Facets
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
When passing an invalid check name as parameter to the endpoint where the easymon routes are mounted, a 406 response with a body that contains the invalid check name unescaped is returned. Malicious JavaScript can be injected into that invalid name and have it executed in Firefox
Read more →
There is a possible DoS vulnerability in the multipart parser in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16470. Versions Affected: 2.0.4, 2.0.5 Not affected: <= 2.0.3 Fixed Versions: 2.0.6 Impact ------ There is a possible DoS vulnerability in the multipart parser in Rack. Carefully crafted...
Read more →
There is a possible vulnerability in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16471. Versions Affected: All. Not affected: None. Fixed Versions: 2.0.6, 1.6.11 Impact ------ There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the `scheme`...
Read more →
In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
Read more →
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. ActiveRecord does not explicitly escape the Binary data type (Type::Binary::Data) for mysql. mysql-binuuid-rails uses a data type that is derived from the base Binary type, except, it doesn’t convert the value...
Read more →
| Vulnerabilities | |
|---|---|
| Jan | 3 |
| Feb | 4 |
| Mar | 3 |
| Apr | 1 |
| May | 3 |
| Jun | 2 |
| Jul | 2 |
| Aug | 0 |
| Sep | 0 |
| Oct | 4 |
| Nov | 3 |
| Dec | 0 |
| Vulnerabilities | |
|---|---|
| 2013 | 84 |
| 2014 | 75 |
| 2015 | 45 |
| 2016 | 32 |
| 2017 | 28 |
| 2018 | 25 |