution in Kramdown
Ecosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2cDgtcTRwai1mNzRt
Improper Certificate Validation in twitter-stream
Ecosystems: rubygems
Packages: twitter-stream
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tODc1LTN4ZjYtbWY3OM4AAyeB
unpoly-rails Denial of Service vulnerability
Ecosystems: rubygems
Packages: unpoly-rails
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NzctcHJxNC05eGZ3
Open Redirect in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmM3ctZzg2aC0zNXg0
Code Injection vulnerability in CarrierWave::RMagick
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jYzhjLTI2cmotdjJ2eM4AAt2Q
administrate vulnerable to Cross-Site Request Forgery
Ecosystems: rubygems
Packages: administrate
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1yY3g2LTdqcDYtcHFmMs4AAVW9
ember-source Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: ember-source
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalID
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: 5 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4dmotajNxaC14OGMz
Race Condition in private_address_check
Ecosystems: rubygems
Packages: private_address_check
Source: GitHub Advisory Database
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4amotNXg2aC04dm1m
Cross-site Scripting in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5Z3ItdzU3Zi1ycGZ3
actionpack vulnerable to Path Traversal
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdqeDItN2hxcS04aDdt
rails_admin ruby gem XSS vulnerability
Ecosystems: rubygems
Packages: rails_admin
Source: GitHub Advisory Database
Published: over 2 years ago
High
GSA_kwCzR0hTQS13cnJ3LWNycDgtOTc5cc4AAuzs
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
Ecosystems: rubygems
Packages: pageflow
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1qeDV2LTc4OGctcXc1OM4AARNZ
katello SQL Injection vulnerability
Ecosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tbW1tLWNoamYtam12d84AAmp5
Gitaly Insufficient Session Expiration vulnerability
Ecosystems: rubygems
Packages: gitaly
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01anJwLXc4ZnItbXJ3d83uVQ
Fluentd Escape Sequence Injection Vulnerability
Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yMncyLWg2cjgtM3I1M84AAqXz
Camaleon CMS vulnerable to Uncaught Exception
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVoNXItZmZjNC1jNDU1
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability
Ecosystems: rubygems
Packages: strong_password
Source: GitHub Advisory Database
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwMjktOTRocC04cnZj
qiita-markdown Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: qiita-markdown
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13OXZ2LWZ2dzgtajZxM84AAXfu
codders-dataset Process Table Local Plaintext Credential Disclosure
Ecosystems: rubygems
Packages: codders-dataset
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1xMmhtLWd4M2YtaDYzcc4AAuAZ
Backdoor / Malicious code
Ecosystems: rubygems
Packages: lita-coin
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13ajVqLXhwY2otNDVnY84AAuAU
Cross-Site Request Forgery (CSRF)
Ecosystems: rubygems
Packages: devise_invitable
Source: GitHub Advisory Database
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnNmotcjI4bS03Mjkz
Code Injection in simple_captcha2
Ecosystems: rubygems
Packages: simple_captcha2
Source: GitHub Advisory Database
Published: almost 4 years ago
High
GSA_kwCzR0hTQS02d2o5LTc3d3EtanE3cM1Auw
Nokogiri is vulnerable to XML External Entity (XXE) attack
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xOTVoLWNxcnYtOGp2Nc4AAxGB
ExifTool vulnerable to arbitrary code execution
Ecosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 5 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4Y20tMzY0Zi1xOXFo
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzZ3YtOWN4Zi02ZjU3
Cross-site Scripting in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS03OXdxLWc0djktZ2ZqNM4AAw-2
Publify Core does not strip metadata from images
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1weHZnLTJxajUtMzdqcc4AAytn
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0M3YtZ2oyYy1yM2No
activemodel contains Improper Input Validation
Ecosystems: rubygems
Packages: activemodel
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1xcHF3LW1jODUtcXZtOc4AAtDn
OS Command Injection in awesome spawn
Ecosystems: rubygems
Packages: awesome_spawn
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4NXctdmM4NC13eGN4
Doorkeeper contains Cross-site Request Forgery
Ecosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5OW0tbWNqbS05Y3c4
actionpack vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1majJ3LXFtanAtM3Jqbc4AAtaY
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog
Ecosystems: rubygems
Packages: gollum
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13Y2Z4LTNtNnYtNGZyZ84AAeVa
