How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Latest Gem Vulnerabilities

CVE-2019-16782 in rack

There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount...
Read more →

Published about 1 month ago
CVE-2019-16779 in excon

There was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit...
Read more →

Published about 1 month ago
CVE-2019-16770 in puma

A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
Read more →

Published about 2 months ago
CVE-2019-18978 in rack-cors

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
Read more →

Published 2 months ago
CVE-2019-18848 in json-jwt

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
Read more →

Published 2 months ago

Vulnerabilities in the Past 12 Months

Feb 2
Mar 11
Apr 3
May 0
Jun 2
Jul 9
Aug 3
Sep 5
Oct 4
Nov 3
Dec 3
Jan 0

Vulnerabilities in the Past 6 Years

2015 46
2016 33
2017 35
2018 34
2019 45
2020 0