Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

rubygems Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: pypi, pub, packagist, cargo, rubygems, swift, nuget, go, maven, npm
Packages: pubnub, pubnub/pubnub, https://github.com/pubnub/swift, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1neGh4LWc0ZnEtNDloas4AA3a3
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1mcmdmLThqcjUtajJqds4AA2zW
memory leak flaw was found in ruby-magick
Ecosystems: rubygems
Packages: rmagick
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zcHg3LWptMnAtNmgyY84AA2oN
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
Ecosystems: rubygems
Packages: encoded_id-rails
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02aHZnLTYycTgtOTV2N84AA2mT
svg_optimizer rubygem external XML entity (XXE) vulnerability
Ecosystems: rubygems
Packages: svg_optimizer
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0yODltLTI5NjQtZjhxNc4AA2Rv
Puppet Bolt privilege escalation vulnerability
Ecosystems: rubygems
Packages: bolt
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS03eHZjLXY0NGotNDZmaM4AA2RG
geokit-rails Command Injection vulnerability
Ecosystems: rubygems
Packages: geokit-rails
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS02MzloLTg2aHctcWNqcc4AA2Qo
Decidim has broken access control in templates
Ecosystems: rubygems
Packages: decidim, decidim-templates
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS05amZxLTU0dmMtOXJyMs4AA2Ai
Foreman Transpilation Enables OS Command Injection
Ecosystems: rubygems
Packages: foreman
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zcWMyLXYzaHAtNmN2OM4AA13Y
sidekiq Denial of Service vulnerability
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jcjVxLTZxOWYtcnE2cc4AA1eP
Active Support Possibly Discloses Locally Encrypted Files
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 4 months ago
Critical
GSA_kwCzR0hTQS02OHhnLWdxcW0tdmdqOM4AA1Yw
Puma HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS03dmg3LWZ3ODgtd2o4N84AA1Il
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02andjLXFyMnEtN3h3as4AA1CM
protocol-http1 HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: protocol-http1
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS12Yzc5LTY1cHItcTgyds4AA0uC
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
Ecosystems: rubygems
Packages: rswag
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00NjloLW1xZzgtNTM1cs4AA0m3
Decidim Cross-site Scripting vulnerability in the external link redirections
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS01NjUyLTkycjktM2Z4Oc4AA0m4
Decidim Cross-site Scripting vulnerability in the processes filter
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1qbTc5LTlwbTQtdnJ3Oc4AA0m2
Decidim vulnerable to sensitive data disclosure
Ecosystems: rubygems
Packages: decidim-meetings, decidim
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS02NjI4LXE2ajktdzh2Z84AA0dX
gRPC Reachable Assertion issue
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS05aHhmLXBwanYtdzZycc4AA0dy
gRPC connection termination issue
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1mNXd3LWNxM20tcTNnN84AA0Xi
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1jZmdwLTI5NzctMmZtbc4AA0N9
Connection confusion in gRPC
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1od3cyLTVnODUtNDI5bc4AA0Ip
URI gem has ReDoS vulnerability
Ecosystems: rubygems
Packages: uri
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00Zzh2LXZnNDMtd3BnZs4AA0Io
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS05N3doLTZobWotZzhqOc4AA0GL
Spina Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0yNTdxLXB2ODktdjN4ds4AA0D1
jQuery Cross Site Scripting vulnerability
Ecosystems: npm, nuget, rubygems
