Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Browse

Latest Gem Vulnerabilities

CVE-2021-22885 in actionpack
Severe

There is a possible information disclosure / unintended method execution vulnerability in Action Pack which has been assigned the CVE identifier CVE-2021-22885. Versions Affected: >= 2.0.0. Not affected: < 2.0.0. Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ There is a possible information disclosure /...
Read more →

Published 13 days ago
CVE-2021-22902 in actionpack
Severe

There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2021-22902. Versions Affected: >= 6.0.0 Not affected: < 6.0.0 Fixed Versions: 6.0.3.7, 6.1.3.2 Impact ------ There is a possible Denial of Service vulnerability in...
Read more →

Published 13 days ago
CVE-2021-22904 in actionpack
Severe

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2021-22904. Versions Affected: >= 4.0.0 Not affected: < 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses...
Read more →

Published 13 days ago
CVE-2021-22903 in actionpack
Severe

There is a possible Open Redirect Vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22903. Versions Affected: >= v6.1.0.rc2 Not affected: < v6.1.0.rc2 Fixed Versions: 6.1.3.2 Impact ------ This is similar to CVE-2021-22881: Specially crafted Host headers in combination with...
Read more →

Published 13 days ago
CVE-2021-31799 in rdoc
Critical

RDoc used to call `Kernel#open` to open a local file. If a Ruby project has a file whose name starts with `|` and ends with `tags`, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run `rdoc` command.
Read more →

Published 16 days ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jun 5
Jul 2
Aug 4
Sep 3
Oct 4
Nov 3
Dec 2
Jan 1
Feb 5
Mar 3
Apr 7
May 5

Vulnerabilities in the Past 6 Years

Vulnerabilities
2016 34
2017 35
2018 37
2019 47
2020 50
2021 21