Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • M
Cross-site Scripting (XSS)
actionview <5.2.4.2,>=6.0.0, <6.0.2.2 RubyGems 20 Mar, 2020
  • H
Denial of Service (DoS)
json <2.3.0 RubyGems 19 Mar, 2020
  • H
SQL Injection
administrate <0.13.0 RubyGems 15 Mar, 2020
  • M
HTTP Response Splitting
puma <3.12.4,>=4.0.0, <4.3.3 RubyGems 02 Mar, 2020
  • M
HTTP Response Splitting
puma >=4.0.0, <4.3.2,<3.12.3 RubyGems 28 Feb, 2020
  • H
Denial of Service (DoS)
nokogiri <1.10.8 RubyGems 25 Feb, 2020
  • H
Arbitrary Code Injection
rake <12.3.3 RubyGems 24 Feb, 2020
  • H
Regular Expression Denial of Service (ReDoS)
user_agent_parser <2.6.0 RubyGems 21 Feb, 2020
  • M
Cross-site Scripting (XSS)
written >=0.0.0 RubyGems 13 Feb, 2020
  • M
Cross-site Scripting (XSS)
matestack-ui-core <0.7.4 RubyGems 13 Feb, 2020
  • H
Malicious Package
omniauth-weibo-oauth2 >=0.4.6, <0.5.0 RubyGems 07 Feb, 2020
  • H
SQL Injection
geocoder <1.6.1 RubyGems 26 Jan, 2020
  • H
Cross-site Scripting (XSS)
secure_headers >=6.0.0, <6.3.0,>=5.0.0, <5.2.0,<3.9.0 RubyGems 24 Jan, 2020
  • M
Command Injection
secure_headers >=6.0.0, <6.2.0,>=5.0.0, <5.1.0,<3.8.0 RubyGems 24 Jan, 2020
  • H
Bit-Flipping Attack
parsel >=0.0.0 RubyGems 22 Jan, 2020
  • H
Insecure Encryption
parsel >=0.0.0 RubyGems 22 Jan, 2020
  • H
Insecure Encryption
parsel >=0.0.0 RubyGems 22 Jan, 2020
  • H
Command Injection
bibtex-ruby <5.1.0 RubyGems 17 Jan, 2020
  • M
Improper Access Control
rack-cors <1.0.0 RubyGems 06 Jan, 2020
  • M
Information Exposure
rack <1.6.12,>=2.0.0.alpha, <2.0.8 RubyGems 19 Dec, 2019
  • L
Improper Certificate Validation
puppet >=6.0.0, <6.4.0 RubyGems 17 Dec, 2019
  • M
Race Condition
excon <0.71.0 RubyGems 17 Dec, 2019
  • H
Denial of Service (DoS)
puma <3.12.2,>=4.0.0, <4.3.1 RubyGems 06 Dec, 2019
  • M
Access Restriction Bypass
puppet >=2.7.0, <2.7.13 RubyGems 29 Nov, 2019
  • M
XML External Entity (XXE) Injection
ruby-openid <2.2.2 RubyGems 29 Nov, 2019
  • M
Cross-site Scripting (XSS)
rails >=2.0.0, <2.3.12,>=3.0.0, <3.0.8,>=3.1.0.rc1, <3.1.0.rc2 RubyGems 28 Nov, 2019
  • M
Improper Input Validation
rails >=2.3.9, <2.3.10,>=3.0.0, <3.0.1 RubyGems 28 Nov, 2019
  • M
Access Restriction Bypass
sqlite3-ruby <1.2.4 RubyGems 28 Nov, 2019
  • H
SQL Injection
activerecord >=2.0.0, <2.3.13,>=3.0.0, <3.0.10,>=3.1.0, <3.1.0.rc6 RubyGems 26 Nov, 2019
  • M
Cross-site Scripting (XSS)
activesupport >=2.0.0, <2.3.13,>=3.0.0, <3.0.10,>=3.1.0, <3.1.0.rc5 RubyGems 26 Nov, 2019