Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2012-1098 / OSVDB-79726 in rails
Moderate

Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because athe application does not validate direct manipulations of SafeBuffer objects via '[]' and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within...
Read more →

Published over 7 years ago
CVE-2012-6684 / OSVDB-115941 in RedCloth
Moderate

RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when parsing textile links before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser...
Read more →

Published over 7 years ago
CVE-2012-6135 / OSVDB-90738 in passenger
Moderate

Phusion Passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable.
Read more →

Published over 7 years ago
CVE-2011-5036 / OSVDB-78121 in rack
Severe

Rack contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
Read more →

Published almost 8 years ago
CVE-2011-4319 / OSVDB-77199 in rails
Moderate

A cross-site scripting (XSS) flaw was found in the way the 'translate' helper method of the Ruby on Rails performed HTML escaping of interpolated user input, when interpolation in combination with HTML-safe translations were used. A remote attacker could use this flaw to execute arbitrary HTML or web script by providing a specially-crafted input...
Read more →

Published almost 8 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Nov 3
Dec 0
Jan 0
Feb 2
Mar 11
Apr 3
May 0
Jun 1
Jul 8
Aug 2
Sep 4
Oct 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 46
2016 33
2017 33
2018 34
2019 31