Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

rubygems Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY1M20tcjMzeC0zOWZm
Geminabox contains Cross-site Scripting
Ecosystems: rubygems
Packages: geminabox
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cDIteDJqNi1td2hy
Gemirro Stored XSS in Gemspec "homepage" value
Ecosystems: rubygems
Packages: gemirro
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3aDctNGp3OS0zM3g2
yajl-ruby gem Denial of Service vulnerability
Ecosystems: rubygems
Packages: yajl-ruby
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqajQtdzM5Zy1wdzU0
Ox gem crashes due to a crafted input
Ecosystems: rubygems
Packages: ox
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5N3YtNzY0Zy1yMnJw
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
Ecosystems: rubygems
Packages: gollum-lib, gollum
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2M2YtNzNndi14N3g1
cairo is vulnerable to denial of service due to a null pointer dereference
Ecosystems: rubygems
Packages: cairo
Source: GitHub Advisory Database
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtamYtanBqai05ZjNq
RuboCop gem Insecure use of /tmp
Ecosystems: rubygems
Packages: rubocop
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4cjgtODMzdi1jN3dj
Cross-site Scripting vulnerability in i18n translations helper method
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtcTItMzdqNS13NnI2
WEBrick Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: webrick
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnOXctZzZtNC01NTdq
actionpack and activesupport vulnerable to information leaks
Ecosystems: rubygems
Packages: activesupport, actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmaDMtdmgzaC1xNGcz
activesupport Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1dzYtcDZtZy12aDhq
Rails actionpack gem vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: actionview, actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5djQtN2pwNi04Yzcz
rails Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: activesupport, actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3dzMtM3J4ai04djZx
actionpack allows remote attackers to bypass intended access restrictions
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1cXEtZzY3My01cDQ5
Puppet allows local users to overwrite arbitrary files via a symlink attack
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2dzYteG1xdi03cTc4
activerecord vulnerable to SQL Injection
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ4cTMtZ200cC01Zmo0
rails vulnerable to improper authentication
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0ZmctcDk2di1oeGg4
actionpack Cross-Site Request Forgery vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2cHEtNXhxeC1wZnBw
Ruby on Rails vulnerable to code injection
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqeHctNXcycS03Z3Jm
Rails activerecord gem has Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzNGMtNDhnYy1tOWc4
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3cnEteHZtcC14amM4
High severity vulnerability that affects rails.
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtMjUtZnBtci00M2Zq
Moderate severity vulnerability that affects rails
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4amotNXg2aC04dm1m
Cross-site Scripting in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqOTItYzRmai13OWM1
Mail Gem Path Traversal vulnerability
Ecosystems: rubygems
Packages: mail
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZoMzktdjczMy1teGZy
Active Record vulnerable to SQL Injection via nested query parameters
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjcWYtaDRoNC02OTVt
actionpack CRLF injection vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmcXgtN3B2NC0zandt
Improper Input Validation in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2ZnctN3JjcC0zeGdt
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwNjMtamZtdy01MzJ3
Mail Gem Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: mail
