Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

OSVDB-95668 in builder
Moderate

Builder Gem for Ruby contains a flaw in the handling of tag names. The issue is triggered when the program reads tag names from XML data and then calls a method with that name. With a specially crafted file, a context-dependent attacker can call private methods and manipulate data.
Read more →

Published about 12 years ago
CVE-2007-3227 in rails
Moderate

Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
Read more →

Published about 12 years ago
OSVDB-101157 in json
Severe

json Gem for Ruby contains an overflow condition that is triggered as user-supplied input is not properly validated when handling specially crafted data. This may allow a remote attacker to cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
Read more →

Published about 12 years ago
CVE-2007-0469 in rubygems
Critical

The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.
Read more →

Published over 12 years ago
CVE-2006-4112 in rails
Critical

Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.
Read more →

Published almost 13 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jul 3
Aug 0
Sep 0
Oct 4
Nov 3
Dec 0
Jan 0
Feb 2
Mar 3
Apr 2
May 0
Jun 1

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 45
2016 33
2017 28
2018 26
2019 8
2013 1