Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
rubygems Security Advisories
Loading...
Moderate
Ecosystems: maven, nuget, npm, pypi, rubygems
Packages: org.webjars.npm:jquery, jQuery, jquery, django, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 135.8
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjM2otYzY0bS1xaGdx
XSS in jQuery as used in Drupal, Backdrop CMS, and other productsEcosystems: maven, nuget, npm, pypi, rubygems
Packages: org.webjars.npm:jquery, jQuery, jquery, django, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 135.8
Published: about 5 years ago
High
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 129.0
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ocHAtODc1dy05Y3B2
Denial of Service in jqueryEcosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 129.0
Published: over 6 years ago
Critical
Ecosystems: rubygems, npm
Packages: uglifier, uglify-js
Source: GitHub Advisory Database
Blast Radius: 119.3
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0cjctcTQ5Zi1oMzdj
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-jsEcosystems: rubygems, npm
Packages: uglifier, uglify-js
Source: GitHub Advisory Database
Blast Radius: 119.3
Published: over 6 years ago
Moderate
Ecosystems: maven, nuget, rubygems, npm
Packages: org.webjars.npm:jquery, jQuery, jquery-rails, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwY3EtY2d3Ni12NGo2
Potential XSS vulnerability in jQueryEcosystems: maven, nuget, rubygems, npm
Packages: org.webjars.npm:jquery, jQuery, jquery-rails, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
Moderate
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4cjQteGpqNS01cHgy
Potential XSS vulnerability in jQueryEcosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-rails, jQuery, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwcWotaDN2ai1wcWd3
Cross-Site Scripting in jqueryEcosystems: rubygems, nuget, maven, npm
Packages: jquery-rails, jQuery, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 3 years ago
Moderate
Ecosystems: maven, rubygems, npm, nuget
Packages: org.webjars.npm:jquery, jquery-rails, jquery, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJteGctNzNnZy00cDk4
Cross-Site Scripting (XSS) in jqueryEcosystems: maven, rubygems, npm, nuget
Packages: org.webjars.npm:jquery, jquery-rails, jquery, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 6 years ago
Moderate
Ecosystems: maven, npm, rubygems, nuget
Packages: org.webjars.npm:jquery, jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: 10 months ago
GSA_kwCzR0hTQS0yNTdxLXB2ODktdjN4ds4AA0D1
jQuery Cross Site Scripting vulnerabilityEcosystems: maven, npm, rubygems, nuget
Packages: org.webjars.npm:jquery, jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: 10 months ago
Moderate
Ecosystems: maven, rubygems, nuget, npm
Packages: org.webjars.npm:jquery, jquery-rails, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0bTMtMmo3aC1mN3h3
Cross-Site Scripting in jqueryEcosystems: maven, rubygems, nuget, npm
Packages: org.webjars.npm:jquery, jquery-rails, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: almost 4 years ago
Moderate
Ecosystems: rubygems, npm, nuget
Packages: twitter-bootstrap-rails, bootstrap-sass, bootstrap, bootstrap.sass, Bootstrap.Less
Source: GitHub Advisory Database
Blast Radius: 99.3
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2M20tOGZwOC1tajk5
Bootstrap Vulnerable to Cross-Site ScriptingEcosystems: rubygems, npm, nuget
Packages: twitter-bootstrap-rails, bootstrap-sass, bootstrap, bootstrap.sass, Bootstrap.Less
Source: GitHub Advisory Database
Blast Radius: 99.3
Published: about 5 years ago
High
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 89.7
Published: 10 months ago
GSA_kwCzR0hTQS02NjI4LXE2ajktdzh2Z84AA0dX
gRPC Reachable Assertion issueEcosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 89.7
Published: 10 months ago
High
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 88.5
Published: 10 months ago
GSA_kwCzR0hTQS1jZmdwLTI5NzctMmZtbc4AA0N9
Connection confusion in gRPCEcosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 88.5
Published: 10 months ago
Critical
Ecosystems: npm, rubygems
Packages: handlebars, bootstrap-wysihtml5-rails
Source: GitHub Advisory Database
Blast Radius: 87.7
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0NTctNnE2eC1jZ3A5
Prototype Pollution in handlebarsEcosystems: npm, rubygems
Packages: handlebars, bootstrap-wysihtml5-rails
Source: GitHub Advisory Database
Blast Radius: 87.7
Published: over 4 years ago
Moderate
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerabilityEcosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
