Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2012-6684 / OSVDB-115941 in RedCloth
Moderate

RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when parsing textile links before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser...
Read more →

Published over 8 years ago
CVE-2012-6135 / OSVDB-90738 in passenger
Moderate

Phusion Passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable.
Read more →

Published over 8 years ago
CVE-2011-5036 / OSVDB-78121 in rack
Severe

Rack contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
Read more →

Published over 8 years ago
CVE-2011-4319 / OSVDB-77199 in rails
Moderate

A cross-site scripting (XSS) flaw was found in the way the 'translate' helper method of the Ruby on Rails performed HTML escaping of interpolated user input, when interpolation in combination with HTML-safe translations were used. A remote attacker could use this flaw to execute arbitrary HTML or web script by providing a specially-crafted input...
Read more →

Published over 8 years ago
OSVDB-76011 in spree
Severe

The ProductScope class fails to properly sanitize user-supplied input via the 'search[send][]' parameter resulting in arbitrary command execution. With a specially crafted request, a remote attacker can potentially cause arbitrary command execution.
Read more →

Published over 8 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jul 9
Aug 4
Sep 5
Oct 4
Nov 3
Dec 3
Jan 2
Feb 3
Mar 5
Apr 2
May 13
Jun 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 34
2017 35
2018 34
2019 47
2020 25