Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Browse

Latest Gem Vulnerabilities

CVE-2020-8185 in actionpack
Moderate

There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. This vulnerability has been assigned the CVE identifier CVE-2020-8185. Versions Affected: 6.0.0 < rails < 6.0.3.2 Not affected: Applications with...
Read more →

Published 27 days ago
CVE-2020-4054 in sanitize
Critical

When HTML is sanitized using Sanitize's "relaxed" config or a custom config that allows certain elements, some content in a `<math>` or `<svg>` element may not be sanitized correctly even if `math` and `svg` are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that...
Read more →

Published 28 days ago
CVE-2020-8184 in rack
Severe

It is possible to forge a secure or host-only cookie prefix in Rack using an arbitrary cookie write by using URL encoding (percent-encoding) on the name of the cookie. This could result in an application that is dependent on this prefix to determine if a cookie is safe to process being manipulated into processing an insecure or cross-origin...
Read more →

Published 29 days ago
CVE-2020-7663 in websocket-extensions
Severe

### Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string parameter value whose content is a...
Read more →

Published about 1 month ago
CVE-2020-11082 in kaminari
Severe

### Impact There was a vulnerability in versions of Kaminari that would allow an attacker to inject arbitrary code into pages with pagination links. For example, an attacker could craft pagination links that link to other domain or host: https://example.com/posts?page=4&original_script_name=https://another-host.example.com In addition,...
Read more →

Published about 2 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Aug 4
Sep 5
Oct 4
Nov 3
Dec 3
Jan 3
Feb 3
Mar 5
Apr 2
May 13
Jun 4
Jul 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 34
2017 35
2018 34
2019 47
2020 30