Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2019-9837 in doorkeeper-openid_connect
Severe

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.
Read more →

Published 4 months ago
CVE-2019-5420 in railties
Critical

There is a possible a possible remote code executing exploit in Rails when in development mode. This vulnerability has been assigned the CVE identifier CVE-2019-5420. Versions Affected: 6.0.0.X, 5.2.X. Not affected: None. Fixed Versions: 6.0.0.beta3, 5.2.2.1 Impact ------ With some knowledge of a target application it is...
Read more →

Published 4 months ago
CVE-2019-5419 in actionview
Severe

There is a potential denial of service vulnerability in actionview. This vulnerability has been assigned the CVE identifier CVE-2019-5419. Impact ------ Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process requests. This impacts all Rails applications...
Read more →

Published 4 months ago
CVE-2019-5418 in actionview
Critical

There is a possible file content disclosure vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2019-5418. Versions Affected: All. Not affected: None. Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 Impact ------ There is a possible file content disclosure vulnerability...
Read more →

Published 4 months ago
CVE-2018-6517 in chloride
Moderate

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.
Read more →

Published 4 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Aug 0
Sep 2
Oct 5
Nov 3
Dec 0
Jan 0
Feb 2
Mar 11
Apr 2
May 0
Jun 1
Jul 2

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 46
2016 33
2017 33
2018 34
2019 18