Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2009-3009 in rails
Moderate

Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.
Read more →

Published over 10 years ago
CVE-2008-5189 in rails
Severe

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
Read more →

Published over 11 years ago
OSVDB-95376 in activerecord-oracle_enhanced-adapter
Severe

Oracle "enhanced" ActiveRecord Gem for Ruby contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the program not properly sanitizing user-supplied input related to the :limit and :offset functions. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing...
Read more →

Published over 11 years ago
CVE-2008-4094 in rails
Critical

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
Read more →

Published over 11 years ago
OSVDB-95749 in activeresource
Critical

activeresource contains a format string flaw in the request function of lib/active_resource/connection.rb. The issue is triggered as format string specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input when passed via the 'result.code' and 'result.message' variables. This may allow a remote attacker to cause a denial...
Read more →

Published almost 12 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jun 2
Jul 9
Aug 4
Sep 5
Oct 4
Nov 3
Dec 3
Jan 2
Feb 3
Mar 5
Apr 2
May 13

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 34
2017 35
2018 34
2019 47
2020 25