Ecosystems: rubygems, npm
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: almost 2 years ago
GSA_kwCzR0hTQS0zd3FmLTR4ODktOWc3Oc3uvQ
Bootstrap vulnerable to Cross-Site Scripting (XSS)Ecosystems: rubygems, npm
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: almost 2 years ago
Moderate
Ecosystems: npm, rubygems
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtdnItNXgyZy13ZmM4
Bootstrap Cross-site Scripting vulnerabilityEcosystems: npm, rubygems
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: over 5 years ago
Moderate
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 63.4
Published: 10 months ago
GSA_kwCzR0hTQS05aHhmLXBwanYtdzZycc4AA0dy
gRPC connection termination issueEcosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 63.4
Published: 10 months ago
High
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java, google-protobuf
Source: GitHub Advisory Database
Blast Radius: 61.8
Published: over 2 years ago
GSA_kwCzR0hTQS13cnZ3LWhnMjItNG02N80hQw
A potential Denial of Service issue in protobuf-javaEcosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java, google-protobuf
Source: GitHub Advisory Database
Blast Radius: 61.8
Published: over 2 years ago
High
Ecosystems: pypi, rubygems
Packages: grpcio, grpc
Source: GitHub Advisory Database
Blast Radius: 61.2
Published: 8 months ago
GSA_kwCzR0hTQS1wMjVtLWpwajQtcWNycs4AA127
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)Ecosystems: pypi, rubygems
Packages: grpcio, grpc
Source: GitHub Advisory Database
Blast Radius: 61.2
Published: 8 months ago
Critical
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 60.2
Published: almost 2 years ago
GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV
Possible shell escape sequence injection vulnerability in RackEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 60.2
Published: almost 2 years ago
Critical
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 60.1
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNjgtZjc0di05d2M2
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStoreEcosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 60.1
Published: almost 4 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
GSA_kwCzR0hTQS1ncHFxLTk1MnEtNTMyN80Wtg
XSS in the `of` option of the `.position()` util in jquery-uiEcosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
GSA_kwCzR0hTQS1qN3F2LXBnZjYtaHZoNM0Wtw
XSS in `*Text` options of the Datepicker widget in jquery-uiEcosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Moderate
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-ui-rails, org.webjars.npm:jquery-ui, jQuery.UI.Combined, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
GSA_kwCzR0hTQS05Z2ozLWh3cDUtcG13Y80WtQ
XSS in the `altField` option of the Datepicker widget in jquery-uiEcosystems: rubygems, maven, nuget, npm
Packages: jquery-ui-rails, org.webjars.npm:jquery-ui, jQuery.UI.Combined, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Critical
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1xeGNnLXhqamctNjZtas4AAQF8
Nokogiri vulnerable to libxslt protection mechanism bypassEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: almost 2 years ago
Critical
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZyNTItNGhxdy1wMjdm
Nokogiri does not forbid namespace nodes in XPointer rangesEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: over 5 years ago
Critical
Ecosystems: rubygems
Packages: rexical, nokogiri
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyNWotOTUzai14dzVw
Nokogiri Command Injection VulnerabilityEcosystems: rubygems
Packages: rexical, nokogiri
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: over 4 years ago
Critical
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Blast Radius: 58.4
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ4cTMtZ200cC01Zmo0
rails vulnerable to improper authenticationEcosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Blast Radius: 58.4
Published: over 6 years ago
Critical
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 58.4
Published: almost 2 years ago
GSA_kwCzR0hTQS0zaGhjLXFwNXYtOXAyas4AAtT8
Active Record RCE bug with Serialized ColumnsEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 58.4
Published: almost 2 years ago
Critical
Ecosystems: rubygems
Packages: railties
Source: GitHub Advisory Database
Blast Radius: 58.2
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00MmgtbWg4NS00cWdj
Use of Insufficiently Random Values in Railties Allows Remote Code ExecutionEcosystems: rubygems
Packages: railties
Source: GitHub Advisory Database
Blast Radius: 58.2
Published: about 5 years ago
Critical
Ecosystems: rubygems
Packages: rubyzip