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptbTktMnAyOS12aDJ3
activerecord vulnerable to SQL Injection
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4NDYtN3Jydi1tNGg4
sqlite3-ruby uses weak permissions for unspecified files, which allows local users to gain privileges
Ecosystems: rubygems
Packages: sqlite3-ruby
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2d3EteHc0aC1mOHdq
activerecord vulnerable to SQL Injection
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWoyNHAtcjZ3eC1yNzl3
High severity vulnerability that affects thin
Ecosystems: rubygems
Packages: thin
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptZ2YtcDQ2eC05ODJo
rails is vulnerable to CRLF injection
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkydzktMnBxdy1yaGpq
actionpack Improper Authentication vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhncHAtcHA4OS00Zmdm
Action Pack contains database-query restrictions bypass
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4ZjYtdzltcC05NWht
Puppet supports use of IP addresses in certnames without warning of potential risks
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0YzYtNzdnYy02OTR4
session fixation protection mechanism in cgi_process.rb in Rails
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3aHYtcmdxYy1mcWo1
Session fixation vulnerability in Rails
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqZmctcTY2Mi1nbTZq
Moderate severity vulnerability that affects rails
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3bWYtNnA1OC02dmoy
Remote code execution in rwiki
Ecosystems: rubygems
Packages: rwiki
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2OHAtdjlxdy13Yzdn
activesupport Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmOTYtMzJxMi05cncy
Rails ActiveRecord gem vulnerable to SQL injection
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwM3Ytd2Yydy12Mjlj
Moderate severity vulnerability that affects rails
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxcmgtaDltMi01ZnZm
Cross site scripting that affects rails
Ecosystems: rubygems
Packages: activesupport, actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjbTItOWM4OS13bWZt
Cross-site Scripting in jquery-ui
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNwamMtcDdmYy1qOXho
Mail Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: mail
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI3cTItNWdxZy02Yzdx
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1amctNTU4ai1xNjdj
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnajYtcGdybS14NHIy
gtk2 vulnerable to Use of Externally-Controlled Format String
Ecosystems: rubygems
Packages: gtk2
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0NHItZjJobS12NzZ2
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3
Rack rubygems receiving excessively long lines triggers out-of-memory error
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1neDMtMjdoci1tZmdw
HTTParty does not restrict casts of string values
Ecosystems: rubygems
Packages: httparty
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cjctdzVtdi1jODQ5
Rack Vulnerable to Path Traversal
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcWotY2c3OS1mMnB2
Thumbshooter vulnerable to Code Injection
Ecosystems: rubygems
Packages: thumbshooter
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW03ZnEtY2Y4cS0zNXE3
crack does not properly restrict casts of string values
Ecosystems: rubygems
Packages: crack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4eDgtdjgzdi1yaHcz
Spree Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4eDYtcDI0di13Zzhj
Curl Gem insufficient URL escaping command injection
Ecosystems: rubygems
Packages: curl
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4bWYtOGY1Ny02NHFm
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyZ2YtanFxbS14N3h2
Code injection in dragonfly gem
Ecosystems: rubygems
Packages: fog-dragonfly, dragonfly
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5MzYtcmoyNS02d202
