Facets
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
Read more →
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
Read more →
The `activerecord-session_store` (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of...
Read more →
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22881. Versions Affected: >= 6.0.0 Not affected: < 6.0.0 Fixed Versions: 6.1.2.1, 6.0.3.5 Impact ------ Specially crafted "Host" headers in combination with...
Read more →
There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability has been assigned the CVE identifier CVE-2021-22880. Versions Affected: >= 4.2.0 Not affected: < 4.2.0 Fixed Versions: 6.1.2.1, 6.0.3.5, 5.2.4.5 Impact ------ Carefully crafted input can cause the input validation in the...
Read more →
| Vulnerabilities | |
|---|---|
| May | 13 |
| Jun | 5 |
| Jul | 2 |
| Aug | 4 |
| Sep | 3 |
| Oct | 4 |
| Nov | 3 |
| Dec | 2 |
| Jan | 1 |
| Feb | 5 |
| Mar | 3 |
| Apr | 0 |
| Vulnerabilities | |
|---|---|
| 2016 | 34 |
| 2017 | 35 |
| 2018 | 36 |
| 2019 | 47 |
| 2020 | 50 |
| 2021 | 9 |