Facets

How secure are your Ruby projects? Scan
Gemfile.lock for vulnerabilities, take action, and ship
secure apps!


Latest Gem Vulnerabilities

CVE-2015-3224 in web-console
Critical

There is a remote code execution vulnerability in Web Console. Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled...
Read more →

Published 21 days ago
CVE-2015-3226 in rails
Critical

There is an XSS vulnerability in the ActiveSupport::JSON.encode method in Ruby on Rails. When a `Hash` containing user-controlled data is encode as JSON (either through `Hash#to_json` or...
Read more →

Published 21 days ago
CVE-2015-3225 in rack
Critical

There is a potential denial of service vulnerability in Rack. Carefully crafted requests can cause a `SystemStackError` and potentially cause a denial of service attack.

Published 21 days ago
CVE-2015-1840 in jquery-rails
Critical

There is an vulnerability in jquery-ujs and jquery-rails that can be used to bypass CSP protections and allows attackers to send CSRF tokens to attacker domains. In the scenario where an attacker...
Read more →

Published 21 days ago
CVE-2015-3227 in activesupport
Critical

There is a possible denial of service attack in the XML processing in Active Support. Specially crafted XML documents can cause applications to raise a `SystemStackError` and potentially cause a...
Read more →

Published 21 days ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Aug 1
Sep 0
Oct 0
Nov 4
Dec 0
Jan 1
Feb 0
Mar 0
Apr 0
May 0
Jun 5
Jul 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2010 2
2011 15
2012 15
2013 50
2014 23
2015 6