Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2014-10075 in karo
Critical

The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.
Read more →

Published 3 months ago
CVE-2018-14404 in nokogiri
Severe

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to...
Read more →

Published 4 months ago
CVE-2018-3777 in restforce
Moderate

A flaw in how restforce constructs URL's may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods. Vulnerable code might look...
Read more →

Published 6 months ago
CVE-2018-1000211 in doorkeeper
Moderate

Any OAuth application that uses public/non-confidential authentication when interacting with Doorkeeper is unable to revoke its tokens when calling the revocation endpoint. A bug in the token revocation API would cause it to attempt to authenticate the public OAuth client as if it was a confidential app. Because of this, the token is...
Read more →

Published 6 months ago
CVE-2018-1000544 in rubyzip
Critical

rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. If a site allows uploading of .zip files, an attacker can upload a malicious file which contains symlinks or files with absolute pathnames "../" to write arbitrary files to the...
Read more →

Published 7 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Feb 4
Mar 3
Apr 1
May 3
Jun 2
Jul 2
Aug 0
Sep 0
Oct 4
Nov 3
Dec 0
Jan 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 45
2016 32
2017 28
2018 25
2019 0