Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Browse

Latest Gem Vulnerabilities

CVE-2016-6582 in doorkeeper
Moderate

Doorkeeper failed to implement OAuth 2.0 Token Revocation (RFC 7009) in the following ways: 1. Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked 2. Requests were not properly authenticating the *client credentials* but were, instead, looking at the access token in a second...
Read more →

Published about 1 month ago
CVE-2016-6316 in rails
Moderate

There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to an XSS attack. Impacted code looks something...
Read more →

Published about 1 month ago
CVE-2016-6317 in rails
Severe

There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. Impact ------ Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to...
Read more →

Published about 1 month ago
CVE-2016-5697 in ruby-saml
Severe

ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements (but past the scheme validator process since 1 of the element was inside the encrypted assertion). ruby-saml users must update to 1.3.0, which implements 3 extra...
Read more →

Published 3 months ago
CVE-2015-8806 in nokogiri
Severe

Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks. For more...
Read more →

Published 4 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Oct 1
Nov 1
Dec 3
Jan 6
Feb 9
Mar 0
Apr 4
May 1
Jun 2
Jul 0
Aug 3
Sep 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2011 20
2012 22
2013 83
2014 74
2015 41
2016 25