Skip to content

GitHub Advisory Database

333 advisories

Possible XSS vulnerability in ActionView
CVE-2020-5267 (Moderate severity) was published Mar 19, 2020 actionview (RubyGems)
Sort order SQL injection
CVE-2020-5257 (High severity) was published Mar 13, 2020 administrate (RubyGems)
Denial of Service in uap-core <=0.7.2 when processing crafted User-Agent strings
GHSA-pcqq-5962-hvcw (High severity) was published Mar 10, 2020 user_agent_parser (RubyGems)
HTTP Response Splitting (Early Hints)
CVE-2020-5249 (Moderate severity) was published Mar 3, 2020 puma (RubyGems)
HTTP Response Splitting
CVE-2020-5247 (Moderate severity) was published Feb 28, 2020 puma (RubyGems)
OS Command Injection in Rake
CVE-2020-8130 (Moderate severity) was published Feb 28, 2020 rake (RubyGems)
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
CVE-2020-7595 (Moderate severity) was published Feb 24, 2020 nokogiri (RubyGems)
OS command injection in BibTeX-Ruby
CVE-2019-10780 (High severity) was published Feb 14, 2020 bibtex-ruby (RubyGems)
XSS/Script injection vulnerability
CVE-2020-5241 (High severity) was published Feb 12, 2020 matestack-ui-core (RubyGems)
Limited header injection when using dynamic overrides with user input
CVE-2020-5216 (Moderate severity) was published Jan 23, 2020 secure_headers (RubyGems)
Directive injection when using dynamic overrides with user input
CVE-2020-5217 (Moderate severity) was published Jan 23, 2020 secure_headers (RubyGems)
Possible Information Leak / Session Hijack Vulnerability
CVE-2019-16782 (Low severity) was published Dec 18, 2019 rack (RubyGems)
Interrupted Persistent Connections May Leak Response Data
CVE-2019-16779 (Low severity) was published Dec 16, 2019 excon (RubyGems)
Keepalive thread overload/DoS
CVE-2019-16770 (Moderate severity) was published Dec 5, 2019 puma (RubyGems)
Prototype pollution in Chartkick
CVE-2019-18841 (Moderate severity) was published Dec 2, 2019 chartkick (RubyGems)
The rack-cors rubygem may allow directory traveral
CVE-2019-18978 (Moderate severity) was published Nov 15, 2019 rack-cors (RubyGems)
Lacks element count during splitting of JWE string
CVE-2019-18848 (Moderate severity) was published Nov 14, 2019 json-jwt (RubyGems)
Local privilege escalation because of world-writable files
CVE-2019-18409 (Moderate severity) was published Oct 25, 2019 ruby_parser-legacy (RubyGems)
Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished
CVE-2019-15587 (Low severity) was published Nov 5, 2019 loofah (RubyGems)
Potential code execution due to unescaped single quote character
CVE-2017-1002201 (Moderate severity) was published Oct 21, 2019 haml (RubyGems)
gem install may result in 0777 permissions on the target filesystem
CVE-2019-17383 (High severity) was published Oct 14, 2019 netaddr (RubyGems)
Malicious URL drafting attack against iodines static file server may allow path traversal
GHSA-85rf-xh54-whp3 (Moderate severity) was published Oct 7, 2019 iodine (RubyGems)
Crafted ZIP file can bypass application checks on ZIP entry sizes causing a denial of service
CVE-2019-16892 (High severity) was published Sep 30, 2019 rubyzip (RubyGems)
The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control.
CVE-2019-16377 (High severity) was published Sep 27, 2019 consul (RubyGems)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.