Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2011-0995 in rubygem-sqlite3
Moderate

The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
Read more →

Published over 8 years ago
OSVDB-73751 in spree
Severe

Spree Gem for Ruby would allow a user to request a specially crafted URL and expose arbitrary files on the server
Read more →

Published over 8 years ago
CVE-2011-0449 in rails
Critical

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic...
Read more →

Published over 8 years ago
CVE-2011-0448 in rails
Critical

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
Read more →

Published over 8 years ago
CVE-2011-0447 in rails
Severe

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and...
Read more →

Published over 8 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Sep 2
Oct 5
Nov 3
Dec 0
Jan 0
Feb 2
Mar 11
Apr 2
May 0
Jun 1
Jul 3
Aug 2

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 46
2016 33
2017 33
2018 34
2019 21