Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2017-15412 in nokogiri
Moderate

The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.6. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.
Read more →

Published 21 days ago
CVE-2017-16932 in nokogiri
Moderate

The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.5. Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a...
Read more →

Published 21 days ago
CVE-2017-12098 in rails_admin
Moderate

An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this...
Read more →

Published about 1 month ago
CVE-2017-17920 in rails
Severe

** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
Read more →

Published about 2 months ago
CVE-2017-17919 in rails
Severe

** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
Read more →

Published about 2 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Mar 1
Apr 2
May 2
Jun 0
Jul 1
Aug 0
Sep 3
Oct 1
Nov 5
Dec 6
Jan 3
Feb 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2013 84
2014 74
2015 44
2016 29
2017 24
2018 3