Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2021-23435 in clearance
Moderate

This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).
Read more →

Published 10 days ago
CVE-2021-39197 in better_errors
Moderate

### Impact better_errors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with better_errors enabled open to cross-origin...
Read more →

Published 16 days ago
CVE-2021-22942 in actionpack
Severe

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: >= 6.0.0. Not affected: < 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 Impact ------ Specially crafted “X-Forwarded-Host” headers in combination...
Read more →

Published about 1 month ago
CVE-2021-28833 in qiita-markdown
Moderate

Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796.
Read more →

Published about 2 months ago
CVE-2021-28796 in qiita-markdown
Moderate

Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.
Read more →

Published about 2 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Oct 4
Nov 3
Dec 2
Jan 1
Feb 5
Mar 3
Apr 7
May 11
Jun 2
Jul 2
Aug 3
Sep 2

Vulnerabilities in the Past 6 Years

Vulnerabilities
2016 34
2017 35
2018 37
2019 47
2020 52
2021 36