Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2019-15587 in loofah
Severe

In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
Read more →

Published 28 days ago
CVE-2019-17383 in netaddr
Severe

The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.
Read more →

Published about 1 month ago
CVE-2019-16676 in simple_form
Critical

Simple Form before 5.0 has Incorrect Access Control in `file_method?` in `lib/simple_form/form_builder.rb`, because a user-supplied string is invoked as a method call. This only happens for pages that build forms based on user input.
Read more →

Published about 2 months ago
CVE-2019-16145 in padrino-contrib
Severe

The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption.
Read more →

Published about 2 months ago
CVE-2019-16377 in consul
Critical

With the consul ruby gem before 1.0.3, if a controller checks multiple powers using `:if` or `:except` conditions, these conditions are erroneously applied to all power checks in that controller. This can lead to skipped power checks and hence unauthenticated access to certain controller actions.
Read more →

Published about 2 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Dec 0
Jan 0
Feb 2
Mar 11
Apr 3
May 0
Jun 2
Jul 9
Aug 3
Sep 5
Oct 4
Nov 3

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 46
2016 33
2017 35
2018 34
2019 42
2013 1