nori contains Improper Input Validation
Ecosystems: rubygems
Packages: nori
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDktdzJqNi1ydzc2
Script Injection in Show In Browser gem
Ecosystems: rubygems
Packages: show_in_browser
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3NTktaHd2Yy1tM2pn
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5OW0tbWNqbS05Y3c4
actionpack vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3NHEtZnhmai13djZo
Puppet Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHAteHA5di12dng2
jquery-ui Tooltip widget vulnerable to XSS
Ecosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnNjUtZ2hyZy1ocGY1
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqeGotOXI1Zi13M20y
Puppet allows local users to obtain sensitive configuration information
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnbXgtOGg5My0yNmZo
omniauth-oauth2 Cross-Site Request Forgery vulnerability
Ecosystems: rubygems
Packages: omniauth-oauth2
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3gtbTVxOC1jMjlo
Rack vulnerable to REDoS
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYycjktYzg0ai12N3ht
RDoc contains XSS vulnerability
Ecosystems: rubygems
Packages: rdoc
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjOHAtcXBodi02Njh2
Denial of service in ruby-openid
Ecosystems: rubygems
Packages: ruby-openid
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljMmotNTkzcS0zZzgy
activesupport Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyNjYtM2NyaC1oN2dq
ldoce Gem Arbitrary Command Execution
Ecosystems: rubygems
Packages: ldoce
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1aGMtOXh4NS05N3J3
i18n gem Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: i18n
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmMzYtOTg1Zy12NzNj
omniauth-facebook Cross-Site Request Forgery vulnerability
Ecosystems: rubygems
Packages: omniauth-facebook
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg4MzUtNzVody1wajg5
activesupport Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmbWYtcng4dy05MzV3
Sounder Contains Arbitrary Command Execution Vulnerability
Ecosystems: rubygems
Packages: sounder
Source: GitHub Advisory Database
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4OW0tM3dqdy1oODU3
Puppet vulnerable to Path Traversal
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpnNG0tcTZ3OC12cmpw
rgpg Code Injection vulnerability
Ecosystems: rubygems
Packages: rgpg
Source: GitHub Advisory Database
Published: over 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02ZjctNDZody1ncmNq
Creme Fraiche contains OS Command Injection
Ecosystems: rubygems
Packages: cremefraiche
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxajctanZnNC1xcjJ4
Phusion Passenger Denial of Service
Ecosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Published: over 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5Y2gtOG12cC1nN201
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename
Ecosystems: rubygems
Packages: md2pdf
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4aHctbWc4bS0ycGo4
Devise does not properly perform type conversion when performing database queries
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqNDMtOWgzdy12OTc2
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0NTctY3c0aC1ocTVm
JSON gem has Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: json
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0NjMtNjM5ci1xOWc5
Dragonfly Code Injection vulnerability
Ecosystems: rubygems
Packages: dragonfly
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4MzgtdmZwcS1mbWYy
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4ajMtN3dwbS1xaHZw
Shell Metacharacter Injection in kelredd-pruview
Ecosystems: rubygems
Packages: kelredd-pruview
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyNDQtN2dyYy0zN3Zx
ActiveRecord vulnerable to modification of protected model attributes
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptZ3ctNnZqZy1qandn
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2cmMtcTM4Ny12cGdx
