How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used.
Read more →
### Description In Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by `Nokogiri::XML::Schema` are **trusted** by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all...
Read more →
### Impact This vulnerability impacts applications using the [omniauth-apple](https://github.com/nhosoya/omniauth-apple) strategy of OmniAuth and using the `info.email` field of OmniAuth's [Auth Hash Schema](https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema) for any kind of identification. The value of this field may be set to any...
Read more →
### Impact Remote code execution vulnerability in `dependabot-common` and `dependabot-go_modules` when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: `"/$({curl,127.0.0.1})"`, Dependabot will make a HTTP request to the following URL:...
Read more →
### Impact The perpetrator could query the [API v2 Order Status] (https://guides.spreecommerce.org/api/v2/storefront#tag/Order-Status) endpoint with an empty string passed as an Order token ### Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree < 3.7 are not affected.
Read more →
Vulnerabilities | |
---|---|
Feb | 3 |
Mar | 6 |
Apr | 2 |
May | 13 |
Jun | 5 |
Jul | 2 |
Aug | 4 |
Sep | 3 |
Oct | 4 |
Nov | 3 |
Dec | 2 |
Jan | 1 |
Vulnerabilities | |
---|---|
2016 | 34 |
2017 | 35 |
2018 | 36 |
2019 | 47 |
2020 | 50 |
2021 | 1 |