How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Latest Gem Vulnerabilities

CVE-2020-24392 in twitter-stream

In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
Read more →

Published 16 days ago
CVE-2021-28834 in kramdown

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
Read more →

Published 16 days ago
CVE-2019-25025 in activerecord-session_store

The `activerecord-session_store` (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of...
Read more →

Published about 1 month ago
CVE-2021-22881 in actionpack

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22881. Versions Affected: >= 6.0.0 Not affected: < 6.0.0 Fixed Versions:, Impact ------ Specially crafted "Host" headers in combination with...
Read more →

Published 2 months ago
CVE-2021-22880 in activerecord

There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability has been assigned the CVE identifier CVE-2021-22880. Versions Affected: >= 4.2.0 Not affected: < 4.2.0 Fixed Versions:,, Impact ------ Carefully crafted input can cause the input validation in the...
Read more →

Published 2 months ago

Vulnerabilities in the Past 12 Months

May 13
Jun 5
Jul 2
Aug 4
Sep 3
Oct 4
Nov 3
Dec 2
Jan 1
Feb 5
Mar 3
Apr 0

Vulnerabilities in the Past 6 Years

2016 34
2017 35
2018 36
2019 47
2020 50
2021 9