insecure temporary directory usage in passenger
Ecosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdoMnctajdjeC0yNjY0
Active Record contains SQL Injection
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjcnItOXZtZy04NjR2
Active Record Improper Input Validation
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwcHAtNXhjNS13ZnB4
Active Record allows bypassing of database-query restrictions
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyM2ctM3F3NC1nZmgy
RedCloth Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: redcloth
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyNDgteHIzNy1qeDht
fastreader Gem for Ruby URI Handling Arbitrary Command Injection
Ecosystems: rubygems
Packages: fastreader
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloMzYtNGpmMi1oeDUz
extlib does not properly restrict casts of string values
Ecosystems: rubygems
Packages: extlib
Source: GitHub Advisory Database
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2NzMtaGpmMi1wd2Zy
Shell command injection in command_wrap
Ecosystems: rubygems
Packages: command_wrap
Source: GitHub Advisory Database
Published: over 6 years ago
Statistics
Advisories: 17,222
Packages: 7,996
Repositories: 285
Ecosystems: 12
Filter by Package
actionpack 57 nokogiri 42 rubygems-update 25 puppet 23 rack 22 activerecord 21 activesupport 14 publify_core 14 passenger 13 actionview 12 rails 11 puma 11 fat_free_crm 10 jquery-rails 10 jquery 9 rails-html-sanitizer 9 org.webjars.npm:jquery 9 jQuery 8 jquery-ui 7 jQuery.UI.Combined 7 jquery-ui-rails 7 decidim 7 org.webjars.npm:jquery-ui 7 org.jruby:jruby-stdlib 7 camaleon_cms 6 loofah 6 doorkeeper 6 ember-source 6 spree 5 katello 5 bundler 5 commonmarker 5 spree_auth_devise 5 sidekiq 4 carrierwave 4 grpc 4 grpcio 4 webrick 4 sinatra 4 avo 4 sanitize 4 activestorage 4 devise 4 dragonfly 4 fluentd 4 mail 4 rest-client 3 bootstrap 3 bootstrap 3 gollum 3 omniauth 3 cgi 3 ruby-saml 3 resque 3 geminabox 3 yard 3 json-jwt 3 rubyzip 3 openssl 3 chartkick 3 decidim-core 3 rdoc 3 rack-cors 3 io.grpc:grpc-protobuf 3 private_address_check 3 git 3 rails_admin 3 paperclip 2 devise-two-factor 2 pdfkit 2 i18n 2 solidus_frontend 2 cocoapods-downloader 2 pghero 2 user_agent_parser 2 faye 2 field_test 2 mechanize 2 redcarpet 2 decidim-templates 2 httparty 2 VladTheEnterprising 2 omniauth-facebook 2 twitter-bootstrap-rails 2 mini_magick 2 sprockets 2 qiita-markdown 2 bootstrap-sass 2 solidus_core 2 ruby-openid 2 spina 2 view_component 2 mapbox-rails 2 uri 2 echor 2 secure_headers 2 yajl-ruby 2 mapbox.js 2 activeadmin 2 radiant 2 safemode 2 logstash-core 2 facter 2 git-fastclone 2 json 2 kramdown 2 bson 2 net-ldap 2 administrate 2 ox 2 google-protobuf 2 pageflow 2 sup 2 com.google.protobuf:protobuf-kotlin 2 com.google.protobuf:protobuf-java 2 red-arrow 2 pyarrow 2 twitter-stream 1 discordrb 1 pysha3 1 sha3 1 github.com/pubnub/go/v7 1 cap-strap 1 keynote 1 mongrel 1 com.pubnub:pubnub 1 ruby-jss 1 com.pubnub:pubnub-kotlin 1 rack-mini-profiler 1 pubnub 1 unpoly-rails 1 smalruby 1 hiera 1 mcollective-client 1 wicked 1 actionmailer 1 kelredd-pruview 1 smalruby-editor 1 diffy 1 awesome_spawn 1 pubnub/pubnub 1 pubnub 1 pubnub 1 active-support 1 solidus_backend 1 rubocop 1 ruby-mysql 1 gtk2 1 rotp 1 ruby_parser 1 stringio 1 github.com/github/hub 1 Pubnub 1 github.com/pubnub/go/v5 1 better_errors 1 hub 1 @turbo-boost/commands 1 github.com/pubnub/go/v6 1 websocket-extensions 1 turbo_boost-commands 1 github.com/pubnub/go 1 railties 1 foreman_ansible 1 gitlab-grit 1 geokit-rails 1 multi_xml 1 bindata 1 oxidized-web 1 message_bus 1 shrine 1 omniauth-auth0 1 papercrop 1 spree_api 1 omniauth-apple 1 date 1 audited 1 govuk_tech_docs 1 cremefraiche 1 rgpg 1 asciidoctor 1 oauth 1 point-cli 1 openshift-origin-node 1 clockwork_web 1 lean-ruport 1 flash_tool 1 tweetstream 1 ftpd 1 trestle-auth 1 decidim-system 1 sounder 1 decidim-admin 1 devise_invitable 1 sqlite3-ruby 1 curupira 1 thin 1 pubnub 1 trilogy 1 jmespath 1 recurly 1
