Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2016-5697 in ruby-saml
Severe

ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements (but past the scheme validator process since 1 of the element was inside the encrypted assertion). ruby-saml users must update to 1.3.0, which implements 3 extra...
Read more →

Published about 1 month ago
CVE-2015-8806 in nokogiri
Severe

Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks. For more...
Read more →

Published about 2 months ago
CVE-2016-3693 in safemode
Severe

Safemode is initialised with an optional 'delegate' object. If the delegated object is a Rails controller, 'inspect' could be called which then exposes all informations about the App, including routes, secret tokens, caches and so on.
Read more →

Published 3 months ago
CVE-2016-2098 in rails
Critical

There is a possible remote code execution vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2016-2098. Impact ------ Applications that pass unverified user input to the `render` method in a controller or a view may be vulnerable to a code injection. Impacted code will look like...
Read more →

Published 4 months ago
CVE-2016-2097 in rails
Severe

There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x, 4.1.x Not affected: 4.2+ Fixed...
Read more →

Published 4 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Aug 0
Sep 2
Oct 1
Nov 1
Dec 3
Jan 6
Feb 9
Mar 0
Apr 4
May 0
Jun 2
Jul 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2011 20
2012 22
2013 83
2014 74
2015 41
2016 21