Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2019-18841 in chartkick
Moderate

A specially crafted response in data loaded via URL can cause prototype pollution in JavaScript.
Read more →

Published 2 months ago
CVE-2019-13117 in nokogiri
Moderate

Nokogiri v1.10.5 has been released. This is a security release. It addresses three CVEs in upstream libxml2, for which details are below. If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to upgrade at this time, though you may want to check with your distro whether...
Read more →

Published 3 months ago
CVE-2019-18409 in brakeman
Moderate

The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb file.
Read more →

Published 3 months ago
CVE-2019-15587 in loofah
Severe

In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
Read more →

Published 3 months ago
CVE-2019-17383 in netaddr
Severe

The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.
Read more →

Published 3 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Feb 2
Mar 11
Apr 3
May 0
Jun 2
Jul 9
Aug 3
Sep 5
Oct 4
Nov 3
Dec 3
Jan 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 33
2017 35
2018 34
2019 45
2020 0