How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Latest Gem Vulnerabilities

CVE-2016-7954 in bundler

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
Read more →

Published 25 days ago
CVE-2016-3129 in good_enterprise_mobility_server

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions to allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.
Read more →

Published about 1 month ago
CVE-2016-6582 in doorkeeper

Doorkeeper failed to implement OAuth 2.0 Token Revocation (RFC 7009) in the following ways: 1. Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked 2. Requests were not properly authenticating the *client credentials* but were, instead, looking at the access token in a second...
Read more →

Published 5 months ago
CVE-2016-6317 in rails

There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. Impact ------ Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to...
Read more →

Published 5 months ago
CVE-2016-6316 in rails

There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to an XSS attack. Impacted code looks something...
Read more →

Published 5 months ago

Vulnerabilities in the Past 12 Months

Feb 9
Mar 0
Apr 4
May 1
Jun 2
Jul 0
Aug 3
Sep 0
Oct 0
Nov 0
Dec 2
Jan 0

Vulnerabilities in the Past 6 Years

2012 22
2013 83
2014 74
2015 41
2016 27
2017 0