Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

rubygems actionpack Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1md2hyLTg4cXgtaDlnN84AA8tD
Missing security headers in Action Pack on non-HTML responses
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05ODIyLTZtOTMteHFmNM4AA5jO
Rails has possible XSS Vulnerability in Action Controller
Ecosystems: rubygems
Packages: rails, actionpack
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 5 months ago
Low
GSA_kwCzR0hTQS1qamh4LWpodnAtNzR3cc4AA5jN
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00Zzh2LXZnNDMtd3BnZs4AA0Io
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wODR2LTQ1eGotd3dxas4AAxDz
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05NDQ1LTRjcjYtMzM2cs4AAxDx
Open Redirect Vulnerability in Action Pack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 1 year ago
Low
GSA_kwCzR0hTQS04eHd3LXgzZzMtNmpjds4AAxDv
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tbTMzLTV2ZnEtM21tM81BUA
Cross-site Scripting Vulnerability in Action Pack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNThqLWZtdmYtOXJxNs0_jg
Cross site scripting in actionpack Rubygem
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS13aDk4LXAyOHItdnJjOc0rDg
Exposure of information in Action Pack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xcGhjLWhmNXEtdjhmY80bRw
actionpack Open Redirect in Host Authorization Middleware
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJycXctdjI2NS1qZjhj
Open Redirect in ActionPack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3angtM2c3ai04NTg0
Possible DoS Vulnerability in Action Controller Token Authentication
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZzQtOHE1Zi14NmZt
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVocTIteGY4OS05anhx
Possible Open Redirect Vulnerability in Action Pack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4d3ctNDZ4Mi0ycDY1
Denial of Service in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1bW0tY2M2ci04Zmpw
Cross-site scripting in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NzctcHJxNC05eGZ3
Actionpack Open Redirect Vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2cXItaDV2cS01OWpj
Untrusted users can run pending migrations in production in Rails
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 38.6
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwNXYtNWd4NC1qbWo5
Ability to forge per-form CSRF tokens in Rails
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3MjctbTZnai1tYzM3
Possible Strong Parameters Bypass in ActionPack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxcmgtaDltMi01ZnZm
Cross site scripting that affects rails
Ecosystems: rubygems
Packages: activesupport, actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3dzMtM3J4ai04djZx
actionpack allows remote attackers to bypass intended access restrictions
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjcWYtaDRoNC02OTVt
actionpack CRLF injection vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2ZnctN3JjcC0zeGdt
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzNGMtNDhnYy1tOWc4
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmcXgtN3B2NC0zandt
Improper Input Validation in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4amotNXg2aC04dm1m
Cross-site Scripting in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkydzktMnBxdy1yaGpq
actionpack Improper Authentication vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5djQtN2pwNi04Yzcz
rails Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: activesupport, actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1dzYtcDZtZy12aDhq
Rails actionpack gem vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: actionview, actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnOXctZzZtNC01NTdq
actionpack and activesupport vulnerable to information leaks
Ecosystems: rubygems
Packages: activesupport, actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4cjgtODMzdi1jN3dj
Cross-site Scripting vulnerability in i18n translations helper method
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0ZmctcDk2di1oeGg4
actionpack Cross-Site Request Forgery vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI3cTItNWdxZy02Yzdx
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1amctNTU4ai1xNjdj
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhncHAtcHA4OS00Zmdm
Action Pack contains database-query restrictions bypass
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1weGYtZ2N3Mi1wdzVx
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4MzgtdmZwcS1mbWYy
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3NTktaHd2Yy1tM2pn
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4bWYtOGY1Ny02NHFm
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptZ3ctNnZqZy1qandn
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5OW0tbWNqbS05Y3c4