Fat Free CRM subject to Cross-site Scripting
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mMjVoLTNtajYtNGpwZ84AAe1f
Fat Free CRM vulnerable to Exposure of Sensitive Information
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05Z2dwLTVyZjQteDdxOc4AAe1h
Fat Free CRM vulnerable to SQL Injection
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00eHE5LXZ3ODktcDVjeM4AAe1N
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tY3ZxLTd4anEtNDZ4Ns4AAe1M
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nODk3LWNnZmMtN3E4ds4AAe1L
Fat Free CRM has fixed token value
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nbWc1LXIzYzQtM2ZtOc4AAg9y
Fat Free CRM Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS13cjVqLXEzNTktNnZyMs4AAXfh
backup-agoddard and backup_checksum have Information Exposure vulnerability
Ecosystems: rubygems
Packages: backup_checksum, backup-agoddard
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4cmMtOGMyOS1wNDVn
actionpack allows remote code execution via application's unrestricted use of render method
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5M2otaG1jci1qY3do
Data Injection Vulnerability in moped Rubygem
Ecosystems: rubygems
Packages: moped
Source: GitHub Advisory Database
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4bWYtOGY1Ny02NHFm
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjcWYtaDRoNC02OTVt
actionpack CRLF injection vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5Y2gtOG12cC1nN201
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename
Ecosystems: rubygems
Packages: md2pdf
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjM20tdjI4Ni0yandq
actionview Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1cmotZzY5NS0zNDJy
Fat Free CRM vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4aGotaHA5bS1xd2M0
private_address_check vulnerable to bypass of Resolv.getaddresses method
Ecosystems: rubygems
Packages: private_address_check
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3NTktaHd2Yy1tM2pn
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1weGYtZ2N3Mi1wdzVx
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00NnAtZ2dtNS01ajgz
Rails vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5NnIteHZqcS1yOXBn
activesupport vulnerable to Denial of Service via large XML document depth
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS12bTc0LWo0d3EtODJ4as4AAxBY
Sisimai Inefficient Regular Expression Complexity vulnerability
Ecosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxNWotZ3c3Zi1qZ2o4
CSRF Vulnerability in rails-ujs
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1xM3JtLWY1MjctZ2h4as4AAw-1
Publify Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2cXItaDV2cS01OWpj
Untrusted users can run pending migrations in production in Rails
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4dnAtNHh3Yy1qcHA2
activesupport Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4OWotNDZyaC1mcXI4
actionview Path Traversal vulnerability
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwdzctd3hqbS1jdzhy
actionpack allows bypass of database-query restrictions
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS13eDdjLThqMzUtbXBnOM4AAWDM
Fat Free CRM Cross-Site Request Forgery vulnerability
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzM2ctcnByNC03aHhx
Backdoor / Malicious code
Ecosystems: rubygems
Packages: omniauth_amazon, coming-soon, bitcoin_vanity, capistrano-colors, doge-coin, awesome-bot, blockchain_wallet, coin_base, cron_parser, rest-client
Source: GitHub Advisory Database
Published: almost 4 years ago
High
GSA_kwCzR0hTQS04Y3cyLWp2NWMtYzgyNc4AAina
Missing Initialization of Resource in Apache Arrow
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xbTItY2dwci1wNG02
Unintended read access in kramdown gem
Ecosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS05Y2hyLTRmamgtNXJnd84AAvjh
Cross-site Scripting in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmNDItcDg0ai1mNThw
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNjgtZjc0di05d2M2
Unintended unmarshalling in ActiveSupport
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmaGYtNjkzOS1xZzhw
rest-client vulnerable to Session Fixation
Ecosystems: rubygems
Packages: rest-client
Source: GitHub Advisory Database
Published: almost 5 years ago
High
GSA_kwCzR0hTQS1janc0LTJ3OXItcjhtds4AAinR
Missing Initialization of Resource in Apache Arrow
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzdjQtcHh2bS02M2o4
HTTP Request Smuggling in reel
Ecosystems: rubygems
Packages: reel
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmOGYtdzI2Ny1tcTJo
The rack-cors rubygem may allow directory traveral
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4amgtbTNxeC00OXdj
Jekyll allows attackers to access arbitrary files by specifying a symlink in the `include` key in the `_config.yml` file
Ecosystems: rubygems
