Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2019-12732 in chartkick
Severe

Chartkick is vulnerable to a cross-site scripting (XSS) attack if both the following conditions are met: Condition 1: It's used with `ActiveSupport.escape_html_entities_in_json = false` (this is not the default for Rails) OR used with a non-Rails framework like Sinatra. Condition 2: Untrusted data or options are passed to a...
Read more →

Published 12 days ago
CVE-2019-11068 in nokogiri
Severe

Nokogiri v1.10.3 has been released. This is a security release. It addresses a CVE in upstream libxslt rated as "Priority: medium" by Canonical, and "NVD Severity: high" by Debian. More details are available below. If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to...
Read more →

Published about 2 months ago
CVE-2019-10842 in bootstrap-sass
Critical

Arbitrary code execution (via backdoor code, when downloaded from rubygems.org) was discovered in bootstrap-sass 3.2.0.3. Users are advised to upgrade immediately to 3.2.0.4 An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute...
Read more →

Published 2 months ago
CVE-2019-5420 in railties
Critical

There is a possible a possible remote code executing exploit in Rails when in development mode. This vulnerability has been assigned the CVE identifier CVE-2019-5420. Versions Affected: 6.0.0.X, 5.2.X. Not affected: None. Fixed Versions: 6.0.0.beta3, 5.2.2.1 Impact ------ With some knowledge of a target application it is...
Read more →

Published 3 months ago
CVE-2019-5419 in actionview
Severe

There is a potential denial of service vulnerability in actionview. This vulnerability has been assigned the CVE identifier CVE-2019-5419. Impact ------ Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process requests. This impacts all Rails applications...
Read more →

Published 3 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jul 3
Aug 0
Sep 0
Oct 4
Nov 3
Dec 0
Jan 0
Feb 2
Mar 3
Apr 2
May 0
Jun 1

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 45
2016 33
2017 28
2018 26
2019 8
2013 1