Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Browse

Latest Gem Vulnerabilities

CVE-2018-3741 in rails-html-sanitizer
Critical

There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah.
Read more →

Published about 1 month ago
CVE-2018-3740 in sanitize
Severe

When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. This can allow HTML and JavaScript injection, which could result in XSS if Sanitize's output is served to...
Read more →

Published about 1 month ago
CVE-2018-8048 in loofah
Severe

Loofah allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments when running on MRI or RBX in combination with libxml2 >= 2.9.2. JRuby users are not affected. This issue has been created for public disclosure of an XSS / code injection vulnerability that was responsibly reported by...
Read more →

Published about 1 month ago
CVE-2017-11428 in ruby-saml
Severe

ruby-saml prior to version 1.7.0 is vulnerable to an authentication bypass via incorrect XML canonicalization and DOM traversal. Specifically, there are inconsistencies in handling of comments within XML nodes, resulting in incorrect parsing of the inner text of XML nodes such that any inner text after the comment is lost prior...
Read more →

Published about 2 months ago
CVE-2017-16229 in ox
Moderate

In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.
Read more →

Published about 2 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
May 2
Jun 0
Jul 1
Aug 0
Sep 3
Oct 1
Nov 5
Dec 6
Jan 3
Feb 4
Mar 3
Apr 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2013 84
2014 74
2015 44
2016 29
2017 24
2018 10