Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2012-6685 / OSVDB-90946 in nokogiri
Severe

libxml2 contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is triggered when handling the expansion of XML external entities (XXE), which can be used to trigger URL's on an internal network and allow a remote attacker to gain access to their responses.
Read more →

Published almost 8 years ago
CVE-2008-7311 / OSVDB-81506 in spree
Severe

Spree contains a hardcoded flaw related to the config.action_controller_session hash value. This may allow an attacker to more easily bypass cryptographic protection.
Read more →

Published about 8 years ago
CVE-2008-7310 / OSVDB-81505 in spree
Severe

Spree contains a hash restriction weakness that occurs when parsing a modified URL. This may allow an attacker to manipulate order state values.
Read more →

Published about 8 years ago
CVE-2012-1099 / OSVDB-79727 in rails
Moderate

Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate manually generated 'select tag options' upon submission to actionpack/lib/action_view/helpers/form_options_helper.rb. This may allow a user to create a specially crafted request that would execute...
Read more →

Published about 8 years ago
CVE-2012-1098 / OSVDB-79726 in rails
Moderate

Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because athe application does not validate direct manipulations of SafeBuffer objects via '[]' and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within...
Read more →

Published about 8 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jun 2
Jul 9
Aug 4
Sep 5
Oct 4
Nov 3
Dec 3
Jan 2
Feb 3
Mar 5
Apr 2
May 13

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 34
2017 35
2018 34
2019 47
2020 25