Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2018-11627 in sinatra
Severe

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Read more →

Published 18 days ago
CVE-2018-3759 in private_address_check
Severe

private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address by the subsequent resolution is a private address.
Read more →

Published about 2 months ago
CVE-2018-3741 in rails-html-sanitizer
Moderate

There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah.
Read more →

Published 3 months ago
CVE-2018-3740 in sanitize
Severe

When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. This can allow HTML and JavaScript injection, which could result in XSS if Sanitize's output is served to...
Read more →

Published 3 months ago
CVE-2018-8048 in loofah
Severe

Loofah allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments when running on MRI or RBX in combination with libxml2 >= 2.9.2. JRuby users are not affected. This issue has been created for public disclosure of an XSS / code injection vulnerability that was responsibly reported by...
Read more →

Published 3 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jul 1
Aug 0
Sep 3
Oct 1
Nov 7
Dec 6
Jan 3
Feb 4
Mar 3
Apr 0
May 2
Jun 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2013 84
2014 74
2015 44
2016 29
2017 26
2018 12