Source: GitHub Advisory Database
Blast Radius: 57.1
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxY3EtbXJtdy1tY21n
Rubyzip gem contains a Directory Traversal vulnerability in zip file componentEcosystems: rubygems
Packages: rubyzip
Source: GitHub Advisory Database
Blast Radius: 57.1
Published: over 5 years ago
Critical
Ecosystems: rubygems
Packages: rubyzip
Source: GitHub Advisory Database
Blast Radius: 57.1
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjcXEtdzZnci1oOWo5
Directory traversal vulnerability in RubyZipEcosystems: rubygems
Packages: rubyzip
Source: GitHub Advisory Database
Blast Radius: 57.1
Published: over 6 years ago
High
Ecosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycDktdjc0NC1td2pq
Remote code execution in KramdownEcosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: about 3 years ago
Critical
Ecosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xbTItY2dwci1wNG02
Unintended read access in kramdown gemEcosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 3 years ago
Moderate
Ecosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwY2YtOHZmOS1xNGdq
jQuery-UI vulnerable to Cross-site Scripting in dialog closeTextEcosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
Moderate
Ecosystems: nuget, rubygems, maven, npm
Packages: jQuery.UI.Combined, jquery-ui-rails, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: almost 2 years ago
GSA_kwCzR0hTQS1oNmdqLTZqanEtaDhnOc4AAtcw
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text labelEcosystems: nuget, rubygems, maven, npm
Packages: jQuery.UI.Combined, jquery-ui-rails, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: almost 2 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjbTItOWM4OS13bWZt
Cross-site Scripting in jquery-uiEcosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
Critical
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 54.9
Published: 9 months ago
GSA_kwCzR0hTQS02OHhnLWdxcW0tdmdqOM4AA1Yw
Puma HTTP Request/Response Smuggling vulnerabilityEcosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 54.9
Published: 9 months ago
Critical
Ecosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Blast Radius: 53.5
Published: about 2 years ago
GSA_kwCzR0hTQS13NzQ5LXAzdjYtaGNjcc0wwQ
Possible code injection vulnerability in Rails / Active StorageEcosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Blast Radius: 53.5
Published: about 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 2 years ago
GSA_kwCzR0hTQS1yNThyLTc0Z3gtNnd4M84AAVTq
Nokogiri gem, via libxml, is affected by DoS vulnerabilitiesEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 2 years ago
GSA_kwCzR0hTQS12NGY4LTI4NDctcndtN84AAoiI
Nokogiri Implements libxml2 version vulnerable to use-after-freeEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 2 years ago
GSA_kwCzR0hTQS01OWdwLXFxbTctY3c0as4AApYf
Nokogiri has vulnerable dependencies on libxml2 and libxsltEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmNm0tZnhwcS1mZzh2
Nokogiri implementation of libxslt lacks integer overflow checksEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 6 years ago
Critical
Ecosystems: rubygems
Packages: bundler
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: almost 2 years ago
GSA_kwCzR0hTQS1qdmdtLXBmcXYtODg3eM4AATVs
Bundler allows attacker to inject arbitrary code via secondary Gem sourceEcosystems: rubygems
Packages: bundler
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 52.4
Published: over 1 year ago
GSA_kwCzR0hTQS1ocTdwLWozNzctNnY2M84AAxDu
SQL Injection Vulnerability via ActiveRecord commentsEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 52.4
Published: over 1 year ago
High
Ecosystems: npm, rubygems
Packages: chartkick
Source: GitHub Advisory Database
Blast Radius: 52.1
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwbTgtNDkyYy05MnA1
Prototype Pollution in chartkickEcosystems: npm, rubygems
Packages: chartkick
Source: GitHub Advisory Database
Blast Radius: 52.1
Published: over 4 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 51.9
Published: almost 2 years ago
GSA_kwCzR0hTQS1qdzlmLWhoNDktY3ZwOc4AAoiz
Nokogiri contains libxml Out-of-bounds Write vulnerabilityEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 51.9
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 51.9
Published: almost 2 years ago
GSA_kwCzR0hTQS1jZ3g2LWhwd3EtZmh2Nc4AAgZn
Integer Overflow or Wraparound in libxml2 affects NokogiriEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 51.9
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3
Directory traversal in Rack::Directory app bundled with RackEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: almost 4 years ago
