Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2020-15169 in actionview
Moderate

There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. Impact ------ When an HTML-unsafe string is passed as the default for a missing translation key...
Read more →

Published 17 days ago
CVE-2020-16253 in pghero
Severe

The PgHero dashboard is vulnerable to CSRF with non-session based authentication methods. ## Impact The PgHero dashboard is vulnerable to cross-site request forgery (CSRF). This affects the Docker image, Linux packages, and in specific cases, the Ruby gem. The Ruby gem is vulnerable with non-session based authentication methods like basic...
Read more →

Published about 2 months ago
CVE-2020-16254 in chartkick
Moderate

Chartkick is vulnerable to CSS injection if user input is passed to the width or height option. <%= line_chart data, width: params[:width], height: params[:height] %> An attacker can set additional CSS properties, like: <%= line_chart data, width: "100%; background-image: url('http://example.com/image.png')" %>
Read more →

Published about 2 months ago
CVE-2020-16252 in field_test
Moderate

The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods. ## Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based authentication methods (like Devise's default authentication) are not affected. A CSRF attack works...
Read more →

Published about 2 months ago
CVE-2020-15109 in solidus_api
Moderate

### Impact This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. E.g. 1. Store...
Read more →

Published about 2 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Oct 4
Nov 3
Dec 3
Jan 3
Feb 3
Mar 5
Apr 2
May 13
Jun 5
Jul 2
Aug 4
Sep 1

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 34
2017 35
2018 36
2019 47
2020 38