How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Latest Gem Vulnerabilities

CVE-2016-4658 in nokogiri

Nokogiri version 1.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2016-4658 CVSS v3 Base Score: 9.8 (Critical) libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial...
Read more →

Published 3 months ago
CVE-2017-5946 in rubyzip

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
Read more →

Published 3 months ago
CVE-2016-7798 in openssl

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
Read more →

Published 4 months ago
CVE-2016-7954 in bundler

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
Read more →

Published 5 months ago
CVE-2016-3129 in good_enterprise_mobility_server

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions to allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.
Read more →

Published 5 months ago

Vulnerabilities in the Past 12 Months

Jun 2
Jul 0
Aug 3
Sep 0
Oct 0
Nov 0
Dec 2
Jan 1
Feb 1
Mar 1
Apr 0
May 0

Vulnerabilities in the Past 6 Years

2012 22
2013 84
2014 74
2015 43
2016 29
2017 3