Critical
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 51.0
Published: about 2 years ago
GSA_kwCzR0hTQS1oOTl3LTlxNXItZ2pxOc028Q
Puma vulnerable to HTTP Request SmugglingEcosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 51.0
Published: about 2 years ago
Critical
Ecosystems: rubygems
Packages: bootstrap-sass
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxcXYtdjltMi00OHAy
Bootstrap-sass contains code execution backdoorEcosystems: rubygems
Packages: bootstrap-sass
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: about 5 years ago
High
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyM3gtN20zOS1jNmpx
Remote code execution via user-provided local names in ActionViewEcosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: almost 4 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 49.5
Published: almost 2 years ago
GSA_kwCzR0hTQS14aDI5LXIydzUtd3g4bc4AAgdN
Nokogiri Improperly Handles Unexpected Data TypeEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 49.5
Published: almost 2 years ago
Critical
Ecosystems: rubygems
Packages: omniauth_amazon, coming-soon, bitcoin_vanity, capistrano-colors, doge-coin, awesome-bot, blockchain_wallet, coin_base, cron_parser, rest-client
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzM2ctcnByNC03aHhx
rest-client Gem Contains Malicious CodeEcosystems: rubygems
Packages: omniauth_amazon, coming-soon, bitcoin_vanity, capistrano-colors, doge-coin, awesome-bot, blockchain_wallet, coin_base, cron_parser, rest-client
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: over 4 years ago
Critical
Ecosystems: rubygems
Packages: rest-client
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmaGYtNjkzOS1xZzhw
rest-client Gem Vulnerable to Session FixationEcosystems: rubygems
Packages: rest-client
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: over 5 years ago
High
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: almost 2 years ago
GSA_kwCzR0hTQS04Y3cyLWp2NWMtYzgyNc4AAina
Missing Initialization of Resource in Apache ArrowEcosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: almost 2 years ago
High
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1janc0LTJ3OXItcjhtds4AAinR
Missing Initialization of Resource in Apache ArrowEcosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: almost 2 years ago
Critical
Ecosystems: rubygems, pypi
Packages: sha3, pysha3
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: about 1 year ago
GSA_kwCzR0hTQS02dzRtLTJ4aGctMjY1OM4AAy-v
Buffer overflow in sponge queue functionsEcosystems: rubygems, pypi
Packages: sha3, pysha3
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: about 1 year ago
High
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 48.4
Published: about 2 years ago
GSA_kwCzR0hTQS1mbXg0LTI2cjMtd3hwZs0v8A
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruptionEcosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 48.4
Published: about 2 years ago
Critical
Ecosystems: rubygems
Packages: simple_form
Source: GitHub Advisory Database
Blast Radius: 48.3
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI3NHEtZ3hjZy03M2h4
Improper Input Validation in simple_formEcosystems: rubygems
Packages: simple_form
Source: GitHub Advisory Database
Blast Radius: 48.3
Published: over 4 years ago
High
Ecosystems: rubygems
Packages: bundler
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwNHctanhocC1tMjNw
Dependency Confusion in BundlerEcosystems: rubygems
Packages: bundler
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: almost 3 years ago
Moderate
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-javalite, google-protobuf, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: over 1 year ago
GSA_kwCzR0hTQS1oNGg1LTNocjQtajNnMs4AAvKm
protobuf-java has a potential Denial of Service issueEcosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-javalite, google-protobuf, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: over 1 year ago
High
Ecosystems: rubygems
Packages: ffi
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJndzItOHE5dy1jdzhw
Ruby-ffi has a DLL loading issueEcosystems: rubygems
Packages: ffi
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 5 years ago
Critical
Ecosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: over 1 year ago
GSA_kwCzR0hTQS1wbTU1LXFmeHItaDI0N84AAuFx
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` valueEcosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: over 1 year ago
High
Ecosystems: rubygems
Packages: i18n
Source: GitHub Advisory Database
Blast Radius: 46.1
Published: almost 2 years ago
GSA_kwCzR0hTQS0zNGhmLWc3NDQtanc2NM4AAUk-
