Facets
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
Read more →
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
Read more →
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
Read more →
A specially crafted response in data loaded via URL can cause prototype pollution in JavaScript.
Read more →
Nokogiri v1.10.5 has been released. This is a security release. It addresses three CVEs in upstream libxml2, for which details are below. If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to upgrade at this time, though you may want to check with your distro whether...
Read more →
| Vulnerabilities | |
|---|---|
| Jan | 0 |
| Feb | 2 |
| Mar | 11 |
| Apr | 3 |
| May | 0 |
| Jun | 2 |
| Jul | 9 |
| Aug | 3 |
| Sep | 5 |
| Oct | 4 |
| Nov | 3 |
| Dec | 1 |
| Vulnerabilities | |
|---|---|
| 2014 | 75 |
| 2015 | 46 |
| 2016 | 33 |
| 2017 | 35 |
| 2018 | 34 |
| 2019 | 43 |