How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Latest Gem Vulnerabilities

CVE-2021-32740 in addressable

Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has...
Read more →

Published 2 months ago
CVE-2021-35514 in narou

Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.
Read more →

Published 3 months ago
CVE-2021-20259 in foreman_fog_proxmox

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions before foreman_fog_proxmox 0.13.1 are affected
Read more →

Published 3 months ago
CVE-2021-33564 in dragonfly

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
Read more →

Published 4 months ago
CVE-2020-13482 in em-http-request

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
Read more →

Published 4 months ago

Vulnerabilities in the Past 12 Months

Oct 4
Nov 3
Dec 2
Jan 1
Feb 5
Mar 3
Apr 7
May 11
Jun 2
Jul 2
Aug 3
Sep 2

Vulnerabilities in the Past 6 Years

2016 34
2017 35
2018 37
2019 47
2020 52
2021 36