i18n Vulnerable to Denial of Service AttackEcosystems: rubygems
Packages: i18n
Source: GitHub Advisory Database
Blast Radius: 46.1
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: tzinfo
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: almost 2 years ago
GSA_kwCzR0hTQS01Y20yLTloOGMtcnZmeM4AAtkK
TZInfo relative path traversal vulnerability allows loading of arbitrary filesEcosystems: rubygems
Packages: tzinfo
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: almost 2 years ago
Critical
Ecosystems: rubygems
Packages: paperclip
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVqY2YtYzVyZy1ybW04
paperclip Server-Side Request Forgery vulnerabilityEcosystems: rubygems
Packages: paperclip
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: over 6 years ago
High
Ecosystems: rubygems
Packages: websocket-extensions
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2d3EtcWN3bS1qNWcy
Regular Expression Denial of Service in websocket-extensions (RubyGem)Ecosystems: rubygems
Packages: websocket-extensions
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: almost 4 years ago
High
Ecosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 1 year ago
GSA_kwCzR0hTQS0yeDh4LWptcnAtcGh4d84AAwGK
Sinatra vulnerable to Reflected File Download attackEcosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 1 year ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
GSA_kwCzR0hTQS1qYzM2LTQyY2YtdnF3as018g
Nokogiri affected by zlib's Out-of-bounds Write vulnerabilityEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 2 years ago
GSA_kwCzR0hTQS0ycnI1LThxMzctMnc3aM0V_Q
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRubyEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjNTYtY3Btdy04OXg3
Out-of-bounds read in nokogiriEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 6 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: almost 2 years ago
GSA_kwCzR0hTQS1jZjQ2LTZ4eGgtcGM3Nc4AAhJV
libxslt Type Confusion vulnerability that affects NokogiriEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
GSA_kwCzR0hTQS12NmdwLTltbW0tYzZwNc054w
Out-of-bounds Write in zlib affects NokogiriEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
GSA_kwCzR0hTQS1jcmpyLTlyYzUtZ2h3OM054g
Nokogiri Inefficient Regular Expression ComplexityEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: almost 2 years ago
GSA_kwCzR0hTQS12bWZ4LWdjZnEtd3ZtMs4AAi6z
Nokogiri implementation of libxslt vulnerable to heap corruptionEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: almost 2 years ago
GSA_kwCzR0hTQS0yNDJ4LTdjbTYtNHc4as4AAid7
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerabilityEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxdnAtcjZyMy05cDdo
Nokogiri NULL Pointer DereferenceEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 5 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: almost 2 years ago
GSA_kwCzR0hTQS14MmZtLTkzd3ctZ2d2eM3pEA
Nokogiri gem, via libxml, is affected by DoS vulnerabilitiesEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdocDIteHdwai05NWpx
Denial of service or RCE from libxml2 and libxsltEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 5 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
GSA_kwCzR0hTQS02d2o5LTc3d3EtanE3cM1Auw
Nokogiri is vulnerable to XML External Entity (XXE) attackEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
GSA_kwCzR0hTQS1neDh4LWc4N20taDVxNs055Q
Denial of Service (DoS) in Nokogiri on JRubyEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 1 year ago
GSA_kwCzR0hTQS1xdjRxLW1yNXItcXByas4AAwNH
Unchecked return value from xmlTextReaderExpandEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 1 year ago
High
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1NTMtanI5OC12eDQ3
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situationEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 4 years ago
High
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNzgtNGY2eC05OXdx
Rack vulnerable to Denial of ServiceEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: over 5 years ago
High
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: almost 2 years ago
GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW
Denial of Service Vulnerability in Rack Multipart ParsingEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: about 1 year ago
GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE
Rack has possible DoS Vulnerability in Multipart MIME parsingEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: about 1 year ago
High
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzktZnY2cS0zcTUy
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie namesEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: almost 4 years ago
