Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

We are sunsetting Hakiri on January 31 2022. To learn more please refer to this document.


Latest Gem Vulnerabilities

OSVDB-101157 in json
Severe

json Gem for Ruby contains an overflow condition that is triggered as user-supplied input is not properly validated when handling specially crafted data. This may allow a remote attacker to cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
Read more →

Published over 14 years ago
CVE-2007-0469 / OSVDB-33561 in rubygems
Critical

The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.
Read more →

Published almost 15 years ago
CVE-2006-4112 in rails
Critical

Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.
Read more →

Published over 15 years ago
CVE-2006-4111 in rails
Critical

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.
Read more →

Published over 15 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Feb 5
Mar 3
Apr 7
May 11
Jun 2
Jul 2
Aug 3
Sep 3
Oct 3
Nov 8
Dec 7
Jan 2

Vulnerabilities in the Past 6 Years

Vulnerabilities
2017 35
2018 37
2019 47
2020 52
2021 55
2022 2