How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Latest Gem Vulnerabilities

CVE-2020-8264 in actionpack

There is a possible XSS vulnerability in Action Pack while the application server is in development mode. This vulnerability is in the Actionable Exceptions middleware. This vulnerability has been assigned the CVE identifier CVE-2020-8264. Versions Affected: >= 6.0.0 Not affected: < 6.0.0 Fixed Versions: ...
Read more →

Published 14 days ago
CVE-2020-15237 in shrine

### Impact When using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. ### Patches The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin...
Read more →

Published 16 days ago
CVE-2020-25613 in webrick

WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to "smuggle" a request. See CWE-444 in detail.
Read more →

Published 22 days ago
CVE-2020-25739 in gon

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.
Read more →

Published about 1 month ago
CVE-2020-15169 in actionview

There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. Impact ------ When an HTML-unsafe string is passed as the default for a missing translation key...
Read more →

Published about 1 month ago

Vulnerabilities in the Past 12 Months

Nov 3
Dec 3
Jan 3
Feb 3
Mar 5
Apr 2
May 13
Jun 5
Jul 2
Aug 4
Sep 3
Oct 2

Vulnerabilities in the Past 6 Years

2015 46
2016 34
2017 35
2018 36
2019 47
2020 42