Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2012-1099 / OSVDB-79727 in rails
Moderate

Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate manually generated 'select tag options' upon submission to actionpack/lib/action_view/helpers/form_options_helper.rb. This may allow a user to create a specially crafted request that would execute...
Read more →

Published over 8 years ago
CVE-2012-1098 / OSVDB-79726 in rails
Moderate

Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because athe application does not validate direct manipulations of SafeBuffer objects via '[]' and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within...
Read more →

Published over 8 years ago
CVE-2012-6684 / OSVDB-115941 in RedCloth
Moderate

RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when parsing textile links before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser...
Read more →

Published over 8 years ago
CVE-2012-6135 / OSVDB-90738 in passenger
Moderate

Phusion Passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable.
Read more →

Published over 8 years ago
CVE-2011-5036 / OSVDB-78121 in rack
Severe

Rack contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
Read more →

Published over 8 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Sep 5
Oct 4
Nov 3
Dec 3
Jan 3
Feb 3
Mar 5
Apr 2
May 13
Jun 4
Jul 0
Aug 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 34
2017 35
2018 36
2019 47
2020 30