Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

OSVDB-115917 in bundler
Moderate

Bundler Gem for Ruby contains a flaw that is due to the program listing credential information in plaintext in the install command process listing. This may allow a local attacker to gain access to credential information.
Read more →

Published almost 9 years ago
OSVDB-97854 in dragonfly
Critical

Dragonfly Gem for Ruby contains a flaw that is due to the program failing to properly escape a shell that contains injected characters. This may allow a context-dependent attacker to potentially execute arbitrary commands.
Read more →

Published almost 9 years ago
CVE-2011-3187 in rails
Moderate

The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.
Read more →

Published almost 9 years ago
CVE-2011-3186 / OSVDB-74616 in rails
Moderate

A response splitting flaw in Ruby on Rails 2.3.x was reported that could allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types.
Read more →

Published almost 9 years ago
CVE-2011-2932 in rails
Moderate

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."
Read more →

Published almost 9 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Aug 4
Sep 5
Oct 4
Nov 3
Dec 3
Jan 3
Feb 3
Mar 5
Apr 2
May 13
Jun 4
Jul 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 34
2017 35
2018 34
2019 47
2020 30