Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • H
Denial of Service (DoS)
nokogiri <1.8.5 RubyGems 10 Oct, 2018
  • H
Arbitrary File Read
jekyll >=3.6.0, <3.6.2,>=3.7.0, <3.7.4,>=3.8.0, <3.8.4 RubyGems 03 Oct, 2018
  • H
Authentication Bypass
smart_proxy_dynflow >=0.1.8, <0.1.11,>=0.2.0, <0.2.1 RubyGems 26 Sep, 2018
  • H
Malicious Package
active-support >=0.0.0 RubyGems 09 Aug, 2018
  • H
Arbitrary Code Injection
restforce <3.0.0 RubyGems 05 Aug, 2018
  • H
Insufficient Token Expiration
doorkeeper >=4.2.0, <4.4.0,=5.0.0.rc1 RubyGems 19 Jul, 2018
  • M
Cross-site Request Forgery (CSRF)
rails_admin < 1.1.1 RubyGems 19 Jul, 2018
  • H
Regular Expression Denial of Service (ReDoS)
rack-cors <0.4.1 RubyGems 19 Jul, 2018
  • M
Cross-site Scripting (XSS)
grape <1.1.0 RubyGems 19 Jul, 2018
  • H
Arbitrary File Write via Archive Extraction (Zip Slip)
rubyzip <1.2.2 RubyGems 28 Jun, 2018
  • H
Signature Validation Bypass
json-jwt <1.9.4 RubyGems 28 Jun, 2018
  • H
DLL Loading Issue
ffi <1.9.24 RubyGems 28 Jun, 2018
  • M
Directory Traversal
sprockets <2.12.5,>=3.0.0, <3.7.2,>=4.0.0, <4.0.0.beta8 RubyGems 20 Jun, 2018
  • M
Privilege Escalation
passenger <5.3.2 RubyGems 20 Jun, 2018
  • M
Improper Access Control
passenger <5.3.2 RubyGems 20 Jun, 2018
  • M
Insecure Permissions
passenger <5.3.2 RubyGems 20 Jun, 2018
  • H
Arbitrary File Write
passenger <5.3.2 RubyGems 20 Jun, 2018
  • H
Arbitrary Code Loading
puppet <5.3.7,>=5.4.0, <5.5.2 RubyGems 17 Jun, 2018
  • H
Privilege Escalation
puppet <5.3.7,>=5.4.0, <5.5.2 RubyGems 17 Jun, 2018
  • H
Privilege Escalation
puppet <5.3.7,>=5.4.0, <5.5.2 RubyGems 17 Jun, 2018
  • M
Time of Check Time of Use (TOCTOU)
private_address_check <0.5.0 RubyGems 10 Jun, 2018
  • M
Cross-site Scripting (XSS)
sinatra <2.0.2 RubyGems 04 Jun, 2018
  • H
Information Exposure
sensu <1.2.1 RubyGems 08 Apr, 2018
  • M
Cross-site Scripting (XSS)
rails-html-sanitizer <1.0.4 RubyGems 27 Mar, 2018
  • M
HTML Injection
sanitize <4.6.3 RubyGems 21 Mar, 2018
  • M
Cross-site Scripting (XSS)
loofah <2.2.1 RubyGems 21 Mar, 2018
  • L
Information Exposure
logstash-core <5.6.6,>=6.0.0, <6.1.2 RubyGems 21 Mar, 2018
  • M
Directory Traversal
rack-protection <1.5.4,>=2.0.0.beta1, <2.0.1 RubyGems 01 Mar, 2018
  • H
Denial of Service (DoS)
ox <2.8.2 RubyGems 01 Mar, 2018
  • M
Authentication Bypass
omniauth-saml <1.9.0 RubyGems 28 Feb, 2018