Packages: jquery, org.webjars.npm:jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03dzJjLXc0N2gtNzg5d84AAzyW
Doorkeeper Improper Authentication vulnerability
Ecosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14cDVoLWY4amYtcmM4cc4AAzxa
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oMndtLXAydmctNnB3NM4AAzxZ
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Ecosystems: rubygems
Packages: kredis
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1xY20zLXZmcTUtd2ZyMs4AAzr_
RedCloth Regular Expression Denial of Service issue
Ecosystems: rubygems
Packages: RedCloth
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS04NmgyLTJnNGctMjlxeM4AAzr6
avo possible unsafe reflection / partial DoS vulnerability
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS01Y3I5LTVqeDMtMmczOc4AAzrM
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1yMzY0LTJwajQtcGY3Zs4AAzf1
ruby-saml vulnerable to XPath injection
Ecosystems: rubygems
Packages: ruby-saml
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS14NDg3LTg2Nm0tcDhocs4AAze4
Server-Side Template Injection in Camaleon CMS
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1oanAzLTVnMnEtN2p3d84AAzCk
Race Condition leading to logging errors
Ecosystems: rubygems
Packages: audited
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02dzRtLTJ4aGctMjY1OM4AAy-v
Buffer overflow in sponge queue functions
Ecosystems: rubygems, pypi
Packages: sha3, pysha3
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS02NWcyLXg1M3EtY21mNs4AAy9A
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Ecosystems: rubygems
Packages: kitchen-terraform
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1oM3I4LWg1cXctNHIzNc4AAy6H
sidekiq vulnerable to cross-site scripting
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1jcWYzLXZweDctcnhod84AAy5d
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
Ecosystems: rubygems
Packages: pay
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00OHdwLXA5cXYtNGo2NM4AAytp
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1weHZnLTJxajUtMzdqcc4AAytn
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS14Mnh3LWh3OGctNjc3M84AAyrS
govuk_tech_docs vulnerable to unescaped HTML on search results page
Ecosystems: rubygems
Packages: govuk_tech_docs
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS13cnhmLXg4cm0tNmdnZ84AAyiM
Fluent Fluentd and Fluent-ui use default password
Ecosystems: rubygems
Packages: fluentd-ui, fluentd
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1odjVqLTNoOWYtOTljMs4AAyes
Ruby URI component ReDoS issue
Ecosystems: rubygems
Packages: uri
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1mZzd4LWc4MnItOTRxY84AAyet
Ruby Time component ReDoS issue
Ecosystems: rubygems
Packages: time
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1tODc1LTN4ZjYtbWY3OM4AAyeB
unpoly-rails Denial of Service vulnerability
Ecosystems: rubygems
Packages: unpoly-rails
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12cHF2LW1xdmMtcGN4Ms4AAyKB
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails
Ecosystems: rubygems
Packages: twitter-bootstrap-rails
Source: GitHub Advisory Database
Published: 9 months ago
Low
GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq
Possible Denial of Service Vulnerability in Rack's header parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1wajczLXY1bXctcG05as4AAyIp
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 9 months ago
High
GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE
Rack has possible DoS Vulnerability in Multipart MIME parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 9 months ago
Critical
GSA_kwCzR0hTQS05ZmgzLWo5OW0tZjR2N84AAxys
Code injection in pdf_info
Ecosystems: rubygems
Packages: pdf_info
Source: GitHub Advisory Database
