Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2016-7798 in openssl
Severe

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
Read more →

Published 27 days ago
CVE-2016-7954 in bundler
Critical

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
Read more →

Published 2 months ago
CVE-2016-3129 in good_enterprise_mobility_server
Critical

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.
Read more →

Published 2 months ago
CVE-2016-6582 in doorkeeper
Severe

Doorkeeper failed to implement OAuth 2.0 Token Revocation (RFC 7009) in the following ways: 1. Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked 2. Requests were not properly authenticating the *client credentials* but were, instead, looking at the access token in a second...
Read more →

Published 6 months ago
CVE-2016-6317 in rails
Severe

There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. Impact ------ Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to...
Read more →

Published 7 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Mar 0
Apr 6
May 1
Jun 2
Jul 0
Aug 3
Sep 0
Oct 0
Nov 0
Dec 2
Jan 1
Feb 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2012 22
2013 83
2014 74
2015 43
2016 29
2017 1
2011 1