Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

OSVDB-95749 in activeresource
Critical

activeresource contains a format string flaw in the request function of lib/active_resource/connection.rb. The issue is triggered as format string specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input when passed via the 'result.code' and 'result.message' variables. This may allow a remote attacker to cause a denial...
Read more →

Published over 13 years ago
CVE-2007-6183 / OSVDB-40774 in gtk2
Severe

Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
Read more →

Published about 14 years ago
OSVDB-95668 in builder
Moderate

Builder Gem for Ruby contains a flaw in the handling of tag names. The issue is triggered when the program reads tag names from XML data and then calls a method with that name. With a specially crafted file, a context-dependent attacker can call private methods and manipulate data.
Read more →

Published over 14 years ago
CVE-2007-3227 in rails
Moderate

Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
Read more →

Published over 14 years ago
OSVDB-101157 in json
Severe

json Gem for Ruby contains an overflow condition that is triggered as user-supplied input is not properly validated when handling specially crafted data. This may allow a remote attacker to cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
Read more →

Published over 14 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jan 1
Feb 5
Mar 3
Apr 7
May 11
Jun 2
Jul 2
Aug 3
Sep 3
Oct 3
Nov 8
Dec 3

Vulnerabilities in the Past 6 Years

Vulnerabilities
2016 34
2017 35
2018 37
2019 47
2020 52
2021 51