actionpack vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnNjUtZ2hyZy1ocGY1
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZoNXEtOTZocC05amdt
actionpack vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXczN2MtcTY1My1xZzk1
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1Nm0tdnd4Yy0zcXB3
Directory traversal vulnerability in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OTItN21tMy0zZnhn
actionpack is vulnerable to remote bypass authentication
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloNmctZ3A5NS14M3E1
actionpack is vulnerable to denial of service because of a wildcard controller route
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4ODUtajVqMi0yN2p4
actionpack Path Traversal vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00NnAtZ2dtNS01ajgz
Rails vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: actionpack, rails
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwdzctd3hqbS1jdzhy
actionpack allows bypass of database-query restrictions
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5Z3ItdzU3Zi1ycGZ3
actionpack vulnerable to Path Traversal
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjZ3AtYzNnNy1xdnJ3
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4OWotNDZyaC1mcXI4
actionview contains Path Traversal vulnerability
Ecosystems: rubygems
Packages: actionpack, actionview
Source: GitHub Advisory Database
Blast Radius: 31.5
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4cmMtOGMyOS1wNDVn
actionpack allows remote code execution via application's unrestricted use of render method
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjQtcDZmcS1oamc3
Directory traversal vulnerability in Action View in Ruby on Rails
Ecosystems: rubygems
Packages: actionpack, actionview
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmcHYtYzRobS0zeDZ2
actionpack is vulnerable to denial of service via a crafted HTTP Accept header
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: over 6 years ago
Statistics
Advisories: 19,557
Packages: 8,629
Repositories: 2
Ecosystems: 12
Filter by Package
actionpack 58 nokogiri 43 rubygems-update 25 rack 23 puppet 23 activerecord 21 publify_core 14 activesupport 14 passenger 13 actionview 12 rails 11 puma 11 fat_free_crm 10 jquery-rails 9 decidim 9 rails-html-sanitizer 9 jquery 8 org.webjars.npm:jquery 8 org.jruby:jruby-stdlib 7 jQuery 7 jQuery.UI.Combined 7 jquery-ui 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 camaleon_cms 6 katello 6 doorkeeper 6 ember-source 6 loofah 6 spree_auth_devise 5 bundler 5 spree 5 sidekiq 5 commonmarker 5 grpc 4 grpcio 4 rails_admin 4 avo 4 devise 4 carrierwave 4 mail 4 sanitize 4 webrick 4 sinatra 4 dragonfly 4 fluentd 4 activestorage 4 yard 3 cgi 3 resque 3 bootstrap 3 gollum 3 omniauth 3 rest-client 3 geminabox 3 bootstrap 3 private_address_check 3 rexml 3 chartkick 3 rubyzip 3 io.grpc:grpc-protobuf 3 rdoc 3 rack-cors 3 phlex 3 json-jwt 3 decidim-core 3 activeadmin 3 git 3 openssl 3 ruby-saml 3 faye 2 twitter-bootstrap-rails 2 logstash-core 2 redcarpet 2 json 2 uri 2 httparty 2 VladTheEnterprising 2 omniauth-facebook 2 ox 2 echor 2 mini_magick 2 facter 2 yajl-ruby 2 git-fastclone 2 net-ldap 2 spina 2 bson 2 paperclip 2 kaminari 2 user_agent_parser 2 pghero 2 devise-two-factor 2 solidus_frontend 2 secure_headers 2 pdfkit 2 cocoapods-downloader 2 radiant 2 field_test 2 qiita-markdown 2 kramdown 2 decidim-templates 2 sprockets 2 mechanize 2 pyarrow 2 safemode 2 red-arrow 2 mapbox.js 2 i18n 2 google-protobuf 2 com.google.protobuf:protobuf-kotlin 2 administrate 2 sup 2 pageflow 2 mapbox-rails 2 com.google.protobuf:protobuf-java 2 bootstrap-sass 2 decidim-admin 2 view_component 2 ruby-openid 2 solidus_core 2 actiontext 2 paratrooper-newrelic 1 octopoller 1 jmespath 1 trilogy 1 date 1 github.com/github/hub 1 hub 1 sentry-raven 1 websocket-extensions 1 ruby_parser 1 railties 1 foreman_ansible 1 gitlab-grit 1 geokit-rails 1 multi_xml 1 keynote 1 padrino-contrib 1 bolt 1 omniauth-microsoft_graph 1 lynx 1 rubocop 1 ruby-mysql 1 kafo 1 hammer_cli_foreman 1 jruby-openssl 1 redcloth 1 em-http-request 1 command_wrap 1 gtk2 1 rotp 1 @turbo-boost/commands 1 activejob 1 personnummer 1 turbo_boost-commands 1 kcapifony 1 brbackup 1 discordrb 1 rmagick 1 diffy 1 recurly 1 solidus_backend 1 md2pdf 1 sounder 1 ldap_fluff 1 resque-scheduler 1 xapian-core 1 mixlib-archive 1 rswag 1 pdf_info 1 inline_svg 1 foreman_fog_proxmox 1 message_bus 1 shrine 1 papercrop 1 omniauth-auth0 1 spree_api 1 omniauth-apple 1 asciidoctor 1 audited 1 govuk_tech_docs 1 oauth 1 clockwork_web 1 trestle-auth 1 point-cli 1 openshift-origin-node 1 decidim-system 1 lean-ruport 1 flash_tool 1 tweetstream 1 ftpd 1 twitter-stream 1 pysha3 1 better_errors 1 sha3 1 mongrel 1 unpoly-rails 1 cap-strap 1 ruby-jss 1