Facets
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
The rest-client gem 1.6.10, 1.6.11, 1.6.12, and 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
Read more →
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being passed untrusted user input. This vulnerability appears in code generated by the Rexical gem...
Read more →
A remote shell execution vulnerability when using MiniMagick::Image.open with URL coming from unsanitized user input. e.g. `MiniMagick::Image.open("| touch.txt")`
Read more →
The `strong_password` gem on RubyGems.org was hijacked by a malicious actor. The malicious actor published v0.0.7 containing malicious code that enables an attacker to execute remote code in production. Downgrade `strong_password` to v0.0.6 to ensure no malicious code execution is possible.
Read more →
Due to unvalidated input, an attacker can pass in arbitrary variants via query parameters. If an application treats variants as trusted, this can lead to potential vulnerabilities like SQL injection or cross-site scripting (XSS). For instance: landing_page = field_test(:landing_page) Page.where("key = '#{landing_page}'")
Read more →
| Vulnerabilities | |
|---|---|
| Sep | 2 |
| Oct | 5 |
| Nov | 3 |
| Dec | 0 |
| Jan | 0 |
| Feb | 2 |
| Mar | 11 |
| Apr | 2 |
| May | 0 |
| Jun | 1 |
| Jul | 3 |
| Aug | 2 |
| Vulnerabilities | |
|---|---|
| 2014 | 75 |
| 2015 | 46 |
| 2016 | 33 |
| 2017 | 33 |
| 2018 | 34 |
| 2019 | 21 |