Published: 10 months ago
High
GSA_kwCzR0hTQS02cG0yLWoydjgtaDNjas4AAxcI
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
Ecosystems: rubygems
Packages: metasploit-framework
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1wNHh4LXc2ZnItYzR3Oc4AAxVr
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Ecosystems: rubygems
Packages: clockwork_web
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1nN2dmLTJycXctNXJ3eM4AAxPk
Publify contains Weak Password Requirements
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1mdzNnLTJoM2otcW1tN84AAxPa
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 11 months ago
High
GSA_kwCzR0hTQS02MzI1LTZnMzItN3AzNc4AAxNI
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Ecosystems: rubygems
Packages: flash_tool
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS03NDZnLTNnZnAtaGZod84AAxNH
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04OHA4LTR2djUtODJqN84AAxNG
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Ecosystems: rubygems
Packages: xaviershay-dm-rails
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS02MzZmLXhtNWotcGo5bc4AAxIx
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 11 months ago
High
GSA_kwCzR0hTQS1xOTVoLWNxcnYtOGp2Nc4AAxGB
ExifTool vulnerable to arbitrary code execution
Ecosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS14Z3Y3LXBxcWgtaDJ3Oc4AAxEu
jruby-openssl gem for JRuby fails to do proper certificate validation
Ecosystems: rubygems
Packages: jruby-openssl
Source: GitHub Advisory Database
Published: 11 months ago
Low
GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0
Denial of Service Vulnerability in Rack Content-Disposition parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 months ago
Low
GSA_kwCzR0hTQS1wODR2LTQ1eGotd3dxas4AAxDz
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 months ago
Low
GSA_kwCzR0hTQS1qNmdjLTc5Mm0tcWdtMs4AAxDy
ReDoS based DoS vulnerability in Active Support's underscore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05NDQ1LTRjcjYtMzM2cs4AAxDx
Open Redirect Vulnerability in Action Pack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 months ago
High
GSA_kwCzR0hTQS01Nzl3LTIyajQtNDc0Oc4AAxDw
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 months ago
Low
GSA_kwCzR0hTQS04eHd3LXgzZzMtNmpjds4AAxDv
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 months ago
High
GSA_kwCzR0hTQS1ocTdwLWozNzctNnY2M84AAxDu
SQL Injection Vulnerability via ActiveRecord comments
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 months ago
High
GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt
Denial of service via header parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 months ago
Low
GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs
Denial of service via multipart parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 months ago
Low
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalID
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12bTc0LWo0d3EtODJ4as4AAxBY
Sisimai Inefficient Regular Expression Complexity vulnerability
Ecosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: 11 months ago
High
GSA_kwCzR0hTQS1wcGhmLWdmcm0tdjMycs4AAxAx
Code injection in ruby git
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 11 months ago
Critical
GSA_kwCzR0hTQS04NWdmLXdyNjctZjgzd84AAw_f
curupira is vulnerable to SQL injection
Ecosystems: rubygems
Packages: curupira
Source: GitHub Advisory Database
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1yYzQyLWpnaGYtdnI4Zs4AAw-0
Integer overflow in publify_core
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1xM3JtLWY1MjctZ2h4as4AAw-1
Publify Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS03OXdxLWc0djktZ2ZqNM4AAw-2
Publify Core does not strip metadata from images
