Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2021-21288 in carrierwave
Moderate

### Impact [CarrierWave download feature](https://github.com/carrierwaveuploader/carrierwave#uploading-files-from-a-remote-location has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. ###...
Read more →

Published 2 months ago
CVE-2021-21305 in carrierwave
Severe

### Impact [CarrierWave::RMagick](https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/processing/rmagick.rb) has a Code Injection vulnerability. Its `#manipulate!` method inappropriately evals the content of mutation option(`:read`/`:write`), allowing attackers to craft a string that can be executed as a Ruby...
Read more →

Published 2 months ago
CVE-2021-21289 in mechanize
Critical

## Impact Mechanize `>= v2.0`, `< v2.7.7` allows for OS commands to be injected using several classes' methods which implicitly use Ruby's `Kernel.open` method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: * Mechanize::CookieJar#load: since v2.0 (see 208e3ed) *...
Read more →

Published 2 months ago
CVE-2020-26298 in redcarpet
Severe

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used.
Read more →

Published 3 months ago
CVE-2020-26247 in nokogiri
Severe

### Description In Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by `Nokogiri::XML::Schema` are **trusted** by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all...
Read more →

Published 4 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
May 13
Jun 5
Jul 2
Aug 4
Sep 3
Oct 4
Nov 3
Dec 2
Jan 1
Feb 5
Mar 3
Apr 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2016 34
2017 35
2018 36
2019 47
2020 50
2021 9