Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2021-29509 in puma
Moderate

### Impact The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating...
Read more →

Published about 1 month ago
CVE-2021-22903 in actionpack
Severe

There is a possible Open Redirect Vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22903. Versions Affected: >= v6.1.0.rc2 Not affected: < v6.1.0.rc2 Fixed Versions: 6.1.3.2 Impact ------ This is similar to CVE-2021-22881: Specially crafted Host headers in combination with...
Read more →

Published about 2 months ago
CVE-2021-22885 in actionpack
Severe

There is a possible information disclosure / unintended method execution vulnerability in Action Pack which has been assigned the CVE identifier CVE-2021-22885. Versions Affected: >= 2.0.0. Not affected: < 2.0.0. Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ There is a possible information disclosure /...
Read more →

Published about 2 months ago
CVE-2021-22902 in actionpack
Severe

There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2021-22902. Versions Affected: >= 6.0.0 Not affected: < 6.0.0 Fixed Versions: 6.0.3.7, 6.1.3.2 Impact ------ There is a possible Denial of Service vulnerability in...
Read more →

Published about 2 months ago
CVE-2021-22904 in actionpack
Severe

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2021-22904. Versions Affected: >= 4.0.0 Not affected: < 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses...
Read more →

Published about 2 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jul 2
Aug 4
Sep 4
Oct 4
Nov 3
Dec 2
Jan 1
Feb 5
Mar 3
Apr 7
May 10
Jun 1

Vulnerabilities in the Past 6 Years

Vulnerabilities
2016 34
2017 35
2018 37
2019 47
2020 51
2021 27