Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

OSVDB-95376 in activerecord-oracle_enhanced-adapter
Severe

Oracle "enhanced" ActiveRecord Gem for Ruby contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the program not properly sanitizing user-supplied input related to the :limit and :offset functions. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing...
Read more →

Published over 10 years ago
CVE-2008-4094 in rails
Critical

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
Read more →

Published over 10 years ago
OSVDB-95749 in activeresource
Critical

activeresource contains a format string flaw in the request function of lib/active_resource/connection.rb. The issue is triggered as format string specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input when passed via the 'result.code' and 'result.message' variables. This may allow a remote attacker to cause a denial...
Read more →

Published over 10 years ago
CVE-2007-6183 / OSVDB-40774 in gtk2
Severe

Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
Read more →

Published over 11 years ago
OSVDB-95668 in builder
Moderate

Builder Gem for Ruby contains a flaw in the handling of tag names. The issue is triggered when the program reads tag names from XML data and then calls a method with that name. With a specially crafted file, a context-dependent attacker can call private methods and manipulate data.
Read more →

Published almost 12 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Apr 1
May 3
Jun 2
Jul 2
Aug 0
Sep 0
Oct 4
Nov 3
Dec 0
Jan 0
Feb 1
Mar 3

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 45
2016 32
2017 28
2018 25
2019 4