Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2019-1010191 in marginalia
Critical

The 'marginalia' gem is affected by a SQL Injection vulnerability. All SQL queries are affected when a user controller argument is added as a component. This affects users that add a component that is user controller, for instance a parameter or a header. The issue is resolved in version 1.6.
Read more →

Published about 2 months ago
CVE-2019-13589 in paranoid2
Critical

The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5.
Read more →

Published 2 months ago
CVE-2019-13574 in mini_magick
Critical

A remote shell execution vulnerability when using MiniMagick::Image.open with URL coming from unsanitized user input. e.g. `MiniMagick::Image.open("| touch.txt")`
Read more →

Published 2 months ago
CVE-2019-13354 in strong_password
Critical

The `strong_password` gem on RubyGems.org was hijacked by a malicious actor. The malicious actor published v0.0.7 containing malicious code that enables an attacker to execute remote code in production. Downgrade `strong_password` to v0.0.6 to ensure no malicious code execution is possible.
Read more →

Published 3 months ago
CVE-2019-1020001 in yard
Critical

A path traversal vulnerability was discovered in YARD <= 0.9.19 when using `yard server` to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The issue is resolved in v0.9.20 and later.
Read more →

Published 3 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Oct 5
Nov 3
Dec 0
Jan 0
Feb 2
Mar 11
Apr 3
May 0
Jun 1
Jul 8
Aug 2
Sep 1

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 46
2016 33
2017 33
2018 34
2019 28
2013 1