Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2018-16471 in rack
Severe

There is a possible vulnerability in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16471. Versions Affected: All. Not affected: None. Fixed Versions: 2.0.6, 1.6.11 Impact ------ There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the `scheme`...
Read more →

Published 5 months ago
CVE-2018-16470 in rack
Severe

There is a possible DoS vulnerability in the multipart parser in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16470. Versions Affected: 2.0.4, 2.0.5 Not affected: <= 2.0.3 Fixed Versions: 2.0.6 Impact ------ There is a possible DoS vulnerability in the multipart parser in Rack. Carefully crafted...
Read more →

Published 5 months ago
CVE-2018-16468 in loofah
Moderate

In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
Read more →

Published 5 months ago
CVE-2018-18476 in mysql-binuuid-rails
Severe

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. ActiveRecord does not explicitly escape the Binary data type (Type::Binary::Data) for mysql. mysql-binuuid-rails uses a data type that is derived from the base Binary type, except, it doesn’t convert the value...
Read more →

Published 5 months ago
CVE-2014-10075 in karo
Critical

The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.
Read more →

Published 6 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Apr 1
May 3
Jun 2
Jul 2
Aug 0
Sep 0
Oct 4
Nov 3
Dec 0
Jan 0
Feb 1
Mar 3

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 45
2016 32
2017 28
2018 25
2019 4