High
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: over 1 year ago
GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt
Denial of service via header parsing in RackEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: over 1 year ago
High
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 44.9
Published: about 2 years ago
GSA_kwCzR0hTQS1ybWo4LThoaGgtZ3Y1aM0rDw
Puma used with Rails may lead to Information ExposureEcosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 44.9
Published: about 2 years ago
High
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoYzQteHhtMy01cHBw
Active Record subject to Regular Expression Denial-of-Service (ReDoS)Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: about 3 years ago
High
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXByM3ItNHdycC1yMnB2
ActiveRecord in Ruby on Rails allows database-query bypassEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: over 6 years ago
High
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: over 1 year ago
GSA_kwCzR0hTQS01Nzl3LTIyajQtNDc0Oc4AAxDw
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapterEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: over 1 year ago
Critical
Ecosystems: rubygems
Packages: jmespath
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: almost 2 years ago
GSA_kwCzR0hTQS01YzVmLTd2ZnEtMzczMs4AArZl
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferableEcosystems: rubygems
Packages: jmespath
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: almost 2 years ago
High
Ecosystems: rubygems
Packages: addressable
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4aGMtcTg1Ny0zajZn
Regular Expression Denial of Service in Addressable templatesEcosystems: rubygems
Packages: addressable
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: almost 3 years ago
High
Ecosystems: rubygems
Packages: actionpack, actionview
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjQtcDZmcS1oamc3
Directory traversal vulnerability in Action View in Ruby on RailsEcosystems: rubygems
Packages: actionpack, actionview
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: over 6 years ago
High
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZzQtOHE1Zi14NmZt
Action Pack contains Information Disclosure / Unintended Method Execution vulnerabilityEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: almost 3 years ago
High
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3MjctbTZnai1tYzM3
Possible Strong Parameters Bypass in ActionPackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: almost 4 years ago
High
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3angtM2c3ai04NTg0
Possible DoS Vulnerability in Action Controller Token AuthenticationEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: almost 3 years ago
High
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4d3ctNDZ4Mi0ycDY1
Denial of Service in Action DispatchEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: almost 3 years ago
Statistics
Advisories: 18,317
Packages: 8,278
Repositories: 285
Ecosystems: 12
Packages: 8,278
Repositories: 285
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
actionpack
57
nokogiri
42
rubygems-update
25
puppet
23
rack
22
activerecord
21
activesupport
14
publify_core
14
passenger
13
actionview
12
puma
11
rails
11
jquery-rails
10
fat_free_crm
10
org.webjars.npm:jquery
9
rails-html-sanitizer
9
jquery
9
jQuery
8
decidim
7
org.jruby:jruby-stdlib
7
jquery-ui
7
jquery-ui-rails
7
org.webjars.npm:jquery-ui
7
jQuery.UI.Combined
7
ember-source
6
loofah
6
katello
6
camaleon_cms
6
doorkeeper
6
bundler
5
sidekiq
5
spree
5
commonmarker
5
spree_auth_devise
5
webrick
4
sanitize
4
avo
4
carrierwave
4
grpcio
4
grpc
4
dragonfly
4
activestorage
4
fluentd
4
devise
4
sinatra
4
mail
4
rdoc
3
rack-cors
3
openssl
3
rails_admin
3
resque
3
chartkick
3
io.grpc:grpc-protobuf
3
cgi
3
decidim-core
3
private_address_check
3
rest-client
3
gollum
3
git
3
omniauth
3
ruby-saml
3
bootstrap
3
yard
3
bootstrap
3
json-jwt
3
geminabox
3
rubyzip
3
phlex
3
facter
2
logstash-core
2
pageflow
2
git-fastclone
2
ox
2
httparty
2
json
2
VladTheEnterprising
2
bson
2
devise-two-factor
2
net-ldap
2
twitter-bootstrap-rails
2
mini_magick
2
paperclip
2
pdfkit
2
omniauth-facebook
2
yajl-ruby
2
safemode
2
ruby-openid
2
bootstrap-sass
2
mapbox-rails
2
mapbox.js
2
secure_headers
2
sprockets
2
faye
2
sup
2
echor
2
uri
2
field_test
2
i18n
2
kramdown
2
spina
2
view_component
2
solidus_core
2
redcarpet
2
solidus_frontend
2
radiant
2
cocoapods-downloader
2
pyarrow
2
red-arrow
2
activeadmin
2
google-protobuf
2
com.google.protobuf:protobuf-kotlin
2
com.google.protobuf:protobuf-java
