How secure are your Ruby projects? Scan
Gemfile.lock for vulnerabilities, take action, and ship
secure apps!

Latest Gem Vulnerabilities

CVE-2015-3227 in rails

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of...
Read more →

Published 3 months ago
CVE-2015-3226 in rails

Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web...
Read more →

Published 3 months ago
CVE-2015-2963 in paperclip

The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct...
Read more →

Published 3 months ago
CVE-2015-3225 in rack

There is a potential denial of service vulnerability in Rack. Carefully crafted requests can cause a `SystemStackError` and potentially cause a denial of service attack.

Published 4 months ago
CVE-2015-3224 in web-console

There is a remote code execution vulnerability in Web Console. Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled...
Read more →

Published 4 months ago

Vulnerabilities in the Past 12 Months

Nov 4
Dec 0
Jan 1
Feb 0
Mar 0
Apr 0
May 0
Jun 3
Jul 3
Aug 0
Sep 0
Oct 0

Vulnerabilities in the Past 6 Years

2010 2
2011 15
2012 15
2013 50
2014 23
2015 7