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 11 months ago
High
GSA_kwCzR0hTQS1wZnByLTM0NjMtYzZqaM4AAw1C
ruby-git has potential remote code execution vulnerability
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wMzNxLTRoNG0tajk5NM4AAwy7
Inline SVG vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: inline_svg
Source: GitHub Advisory Database
Published: 11 months ago
High
GSA_kwCzR0hTQS12Zjk5LXh3MjYtODZnNc4AAwwE
PgHero Allows Information Disclosure Through EXPLAIN Feature
Ecosystems: rubygems
Packages: pghero
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01cHE3LTUybWctaHI0Ms4AAwuQ
httparty has multipart/form-data request tampering vulnerability
Ecosystems: rubygems
Packages: httparty
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0zOTlwLXZxMjgtNWhnOM4AAwre
keynote Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: keynote
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04cXdoLXJtNmMtanY5Ns4AAwnZ
Oxidized Web vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: oxidized-web
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS03NGhjLTU3bTUtODNjaM4AAwgl
text_helpers uses web link to untrusted target with window.opener access
Ecosystems: rubygems
Packages: text_helpers
Source: GitHub Advisory Database
Published: 12 months ago
High
GSA_kwCzR0hTQS00d2hmLXJteDUtOGZyds4AAwZi
active_attr Improper Resource Shutdown or Release vulnerability
Ecosystems: rubygems
Packages: active_attr
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1ycmZjLTdnOHAtOTlxOM4AAwSi
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05aDlnLTkzZ2MtNjIzaM4AAwSh
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1tY3ZmLTJxMm0teDcybc4AAwSg
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
High
GSA_kwCzR0hTQS01eDc5LXc4MmYtZ3c4d84AAwSf
Inefficient Regular Expression Complexity in rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 12 months ago
High
GSA_kwCzR0hTQS0zeDhyLXg2eHAtcTR2bc4AAwSe
Uncontrolled Recursion in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS0yMjhnLTk0OHItODNneM4AAwSd
Improper neutralization of data URIs may allow XSS in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 12 months ago
High
GSA_kwCzR0hTQS00ODZmLWhqajktOXZoaM4AAwSc
Inefficient Regular Expression Complexity in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 12 months ago
High
GSA_kwCzR0hTQS1xdjRxLW1yNXItcXByas4AAwNH
Unchecked return value from xmlTextReaderExpand
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yeDh4LWptcnAtcGh4d84AAwGK
Sinatra vulnerable to Reflected File Download attack
Ecosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0zeGc4LWNjOGYtOXd2Ms4AAv9V
Unsanitized input leading to code injection in Dalli
Ecosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS12YzQ3LTZycWctYzdmNc4AAv82
HTTP response splitting in CGI
Ecosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mcHBxLW1qNzYtZnBqMs4AAvrA
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS05Y2hyLTRmamgtNXJnd84AAvjh
Cross-site Scripting in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ycWM2LW1jdnctOTJjd84AAvaT
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wNzVjLTV4M2gtY3hjZ84AAvNV
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Published: about 1 year ago
Filter by Package
