Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • M
Cross-site Scripting (XSS)
sidekiq >=0.0.0 RubyGems 06 Apr, 2021
  • M
Cross-site Scripting (XSS)
qiita-markdown <0.33.0 RubyGems 19 Mar, 2021
  • M
Deserialization of Untrusted Data
kramdown >=1.16.0, <2.3.1 RubyGems 19 Mar, 2021
  • H
Denial of Service (DoS)
spree <4.2.0 RubyGems 08 Mar, 2021
  • M
Timing Attack
activerecord-session_store <2.0.0 RubyGems 05 Mar, 2021
  • M
Open Redirect
actionpack >=6.0.0, <6.0.3.5,>=6.1.0.rc1, <6.1.2.1 RubyGems 02 Mar, 2021
  • H
Regular Expression Denial of Service (ReDoS)
activerecord >=6.1.0, <6.1.2.1,>=6.0.0, <6.0.3.5,>=4.2.0, <5.2.4.5 RubyGems 02 Mar, 2021
  • H
Unsafe Dependency Resolution
bundler <2.2.10 RubyGems 22 Feb, 2021
  • M
Man-in-the-Middle (MitM)
twitter-stream >=0.0.0 RubyGems 21 Feb, 2021
  • M
Man-in-the-Middle (MitM)
tweetstream >=0.0.0 RubyGems 21 Feb, 2021
  • H
Command Injection
lodash-rails >=0.0.0 RubyGems 15 Feb, 2021
  • H
Denial of Service (DoS)
rails >=4.2.0, <5.2.4.5,>=6.0.0.beta1, <6.0.3.5,>=6.1.0.rc1, <6.1.2.1 RubyGems 11 Feb, 2021
  • M
Server-Side Request Forgery (SSRF)
carrierwave >=2.0.0.rc, <2.1.1,<1.3.2 RubyGems 09 Feb, 2021
  • M
Remote Code Execution (RCE)
carrierwave >=2.0.0.rc, <2.1.1,<1.3.2 RubyGems 09 Feb, 2021
  • H
Command Injection
mechanize >=2.0.0, <2.7.7 RubyGems 03 Feb, 2021
  • M
Cross-site Scripting (XSS)
rails_admin <1.4.3,>=2.0.0, <2.0.2 RubyGems 13 Jan, 2021
  • H
Cross-site Scripting (XSS)
redcarpet <3.5.1 RubyGems 12 Jan, 2021
  • H
Authentication Bypass
omniauth-apple >=1.0.0, <1.0.1 RubyGems 05 Jan, 2021
  • L
XML External Entity (XXE) Injection
nokogiri <1.11.0.rc4 RubyGems 31 Dec, 2020
  • H
Malicious Package
pretty_color >=0.0.0 RubyGems 17 Dec, 2020
  • H
Malicious Package
ruby-bitcoin >=0.0.0 RubyGems 17 Dec, 2020
  • M
Information Exposure
gitaly >=1.79.0, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2 RubyGems 17 Nov, 2020
  • H
Information Exposure
spree_api >=3.7.0, <3.7.13,>=4.0.0, <4.0.5,>=4.1.0, <4.1.12 RubyGems 15 Nov, 2020
  • L
Remote Code Execution (RCE)
dependabot-omnibus >=0.119.0.beta1, <0.125.1 RubyGems 15 Nov, 2020
  • L
Remote Code Execution (RCE)
dependabot-common >=0.119.0.beta1, <0.125.1 RubyGems 15 Nov, 2020
  • H
Regression in JWT Signature Validation
omniauth-auth0 >=2.3.0, <2.4.1 RubyGems 23 Oct, 2020
  • H
Authentication Bypass
spree >=3.7.0, <3.7.11,>=4.0.0, <4.0.4,>=4.1.0, <4.1.11 RubyGems 21 Oct, 2020
  • H
Cross-site Scripting (XSS)
actionpack >=6.0.0, <6.0.3.4 RubyGems 08 Oct, 2020
  • M
Timing Attack
shrine <3.3.0 RubyGems 06 Oct, 2020
  • H
HTTP Request Smuggling
webrick <1.5.1,>=1.6.0, <1.6.1 RubyGems 29 Sep, 2020