Filter by Repository
https://github.com/rails/rails 53 https://github.com/sparklemotion/nokogiri 31 https://github.com/rubygems/rubygems 18 https://github.com/rack/rack 17 https://github.com/puppetlabs/puppet 15 https://github.com/publify/publify 13 https://github.com/puma/puma 11 https://github.com/jquery/jquery 10 https://github.com/phusion/passenger 10 https://github.com/rails/rails-html-sanitizer 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/decidim/decidim 8 https://github.com/jquery/jquery-ui 6 https://github.com/flavorjones/loofah 6 https://github.com/doorkeeper-gem/doorkeeper 6 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/solidusio/solidus 5 https://github.com/rgrove/sanitize 4 https://github.com/owen2345/camaleon-cms 4 https://github.com/mikel/mail 4 https://github.com/markevans/dragonfly 4 https://github.com/sinatra/sinatra 4 https://github.com/ruby/openssl 4 https://github.com/avo-hq/avo 4 https://github.com/carrierwaveuploader/carrierwave 4 https://github.com/fluent/fluentd 4 https://github.com/grpc/grpc 4 https://github.com/rubyzip/rubyzip 3 https://github.com/ruby-git/ruby-git 3 https://github.com/rubygems/rubygems.org 3 https://github.com/rest-client/rest-client 3 https://github.com/resque/resque 3 https://github.com/cyu/rack-cors 3 https://github.com/spree/spree 3 https://github.com/geminabox/geminabox 3 https://github.com/gollum/gollum 3 https://github.com/gjtorikian/commonmarker 3 https://github.com/jtdowney/private_address_check 3 https://github.com/Katello/katello 3 https://github.com/lsegal/yard 3 https://github.com/twbs/bootstrap 3 https://github.com/ruby/webrick 2 https://github.com/ruby/uri 2 https://github.com/ruby/rdoc 2 https://github.com/activeadmin/activeadmin 2 https://github.com/ruby-ldap/ruby-net-ldap 2 https://github.com/ankane/chartkick 2 https://github.com/ankane/field_test 2 https://github.com/ankane/pghero 2 https://github.com/brianmario/yajl-ruby 2 https://github.com/increments/qiita-markdown 2 https://github.com/CocoaPods/cocoapods-downloader 2 https://github.com/codevise/pageflow 2 https://github.com/github/cmark-gfm 2 https://github.com/emberjs/ember.js 2 https://github.com/faye/faye 2 https://github.com/jnunemaker/httparty 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/plataformatec/devise 2 https://github.com/mongodb/bson-ruby 2 https://github.com/mperham/sidekiq 2 https://github.com/gettalong/kramdown 2 https://github.com/openid/ruby-openid 2 https://github.com/omniauth/omniauth 2 https://github.com/ohler55/ox 2 https://github.com/nov/json-jwt 2 https://github.com/vmg/redcarpet 2 https://github.com/sparklemotion/mechanize 2 https://github.com/twitter/secure_headers 2 https://github.com/square/git-fastclone 2 https://github.com/tinfoil/devise-two-factor 2 https://github.com/sup-heliotrope/sup 2 https://github.com/svenfuchs/i18n 2 https://github.com/thoughtbot/paperclip 2 https://github.com/svenfuchs/safemode 2 https://github.com/sidekiq/sidekiq 2 https://gitlab.com/gitlab-org/cves 2 https://github.com/github/view_component 1 https://github.com/github/trilogy 1 https://github.com/github/hub 1 https://github.com/kaminari/kaminari 1 https://github.com/twbs/bootstrap-sass 1 https://github.com/theforeman/ldap_fluff 1 https://github.com/getsentry/raven-ruby 1 https://github.com/geokit/geokit-rails 1 https://github.com/tzinfo/tzinfo 1 https://github.com/gazay/gon 1 https://github.com/fnando/svg_optimizer 1 https://github.com/ua-parser/uap-core 1 https://github.com/flori/json 1 https://github.com/ua-parser/uap-ruby 1 https://github.com/ffi/ffi 1 https://github.com/faye/websocket-extensions-ruby 1 https://github.com/faye/faye-websocket-ruby 1 https://github.com/unpoly/unpoly-rails 1 https://github.com/theforeman/foreman_fog_proxmox 1 https://github.com/ViewComponent/view_component 1 https://github.com/exiftool-rb/exiftool_vendored.rb 1 https://github.com/excon/excon 1 https://github.com/evan/ccsv 1 https://github.com/jnunemaker/crack 1 https://github.com/jmespath/jmespath.rb 