2
qiita-markdown
2
decidim-templates
2
pghero
2
user_agent_parser
2
mechanize
2
administrate
2
blazer
1
solidus_auth_devise
1
kaminari
1
rmagick
1
solidus_backend
1
github.com/github/hub
1
hub
1
websocket-extensions
1
railties
1
foreman_ansible
1
gitlab-grit
1
geokit-rails
1
multi_xml
1
keynote
1
twitter-stream
1
pysha3
1
sha3
1
cap-strap
1
ruby-jss
1
rack-mini-profiler
1
hiera
1
mcollective-client
1
wicked
1
actionmailer
1
kelredd-pruview
1
sqlite3-ruby
1
thin
1
matestack-ui-core
1
restforce
1
ruby_parser
1
better_errors
1
mongrel
1
unpoly-rails
1
bindata
1
oxidized-web
1
github.com/pubnub/swift
1
pubnub
1
pubnub
1
pubnub/pubnub
1
pubnub
1
pubnub
1
Pubnub
1
github.com/pubnub/go/v5
1
github.com/pubnub/go/v6
1
github.com/pubnub/go
1
github.com/pubnub/go/v7
1
com.pubnub:pubnub
1
rubocop
1
ruby-mysql
1
gtk2
1
rotp
1
@turbo-boost/commands
1
turbo_boost-commands
1
stringio
1
discordrb
1
diffy
1
recurly
1
md2pdf
1
sounder
1
date
1
octopoller
1
paratrooper-newrelic
1
jmespath
1
trilogy
1
sentry-raven
1
devise_invitable
1
ftpd
1
tweetstream
1
flash_tool
1
lean-ruport
1
openshift-origin-node
1
point-cli
1
govuk_tech_docs
1
audited
1
omniauth-apple
1
spree_api
1
omniauth-auth0
1
shrine
1
message_bus
1
inline_svg
1
pdf_info
1
rswag
1
Filter by Repository
https://github.com/rails/rails
53
https://github.com/sparklemotion/nokogiri
31
https://github.com/rubygems/rubygems
18
https://github.com/rack/rack
17
https://github.com/puppetlabs/puppet
15
https://github.com/publify/publify
13
https://github.com/puma/puma
11
https://github.com/phusion/passenger
10
https://github.com/jquery/jquery
10
https://github.com/rails/rails-html-sanitizer
9
https://github.com/fatfreecrm/fat_free_crm
9
https://github.com/decidim/decidim
8
https://github.com/doorkeeper-gem/doorkeeper
6
https://github.com/flavorjones/loofah
6
https://github.com/jquery/jquery-ui
6
https://github.com/solidusio/solidus
5
https://github.com/solidusio/solidus_auth_devise
5
https://github.com/owen2345/camaleon-cms
4
https://github.com/mikel/mail
4
https://github.com/markevans/dragonfly
4
https://github.com/Katello/katello
4
https://github.com/ruby/openssl
4
https://github.com/avo-hq/avo
4
https://github.com/grpc/grpc
4
https://github.com/carrierwaveuploader/carrierwave
4
https://github.com/rgrove/sanitize
4
https://github.com/sinatra/sinatra
4
https://github.com/fluent/fluentd
4
https://github.com/sidekiq/sidekiq
3
https://github.com/rubygems/rubygems.org
3
https://github.com/ruby-git/ruby-git
3
https://github.com/rubyzip/rubyzip
3
https://github.com/resque/resque
3
https://github.com/spree/spree
3
https://github.com/phlex-ruby/phlex
3
https://github.com/rest-client/rest-client
3
https://github.com/geminabox/geminabox
3
https://github.com/cyu/rack-cors
3
https://github.com/twbs/bootstrap
3
https://github.com/gjtorikian/commonmarker
3
https://github.com/lsegal/yard
3
https://github.com/gollum/gollum
3
https://github.com/jtdowney/private_address_check
3
https://github.com/emberjs/ember.js
2
https://github.com/codevise/pageflow
2
https://github.com/CocoaPods/cocoapods-downloader
2
https://github.com/brianmario/yajl-ruby
2
https://github.com/ankane/pghero
2
https://github.com/ankane/field_test
2
https://github.com/ruby-ldap/ruby-net-ldap
2
https://github.com/ankane/chartkick
2
https://github.com/ruby/rdoc
2
https://github.com/ruby/uri
2
https://github.com/ruby/webrick
2
https://github.com/activeadmin/activeadmin
2
https://github.com/faye/faye
2
https://github.com/gettalong/kramdown
2
https://github.com/github/cmark-gfm
2
https://github.com/increments/qiita-markdown
2
https://github.com/jnunemaker/httparty
2
https://github.com/protocolbuffers/protobuf
2
https://github.com/plataformatec/devise
2
https://github.com/mongodb/bson-ruby
2
https://github.com/mperham/sidekiq
2
https://github.com/nov/json-jwt
2
https://github.com/openid/ruby-openid
2
https://github.com/omniauth/omniauth
2
https://github.com/ohler55/ox
2
https://github.com/vmg/redcarpet
2
https://github.com/sparklemotion/mechanize
2
https://github.com/twitter/secure_headers
2
https://github.com/square/git-fastclone
2
https://github.com/tinfoil/devise-two-factor
2
https://github.com/sup-heliotrope/sup
2
https://github.com/svenfuchs/i18n
2
https://github.com/svenfuchs/safemode
2
https://github.com/thoughtbot/paperclip
2
https://gitlab.com/gitlab-org/cves
2
https://github.com/github/view_component
1
https://github.com/github/trilogy
1
https://github.com/github/hub
1
https://github.com/twbs/bootstrap-sass
1
https://github.com/kaminari/kaminari
1
https://github.com/theforeman/ldap_fluff
1
https://github.com/getsentry/raven-ruby
1
https://github.com/geokit/geokit-rails
1
