Facets

How secure are your Ruby projects? Scan
Gemfile.lock for vulnerabilities, take action, and ship
secure apps!



Latest Gem Vulnerabilities

CVE-2014-2538 in rack-ssl
Critical

Some adapters (i.e. jruby-rack) will pass through bad URIs, then display the resulting exception. This creates an attack vector for XSS attacks.

Published about 1 month ago
CVE-2014-0082 in rails
Severe

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows...
Read more →

Published about 2 months ago
CVE-2014-0081 in rails
Moderate

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow...
Read more →

Published about 2 months ago
CVE-2014-0080 in rails
Critical

Data Injection Vulnerability in Active Record There is a data injection vulnerability in Active Record. Specially crafted strings can be used to save data in PostgreSQL array columns that may...
Read more →

Published 2 months ago
CVE-2013-2119 in passenger
Moderate

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary...
Read more →

Published 4 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
May 0
Jun 1
Jul 0
Aug 1
Sep 1
Oct 3
Nov 2
Dec 6
Jan 1
Feb 3
Mar 1
Apr 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2009 4
2010 2
2011 15
2012 15
2013 50
2014 5