How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Latest Gem Vulnerabilities

CVE-2019-15224 in rest-client

The rest-client gem 1.6.10, 1.6.11, 1.6.12, and 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
Read more →

Published 6 days ago
CVE-2019-5477 in nokogiri

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being passed untrusted user input. This vulnerability appears in code generated by the Rexical gem...
Read more →

Published 14 days ago
CVE-2019-13574 in mini_magick

A remote shell execution vulnerability when using MiniMagick::Image.open with URL coming from unsanitized user input. e.g. `MiniMagick::Image.open("| touch.txt")`
Read more →

Published about 1 month ago
CVE-2019-13354 in strong_password

The `strong_password` gem on RubyGems.org was hijacked by a malicious actor. The malicious actor published v0.0.7 containing malicious code that enables an attacker to execute remote code in production. Downgrade `strong_password` to v0.0.6 to ensure no malicious code execution is possible.
Read more →

Published about 2 months ago
CVE-2019-13146 in field_test

Due to unvalidated input, an attacker can pass in arbitrary variants via query parameters. If an application treats variants as trusted, this can lead to potential vulnerabilities like SQL injection or cross-site scripting (XSS). For instance: landing_page = field_test(:landing_page) Page.where("key = '#{landing_page}'")
Read more →

Published about 2 months ago

Vulnerabilities in the Past 12 Months

Sep 2
Oct 5
Nov 3
Dec 0
Jan 0
Feb 2
Mar 11
Apr 2
May 0
Jun 1
Jul 3
Aug 2

Vulnerabilities in the Past 6 Years

2014 75
2015 46
2016 33
2017 33
2018 34
2019 21