Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2019-16770 in puma
Severe

A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
Read more →

Published 11 days ago
CVE-2019-18978 in rack-cors
Critical

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
Read more →

Published about 1 month ago
CVE-2019-18848 in json-jwt
Moderate

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
Read more →

Published about 1 month ago
CVE-2019-18841 in chartkick
Moderate

A specially crafted response in data loaded via URL can cause prototype pollution in JavaScript.
Read more →

Published about 1 month ago
CVE-2019-13117 in nokogiri
Moderate

Nokogiri v1.10.5 has been released. This is a security release. It addresses three CVEs in upstream libxml2, for which details are below. If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to upgrade at this time, though you may want to check with your distro whether...
Read more →

Published about 2 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jan 0
Feb 2
Mar 11
Apr 3
May 0
Jun 2
Jul 9
Aug 3
Sep 5
Oct 4
Nov 3
Dec 1

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 46
2016 33
2017 35
2018 34
2019 43