Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2017-5029 in nokogiri
Moderate

nokogiri version 1.7.2 has been released. This is a security update based on 1.7.1, addressing two upstream libxslt 1.1.29 vulnerabilities classified as "Medium" by Canonical and given a CVSS3 score of "6.5 Medium" and "8.8 High" by RedHat. These patches only apply when using Nokogiri's vendored libxslt package. If you're using your...
Read more →

Published 2 months ago
CVE-2016-10345 in passenger
Moderate

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
Read more →

Published 3 months ago
CVE-2016-4658 in nokogiri
Critical

Nokogiri version 1.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2016-4658 CVSS v3 Base Score: 9.8 (Critical) libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial...
Read more →

Published 4 months ago
CVE-2017-5946 in rubyzip
Critical

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
Read more →

Published 5 months ago
CVE-2016-7798 in openssl
Severe

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
Read more →

Published 6 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Aug 3
Sep 0
Oct 0
Nov 0
Dec 2
Jan 1
Feb 1
Mar 1
Apr 1
May 1
Jun 0
Jul 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2012 22
2013 84
2014 74
2015 44
2016 29
2017 5