Packages: jekyll
Source: GitHub Advisory Database
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtdnItNXgyZy13ZmM4
Bootstrap Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: bootstrap
Source: GitHub Advisory Database
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqOWMtOXZtdi03bTM5
Missing anchor in Rack-Cors allows malicious third party site to perform CORS request
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVqY2YtYzVyZy1ybW04
paperclip Server-Side Request Forgery vulnerability
Ecosystems: rubygems
Packages: paperclip
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloMzYtNGpmMi1oeDUz
extlib does not properly restrict casts of string values
Ecosystems: rubygems
Packages: extlib
Source: GitHub Advisory Database
Published: over 5 years ago
Filter by Package
actionpack 57 nokogiri 28 rubygems-update 25 activerecord 24 rack 20 puppet 13 publify_core 13 rails-html-sanitizer 12 rails 12 actionview 12 activesupport 12 fat_free_crm 11 passenger 9 puma 9 org.jruby:jruby-stdlib 7 loofah 6 camaleon_cms 6 ember-source 6 doorkeeper 6 katello 5 spree 5 spree_auth_devise 5 bundler 4 safemode 4 devise 4 mail 4 commonmarker 4 rubyzip 4 sinatra 4 dragonfly 4 cgi 3 geminabox 3 private_address_check 3 rails_admin 3 fluentd 3 gollum 3 rest-client 3 bootstrap 3 sanitize 3 paperclip 3 ruby-saml 3 sidekiq 3 git 3 chartkick 3 omniauth 3 sprockets 3 activestorage 3 jquery-rails 3 httparty 2 red-arrow 2 administrate 2 kramdown 2 redcarpet 2 carrierwave 2 pageflow 2 qiita-markdown 2 activemodel 2 pyarrow 2 facter 2 json-jwt 2 avo 2 git-fastclone 2 ox 2 espeak-ruby 2 colorscore 2 web-console 2 bootstrap 2 jQuery 2 jquery 2 ruby-openid 2 bootstrap-sass 2 field_test 2 festivaltts4r 2 mechanize 2 metasploit-framework 2 radiant 2 rdoc 2 secure_headers 2 faye 2 yajl-ruby 2 user_agent_parser 2 bson 2 minitar 2 rack-cors 2 pdfkit 2 rack-mini-profiler 2 archive-tar-minitar 2 net-ldap 2 yard 2 mini_magick 2 i18n 2 json 2 VladTheEnterprising 2 omniauth-facebook 2 google-protobuf 2 sup 2 mapbox-rails 2 mapbox.js 2 webrick 2 pghero 2 com.google.protobuf:protobuf-java 2 com.google.protobuf:protobuf-kotlin 2 devise-two-factor 2 cocoapods-downloader 2 solidus_core 2 solidus_frontend 2 rubocop 1 airbrake-ruby 1 geocoder 1 uap-core 1 personnummer 1 activeresource 1 gemirro 1 solidus_backend 1 diffy 1 active-support 1 org.jruby:jruby-parent 1 sorcery 1 websocket-extensions 1 shrine 1 dependabot-omnibus 1 dependabot-common 1 spree_api 1 omniauth-apple 1 pgsync 1 faye-websocket 1 devise_token_auth 1 spina 1 gollum-lib 1 fileutils 1 em-imap 1 pdf_info 1 elastic-apm 1 thin 1 multi_xml 1 sqlite3-ruby 1 fog-dragonfly 1 newrelic_rpm 1 goliath 1 narou 1 railties 1 netaddr 1 rexml 1 paratrooper-newrelic 1 restforce 1 kcapifony 1 lynx 1 show_in_browser 1 update_by_case 1 ciborg 1 clearance 1 cap-strap 1 lawn-login 1 sensu 1 openshift-origin-node 1 simple_form 1 ruby-jss 1 date 1 matestack-ui-core 1 sfpagent 1 kaminari 1 solidus_api 1 omniauth-auth0 1 haml 1 brbackup 1 trestle-auth 1 better_errors 1 rails_multisite 1 redis-store 1 bibtex-ruby 1 twitter-bootstrap-rails 1 ffi 1 samlr 1 message_bus 1 padrino-contrib 1 marginalia 1 image_processing 1 datagrid 1 omniauth-saml 1 view_component 1 slanger 1 gibbon 1 random_password_generator 1 trilogy 1 pysha3 1 sha3 1 apollo_upload_server 1 blazer 1 kitchen-terraform 1 rack-ssl 1 pay 1 command_wrap 1 webbynode 1 nori 1 crack 1 rwiki 1 paranoid2 1 bootstrap-sass 1 audited 1 inline_svg 1 active_attr 1 asciidoctor-include-ext 1 oxidized-web 1 recurly 1 tmpdir 1 csv-safe 1 octopoller 1 mixlib-archive 1 smalruby-editor 1 smalruby 1 kafo 1 jmespath 1 chloride 1 features 1 omniauth-weibo-oauth2 1 point-cli 1 http 1 xapian-core 1 hammer_cli_foreman 1 smashing 1 ccsv 1 cairo 1 sentry-raven 1 ldap_fluff 1 xaviershay-dm-rails 1 authlogic 1 kajam 1 iodine 1 rexical 1 flash_tool 1 karteek-docsplit 1 lean-ruport 1 rbovirt 1 gtk2 1 tweetstream 1 gon 1 RedCloth 1 bootstrap 1 bootstrap.sass 1 text_helpers 1 arabic-prawn 1 delayed_job_web 1 chartkick 1 redcloth 1 many_versioned_gem 1 rack-cache 1 consul 1 ruby_parser-legacy 1 activejob 1 curupira 1 rack-protection 1 asciidoctor 1 rake 1 Bootstrap.Less 1 gyazo 1 easymon 1 activerecord-session_store 1 foreman_fog_proxmox 1 com.google.protobuf:protobuf-javalite 1 bindata 1 papercrop 1 oauth 1 devise_masquerade 1 cremefraiche 1 ldoce 1 cocaine 1 kelredd-pruview 1 keynote 1 jruby-openssl 1 jquery-ui 1 octokit 1 extlib 1 will_paginate 1 com.google.protobuf:protobuf-kotlin-lite 1 jekyll 1 jquery-ujs 1 reel 1 aescrypt 1 curl 1 actionmailer 1 actionpack-page_caching 1 cron_parser 1 coin_base 1 blockchain_wallet 1 awesome-bot 1 doge-coin 1 capistrano-colors 1 bitcoin_vanity 1 coming-soon 1 rgpg 1 foreman_ansible 1 time 1 govuk_tech_docs 1 sisimai 1 md2pdf 1 smart_proxy_dynflow 1 mcollective-client 1 backup_checksum 1 backup-agoddard 1 excon 1