https://github.com/tzinfo/tzinfo
1
https://github.com/gazay/gon
1
https://github.com/fnando/svg_optimizer
1
https://github.com/ua-parser/uap-core
1
https://github.com/flori/json
1
https://github.com/ua-parser/uap-ruby
1
https://github.com/ffi/ffi
1
https://github.com/faye/websocket-extensions-ruby
1
https://github.com/faye/faye-websocket-ruby
1
https://github.com/unpoly/unpoly-rails
1
https://github.com/ViewComponent/view_component
1
https://github.com/theforeman/foreman_fog_proxmox
1
https://github.com/exiftool-rb/exiftool_vendored.rb
1
https://github.com/excon/excon
1
https://github.com/evan/ccsv
1
https://github.com/thoughtbot/cocaine
1
https://github.com/jnunemaker/crack
1
https://github.com/jmespath/jmespath.rb
1
https://github.com/jirutka/asciidoctor-include-ext
1
https://github.com/jgarber/redcloth
1
https://github.com/jekyll/jekyll
1
https://github.com/janko/image_processing
1
https://github.com/jamesmartin/inline_svg
1
https://github.com/inukshuk/bibtex-ruby
1
https://github.com/jordansissel/ruby-arr-pm
1
https://github.com/josh/rack-ssl
1
https://github.com/imsebao/404team
1
https://github.com/thoughtbot/clearance
1
https://github.com/igrigorik/em-http-request
1
https://github.com/hopsoft/turbo_boost-commands
1
https://github.com/heartcombo/devise
1
https://github.com/thoughtbot/administrate
1
https://github.com/haml/haml
1
https://github.com/halostatue/minitar
1
https://github.com/Gurpartap/aescrypt
1
https://github.com/tigris/open-uri-cached
1
https://github.com/theforeman/smart_proxy_dynflow
1
https://github.com/GNOME/libxml2
1
https://github.com/TrestleAdmin/trestle-auth
1
https://github.com/binarylogic/authlogic
1
https://github.com/BetterErrors/better_errors
1
https://github.com/beenhero/omniauth-weibo-oauth2
1
https://github.com/bdmac/strong_password
1
https://github.com/bbatsov/rubocop
1
https://github.com/basecamp/marginalia
1
https://github.com/basecamp/easymon
1
https://github.com/aws/aws-sdk-ruby
1
https://github.com/zendesk/samlr
1
https://github.com/auth0/omniauth-auth0
1
https://github.com/asteinhauser/fat_free_crm
1
https://github.com/asciidoctor/asciidoctor
1
https://github.com/ankane/pgsync
1
https://github.com/zenspider/ruby_parser-legacy
1
https://github.com/zvory/csv-safe
1
https://github.com/ankane/clockwork_web
1
https://github.com/ankane/chartkick.js
1
https://gitlab.com/2013/11
1
https://github.com/ankane/blazer
1
https://github.com/amro/gibbon
1
https://github.com/alphagov/tech-docs-gem
1
https://github.com/alexreisner/geocoder
1
https://github.com/AlchemyCMS/alchemy_cms
1
https://github.com/airbrake/airbrake-ruby
1
https://github.com/ahorner/text-helpers
1
https://github.com/affix/CVE-2022-36231
1
https://github.com/adamzaninovich/sounder
1
https://github.com/elastic/logstash
1
https://github.com/elastic/apm-agent-ruby
1
https://github.com/ejschmitt/delayed_job_web
1
https://github.com/dspinhirne/netaddr-rb
1
https://github.com/doorkeeper-gem/doorkeeper-openid_connect
1
https://github.com/voloko/twitter-stream
1
https://github.com/dmendel/bindata
1
https://github.com/discourse/rails_multisite
1
https://github.com/discourse/message_bus
1
https://github.com/denkGroot/Spina
1
https://github.com/dejan/espeak-ruby
1
https://github.com/wconrad/ftpd
1
https://github.com/datamapper/extlib
1
https://github.com/webbynode/webbynode
1
https://github.com/ConradIrwin/em-imap
1
https://github.com/collectiveidea/audited
1
https://github.com/whiteleaf7/narou
1
https://github.com/codders/dataset
1
https://github.com/wycats/handlebars.js
1
https://github.com/chef/mixlib-archive
1
https://github.com/cgriego/active_attr
1
https://github.com/XKCP/XKCP
1
https://github.com/camilova/activerecord-update-by-case
1
https://github.com/bvsatyaram/random_password_generator
1
https://github.com/bundler/bundler
1
https://github.com/ytti/oxidized-web
1
https://github.com/sinatra/rack-protection
1
https://github.com/rf-/keynote
1
https://github.com/restforce/restforce
1
https://github.com/sisimai/rb-sisimai
1
https://github.com/resque/resque-scheduler
1
https://github.com/Smashing/smashing
1
https://github.com/redis-store/redis-store
1
https://github.com/recurly/recurly-client-ruby
1
https://github.com/rdoc/rdoc
1
https://github.com/rcook/rgpg
1
https://github.com/rapid7/metasploit-framework
1
https://github.com/rails/web-console
1
https://github.com/rails/sprockets
1
https://github.com/Snorby/snorby
1
https://github.com/socketry/protocol-http1
1
https://github.com/rails/kredis
1
https://github.com/rails/jquery-rails
1
https://github.com/rails/globalid
1
https://github.com/railsdog/spree
1
https://github.com/railsadminteam/rails_admin
1
https://github.com/rails/activeresource
1