Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2008-5189 in rails
Severe

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
Read more →

Published almost 11 years ago
OSVDB-95376 in activerecord-oracle_enhanced-adapter
Severe

Oracle "enhanced" ActiveRecord Gem for Ruby contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the program not properly sanitizing user-supplied input related to the :limit and :offset functions. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing...
Read more →

Published about 11 years ago
CVE-2008-4094 in rails
Critical

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
Read more →

Published about 11 years ago
OSVDB-95749 in activeresource
Critical

activeresource contains a format string flaw in the request function of lib/active_resource/connection.rb. The issue is triggered as format string specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input when passed via the 'result.code' and 'result.message' variables. This may allow a remote attacker to cause a denial...
Read more →

Published over 11 years ago
CVE-2007-6183 / OSVDB-40774 in gtk2
Severe

Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
Read more →

Published almost 12 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Dec 0
Jan 0
Feb 2
Mar 11
Apr 3
May 0
Jun 2
Jul 9
Aug 3
Sep 5
Oct 4
Nov 3

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 46
2016 33
2017 35
2018 34
2019 42
2013 1