Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2019-16676 in simple_form
Critical

Simple Form before 5.0 has Incorrect Access Control in `file_method?` in `lib/simple_form/form_builder.rb`, because a user-supplied string is invoked as a method call. This only happens for pages that build forms based on user input.
Read more →

Published 24 days ago
CVE-2019-16377 in consul
Critical

With the consul ruby gem before 1.0.3, if a controller checks multiple powers using `:if` or `:except` conditions, these conditions are erroneously applied to all power checks in that controller. This can lead to skipped power checks and hence unauthenticated access to certain controller actions.
Read more →

Published 28 days ago
CVE-2019-16892 in rubyzip
Moderate

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
Read more →

Published about 1 month ago
CVE-2019-16109 in devise
Moderate

Devise before 4.7.1 confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. However, there is no scenario within Devise itself in which such database records would exist.
Read more →

Published about 1 month ago
CVE-2019-15224 in rest-client
Critical

The rest-client gem 1.6.10, 1.6.11, 1.6.12, and 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
Read more →

Published 2 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Nov 3
Dec 0
Jan 0
Feb 2
Mar 11
Apr 3
May 0
Jun 1
Jul 8
Aug 2
Sep 4
Oct 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 46
2016 33
2017 33
2018 34
2019 31