Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2019-8331 in bootstrap-sass
Moderate

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Read more →

Published 3 months ago
CVE-2019-5421 in devise
Moderate

Devise ruby gem before 4.6.0 when the `lockable` module is used is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to `increment_failed_attempts` within the `Devise::Models::Lockable` class not being concurrency safe.
Read more →

Published 4 months ago
CVE-2018-1000855 in easymon
Severe

When passing an invalid check name as parameter to the endpoint where the easymon routes are mounted, a 406 response with a body that contains the invalid check name unescaped is returned. Malicious JavaScript can be injected into that invalid name and have it executed in Firefox
Read more →

Published 7 months ago
CVE-2018-16471 in rack
Severe

There is a possible vulnerability in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16471. Versions Affected: All. Not affected: None. Fixed Versions: 2.0.6, 1.6.11 Impact ------ There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the `scheme`...
Read more →

Published 7 months ago
CVE-2018-16470 in rack
Severe

There is a possible DoS vulnerability in the multipart parser in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16470. Versions Affected: 2.0.4, 2.0.5 Not affected: <= 2.0.3 Fixed Versions: 2.0.6 Impact ------ There is a possible DoS vulnerability in the multipart parser in Rack. Carefully crafted...
Read more →

Published 7 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jun 2
Jul 3
Aug 0
Sep 0
Oct 4
Nov 3
Dec 0
Jan 0
Feb 2
Mar 3
Apr 2
May 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 45
2016 33
2017 28
2018 26
2019 7