How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Latest Gem Vulnerabilities

OSVDB-114600 in curb

curb Gem for Ruby contains a flaw that is triggered when handling an empty http_put body. This may allow a remote attacker to crash an application linked against the library.
Read more →

Published about 9 years ago
OSVDB-62067 in bcrypt-ruby

bcrypt-ruby Gem for Ruby suffered from a bug related to character encoding that substantially reduced the entropy of hashed passwords containing non US-ASCII characters. An incorrect encoding step transparently replaced such characters by '?' prior to hashing. In the worst case of a password consisting solely of non-US-ASCII...
Read more →

Published over 9 years ago
CVE-2008-7248 in rails

Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
Read more →

Published almost 10 years ago
CVE-2009-4214 in rails

Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.
Read more →

Published almost 10 years ago
CVE-2009-4123 in jruby-openssl

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL...
Read more →

Published almost 10 years ago

Vulnerabilities in the Past 12 Months

Nov 3
Dec 0
Jan 0
Feb 2
Mar 11
Apr 3
May 0
Jun 1
Jul 8
Aug 2
Sep 4
Oct 0

Vulnerabilities in the Past 6 Years

2014 75
2015 46
2016 33
2017 33
2018 34
2019 31