Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2011-5036 / OSVDB-78121 in rack
Severe

Rack contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
Read more →

Published over 7 years ago
CVE-2011-4319 / OSVDB-77199 in rails
Moderate

A cross-site scripting (XSS) flaw was found in the way the 'translate' helper method of the Ruby on Rails performed HTML escaping of interpolated user input, when interpolation in combination with HTML-safe translations were used. A remote attacker could use this flaw to execute arbitrary HTML or web script by providing a specially-crafted input...
Read more →

Published over 7 years ago
OSVDB-76011 in spree
Severe

The ProductScope class fails to properly sanitize user-supplied input via the 'search[send][]' parameter resulting in arbitrary command execution. With a specially crafted request, a remote attacker can potentially cause arbitrary command execution.
Read more →

Published almost 8 years ago
OSVDB-115917 in bundler
Moderate

Bundler Gem for Ruby contains a flaw that is due to the program listing credential information in plaintext in the install command process listing. This may allow a local attacker to gain access to credential information.
Read more →

Published almost 8 years ago
OSVDB-97854 in dragonfly
Critical

Dragonfly Gem for Ruby contains a flaw that is due to the program failing to properly escape a shell that contains injected characters. This may allow a context-dependent attacker to potentially execute arbitrary commands.
Read more →

Published almost 8 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Aug 0
Sep 2
Oct 5
Nov 3
Dec 0
Jan 0
Feb 2
Mar 11
Apr 2
May 0
Jun 1
Jul 2

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 46
2016 33
2017 33
2018 34
2019 18