Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

OSVDB-76011 in spree
Severe

The ProductScope class fails to properly sanitize user-supplied input via the 'search[send][]' parameter resulting in arbitrary command execution. With a specially crafted request, a remote attacker can potentially cause arbitrary command execution.
Read more →

Published almost 10 years ago
OSVDB-115917 in bundler
Moderate

Bundler Gem for Ruby contains a flaw that is due to the program listing credential information in plaintext in the install command process listing. This may allow a local attacker to gain access to credential information.
Read more →

Published almost 10 years ago
OSVDB-97854 in dragonfly
Critical

Dragonfly Gem for Ruby contains a flaw that is due to the program failing to properly escape a shell that contains injected characters. This may allow a context-dependent attacker to potentially execute arbitrary commands.
Read more →

Published almost 10 years ago
CVE-2011-3187 in rails
Moderate

The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.
Read more →

Published almost 10 years ago
CVE-2011-3186 / OSVDB-74616 in rails
Moderate

A response splitting flaw in Ruby on Rails 2.3.x was reported that could allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types.
Read more →

Published almost 10 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Aug 4
Sep 4
Oct 4
Nov 3
Dec 2
Jan 1
Feb 5
Mar 3
Apr 7
May 11
Jun 2
Jul 2

Vulnerabilities in the Past 6 Years

Vulnerabilities
2016 34
2017 35
2018 37
2019 47
2020 52
2021 31