Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2016-4658 in nokogiri
Critical

Nokogiri version 1.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2016-4658 CVSS v3 Base Score: 9.8 (Critical) libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial...
Read more →

Published 3 months ago
CVE-2017-5946 in rubyzip
Critical

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
Read more →

Published 3 months ago
CVE-2016-7798 in openssl
Severe

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
Read more →

Published 4 months ago
CVE-2016-7954 in bundler
Critical

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
Read more →

Published 5 months ago
CVE-2016-3129 in good_enterprise_mobility_server
Critical

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.
Read more →

Published 5 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jun 2
Jul 0
Aug 3
Sep 0
Oct 0
Nov 0
Dec 2
Jan 1
Feb 1
Mar 1
Apr 0
May 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2012 22
2013 84
2014 74
2015 43
2016 29
2017 3