actionpack 63 nokogiri 40 rubygems-update 25 activerecord 24 rack 20 puppet 16 activesupport 15 publify_core 14 actionview 14 passenger 13 rails-html-sanitizer 12 fat_free_crm 11 jquery-rails 11 jquery 10 rails 10 puma 10 org.webjars.npm:jquery 9 org.webjars.npm:jquery-ui 8 jQuery.UI.Combined 8 jquery-ui-rails 8 jquery-ui 8 jQuery 8 org.jruby:jruby-stdlib 7 doorkeeper 7 camaleon_cms 6 ember-source 6 loofah 6 bundler 5 katello 5 spree 5 commonmarker 5 spree_auth_devise 5 mail 4 fluentd 4 devise 4 sanitize 4 safemode 4 sidekiq 4 rubyzip 4 decidim 4 sinatra 4 dragonfly 4 webrick 3 grpcio 3 io.grpc:grpc-protobuf 3 grpc 3 geminabox 3 private_address_check 3 carrierwave 3 rails_admin 3 gollum 3 rest-client 3 bootstrap 3 paperclip 3 git 3 chartkick 3 cgi 3 omniauth 3 sprockets 3 activestorage 3 openssl 3 ruby-saml 3 bootstrap-sass 2 bootstrap 2 uri 2 yajl-ruby 2 redcarpet 2 kramdown 2 administrate 2 pageflow 2 qiita-markdown 2 sup 2 echor 2 activemodel 2 net-ldap 2 pyarrow 2 red-arrow 2 rack-cors 2 jquery 2 rack-mini-profiler 2 yard 2 VladTheEnterprising 2 mini_magick 2 json 2 pdfkit 2 omniauth-facebook 2 devise-two-factor 2 decidim-core 2 mapbox-rails 2 mapbox.js 2 pghero 2 google-protobuf 2 cocoapods-downloader 2 solidus_frontend 2 com.google.protobuf:protobuf-java 2 solidus_core 2 com.google.protobuf:protobuf-kotlin 2 mechanize 2 festivaltts4r 2 metasploit-framework 2 radiant 2 ox 2 secure_headers 2 spina 2 user_agent_parser 2 i18n 2 faye 2 httparty 2 facter 2 rdoc 2 bson 2 avo 2 field_test 2 logstash-core 2 minitar 2 archive-tar-minitar 2 twitter-bootstrap-rails 2 json-jwt 2 colorscore 2 espeak-ruby 2 git-fastclone 2 web-console 2 ruby-openid 2 foreman_ansible 1 encoded_id-rails 1 omniauth-oauth2 1 show_in_browser 1 will_paginate 1 railties 1 sqlite3 1 com.google.protobuf:protobuf-javalite 1 airbrake-ruby 1 com.google.protobuf:protobuf-kotlin-lite 1 curupira 1 restforce 1 text_helpers 1 keynote 1 sentry-raven 1 sfpagent 1 openshift-origin-node 1 curl 1 rgpg 1 svg_optimizer 1 sounder 1 cremefraiche 1 fastreader 1 kelredd-pruview 1 gollum-lib 1 rubocop 1 clockwork_web 1 tzinfo 1 geokit-rails 1 kredis 1 sqlite3-ruby 1 sensu 1 decidim-templates 1 codders-dataset 1 iodine 1 actionpack-page_caching 1 paratrooper-newrelic 1 grape 1 haml 1 paratrooper-pingdom 1 ruby-mysql 1 gyazo 1 paranoid2 1 delayed_job_web 1 http 1 many_versioned_gem 1 jmespath 1 marginalia 1 datagrid 1 padrino-contrib 1 bolt 1 bibtex-ruby 1 octokit 1 arr-pm 1 excon 1 geocoder 1 RedCloth 1 rack-ssl 1 activeresource 1 doorkeeper-openid_connect 1 actionmailer 1 command_wrap 1 devise_token_auth 1 wicked 1 personnummer 1 open-uri-cached 1 solidus_backend 1 active-support 1 ruby_parser 1 arabic-prawn 1 gitlab-grit 1 diffy 1 rmagick 1 rwiki 1 uap-core 1 sorcery 1 websocket-extensions 1 shrine 1 multi_xml 1 spree_api 1 pgsync 1 faye-websocket 1 pubnub 1 com.pubnub:pubnub-kotlin 1 com.pubnub:pubnub 1 github.com/pubnub/go/v7 1 github.com/pubnub/go 1 github.com/pubnub/go/v6 1 github.com/pubnub/go/v5 1 Pubnub 1 https://github.com/pubnub/swift 1 pubnub 1 pubnub 1 apollo_upload_server 1 karo 1 govuk_tech_docs 1 crack 1 em-imap 1 pdf_info 1 elastic-apm 1 org.webjars.npm:jquery 1 fog-dragonfly 1 goliath 1 narou 1 rexml 1 opensearch-ruby 1 uglifier 1 update_by_case 1 alchemy_cms 1 cap-strap 1 brbackup 1 sprout 1 pubnub 1 date 1 matestack-ui-core 1 netaddr 1 ruby-jss 1 kaminari 1 solidus_api 1 omniauth-auth0 1 uglify-js 1 smart_proxy_dynflow 1 hub 1 better_errors 1 trestle-auth 1 solidus_auth_devise 1 rails_multisite 1 mcollective-client 1 github.com/github/hub 1 mysql-binuuid-rails 1 hiera 1 kubeclient 1 bootstrap.sass 1 message_bus 1 view_component 1 image_processing 1 time 1 octopoller 1 gibbon 1 random_password_generator 1 trilogy 1 omniauth_amazon 1 pysha3 1 blazer 1 pay 1 sha3 1 coming-soon 1 webbynode 1 pubnub 1 oxidized-web 1 inline_svg 1 audited 1 newrelic_rpm 1 bio-basespace-sdk 1 rbovirt 1 active_attr 1 openshift-origin-controller 1 kitchen-terraform 1 asciidoctor-include-ext 1 tmpdir 1 csv-safe 1 fileutils 1 features 1 aescrypt 1 smalruby 1 kafo 1 xapian-core 1 omniauth-weibo-oauth2 1 thin 1 rswag 1 point-cli 1 hammer_cli_foreman 1 ccsv 1 smalruby-editor 1 ldap_fluff 1 xaviershay-dm-rails 1 authlogic 1