Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2017-1000037 in rvm
Critical

RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD...
Read more →

Published 2 months ago
CVE-2017-5029 in nokogiri
Moderate

nokogiri version 1.7.2 has been released. This is a security update based on 1.7.1, addressing two upstream libxslt 1.1.29 vulnerabilities classified as "Medium" by Canonical and given a CVSS3 score of "6.5 Medium" and "8.8 High" by RedHat. These patches only apply when using Nokogiri's vendored libxslt package. If you're using your...
Read more →

Published 5 months ago
CVE-2016-10345 in passenger
Moderate

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
Read more →

Published 5 months ago
CVE-2016-4658 in nokogiri
Critical

Nokogiri version 1.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2016-4658 CVSS v3 Base Score: 9.8 (Critical) libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial...
Read more →

Published 6 months ago
CVE-2017-5946 in rubyzip
Critical

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
Read more →

Published 7 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Oct 0
Nov 0
Dec 2
Jan 1
Feb 1
Mar 1
Apr 1
May 1
Jun 0
Jul 1
Aug 0
Sep 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2012 22
2013 84
2014 74
2015 44
2016 29
2017 6