1 https://github.com/jirutka/asciidoctor-include-ext 1 https://github.com/jgarber/redcloth 1 https://github.com/jekyll/jekyll 1 https://github.com/janko/image_processing 1 https://github.com/jamesmartin/inline_svg 1 https://github.com/thoughtbot/cocaine 1 https://github.com/inukshuk/bibtex-ruby 1 https://github.com/jordansissel/ruby-arr-pm 1 https://github.com/josh/rack-ssl 1 https://github.com/thoughtbot/clearance 1 https://github.com/imsebao/404team 1 https://github.com/igrigorik/em-http-request 1 https://github.com/hopsoft/turbo_boost-commands 1 https://github.com/thoughtbot/administrate 1 https://github.com/heartcombo/devise 1 https://github.com/haml/haml 1 https://github.com/halostatue/minitar 1 https://github.com/Gurpartap/aescrypt 1 https://github.com/tigris/open-uri-cached 1 https://github.com/theforeman/smart_proxy_dynflow 1 https://github.com/GNOME/libxml2 1 https://github.com/TrestleAdmin/trestle-auth 1 https://github.com/binarylogic/authlogic 1 https://github.com/BetterErrors/better_errors 1 https://github.com/beenhero/omniauth-weibo-oauth2 1 https://github.com/bdmac/strong_password 1 https://github.com/bbatsov/rubocop 1 https://github.com/basecamp/marginalia 1 https://github.com/basecamp/easymon 1 https://github.com/aws/aws-sdk-ruby 1 https://github.com/zendesk/samlr 1 https://github.com/auth0/omniauth-auth0 1 https://github.com/asteinhauser/fat_free_crm 1 https://github.com/asciidoctor/asciidoctor 1 https://github.com/ankane/pgsync 1 https://github.com/zenspider/ruby_parser-legacy 1 https://github.com/zvory/csv-safe 1 https://github.com/ankane/clockwork_web 1 https://github.com/ankane/chartkick.js 1 https://gitlab.com/2013/11 1 https://github.com/ankane/blazer 1 https://github.com/amro/gibbon 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/alexreisner/geocoder 1 https://github.com/AlchemyCMS/alchemy_cms 1 https://github.com/airbrake/airbrake-ruby 1 https://github.com/ahorner/text-helpers 1 https://github.com/affix/CVE-2022-36231 1 https://github.com/adamzaninovich/sounder 1 https://github.com/elastic/logstash 1 https://github.com/elastic/apm-agent-ruby 1 https://github.com/ejschmitt/delayed_job_web 1 https://github.com/dspinhirne/netaddr-rb 1 https://github.com/doorkeeper-gem/doorkeeper-openid_connect 1 https://github.com/voloko/twitter-stream 1 https://github.com/dmendel/bindata 1 https://github.com/discourse/rails_multisite 1 https://github.com/discourse/message_bus 1 https://github.com/denkGroot/Spina 1 https://github.com/dejan/espeak-ruby 1 https://github.com/wconrad/ftpd 1 https://github.com/datamapper/extlib 1 https://github.com/webbynode/webbynode 1 https://github.com/ConradIrwin/em-imap 1 https://github.com/collectiveidea/audited 1 https://github.com/whiteleaf7/narou 1 https://github.com/codders/dataset 1 https://github.com/wycats/handlebars.js 1 https://github.com/chef/mixlib-archive 1 https://github.com/cgriego/active_attr 1 https://github.com/XKCP/XKCP 1 https://github.com/camilova/activerecord-update-by-case 1 https://github.com/bvsatyaram/random_password_generator 1 https://github.com/bundler/bundler 1 https://github.com/ytti/oxidized-web 1 https://github.com/boazsegev/iodine 1 https://github.com/rmagick/rmagick 1 https://github.com/sisimai/rb-sisimai 1 https://github.com/rf-/keynote 1 https://github.com/restforce/restforce 1 https://github.com/Smashing/smashing 1 https://github.com/resque/resque-scheduler 1 https://github.com/Snorby/snorby 1 https://github.com/redis-store/redis-store 1 https://github.com/recurly/recurly-client-ruby 1 https://github.com/rdoc/rdoc 1 https://github.com/rcook/rgpg 1 https://github.com/rapid7/metasploit-framework 1 https://github.com/rails/web-console 1 https://github.com/rails/sprockets 1 https://github.com/socketry/protocol-http1 1 https://github.com/Sorcery/sorcery 1 https://github.com/rails/kredis 1 https://github.com/rails/jquery-rails 1 https://github.com/rails/globalid 1 https://github.com/railsdog/spree 1 https://github.com/railsadminteam/rails_admin 1