Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2017-15928 in ox
Severe

In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication.
Read more →

Published 26 days ago
CVE-2017-14683 in geminabox
Severe

geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
Read more →

Published about 2 months ago
CVE-2017-14506 in geminabox
Moderate

geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
Read more →

Published about 2 months ago
CVE-2017-9050 in nokogiri
Critical

The version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml 2.9.5. It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute...
Read more →

Published 2 months ago
CVE-2017-1000037 in rvm
Critical

RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD...
Read more →

Published 4 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Dec 2
Jan 1
Feb 1
Mar 1
Apr 1
May 1
Jun 0
Jul 1
Aug 0
Sep 3
Oct 1
Nov 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2012 22
2013 84
2014 74
2015 44
2016 29
2017 10