Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • M
Timing Attack
sinatra <2.0.0.beta2 RubyGems 10 Jan, 2018
  • M
Cross-site Scripting (XSS)
sinatra <1.4.6, >=1.4.0.a RubyGems 10 Jan, 2018
  • M
Session Fixation
sinatra <1.2.1 RubyGems 10 Jan, 2018
  • M
Cross-site Request Forgery (CSRF)
shoppe <1.1.1 RubyGems 10 Jan, 2018
  • M
Denial of Service (DoS)
sequel <3.45.0 ,>=3.37.0 RubyGems 10 Jan, 2018
  • M
Cross-Site Request Forgery (CSRF)
upmin >=0.0.0 RubyGems 10 Jan, 2018
  • M
Cross-Site Request Forgery (CSRF)
upmin-admin >0.0.0 RubyGems 10 Jan, 2018
  • H
Security Feature Bypass
microsoft.netcore.universalwindowsplatform [,5.2.4), [5.3,5.3.5), [5.4,5.4.2), [6,6.0.6) NuGet 10 Jan, 2018
  • H
Denial of Service (DoS)
kibana <5.2.1 npm 04 Jan, 2018
  • M
Cross-site Scripting (XSS)
kibana >=5.3.0 <5.3.3 || >=5.4.0 <5.4.1 npm 04 Jan, 2018
  • M
Information Exposure
kibana <5.4.3 npm 04 Jan, 2018
  • M
Cross-site Scripting (XSS)
kibana >=5.0.0 <5.6.1 npm 04 Jan, 2018
  • H
TLS Padding Oracle
com.madgag.spongycastle:bctls-jdk15on [,1.58] Maven 03 Jan, 2018
  • H
TLS Padding Oracle
org.bouncycastle:bctls-jdk15on [,1.58] Maven 03 Jan, 2018
  • M
Denial of Service (DoS)
mqtt >=2.0.0 <2.15.0 npm 03 Jan, 2018
  • H
User Impersonation
passport-wsfed-saml2 <3.0.5 npm 03 Jan, 2018
  • H
Directory Traversal
yard < 0.9.11 RubyGems 25 Dec, 2017
  • M
Authentication Bypass
org.apache.sling:org.apache.sling.auth.core [1.4,1.4.2) Maven 25 Dec, 2017
  • M
Cross-site Scripting (XSS)
marked <0.3.9 npm 25 Dec, 2017
  • H
Cross-site Scripting (XSS)
marked <0.3.9 npm 25 Dec, 2017
  • M
Timing Attack
ruby_rncryptor_secured >=0.0.0 RubyGems 25 Dec, 2017
  • M
Timing Attack
ruby_rncryptor <3.0.1 RubyGems 25 Dec, 2017
  • M
Symlink Attack
rubocop <0.36.0, >=0.34.0 RubyGems 25 Dec, 2017
  • M
Arbitrary Code Execution
rubocop <0.30.0 ,>=0.27.0 RubyGems 25 Dec, 2017
  • M
Cross-site Scripting (XSS)
refinerycms-core <3.0.2, >=2.0.0 RubyGems 25 Dec, 2017
  • M
Cross-Site Request Forgery (CSRF)
refinerycms-core <3.0.2 RubyGems 25 Dec, 2017
  • M
Cross-site Scripting (XSS)
refinerycms-core <3.0.2, >=2.0.0 RubyGems 25 Dec, 2017
  • M
Cross-site Scripting (XSS)
refinerycms-core <3.0.2, >=2.0.0 RubyGems 25 Dec, 2017
  • M
Timing Attack
railties <5.0.0.beta1 RubyGems 25 Dec, 2017
  • M
Cross-site Scripting (XSS)
loofah <0.4.4 RubyGems 25 Dec, 2017