Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-2x8x-jmrp-phxw
  • RubyGems/sinatra
  • RubyGems/sinatra
Sinatra vulnerable to Reflected File Download attack
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 0.1.0
  • 0.1.5
  • 0.1.6
  • ...
2022-11-30T23:41:39.372185Z Fix available
GHSA-3xg8-cc8f-9wv2
  • RubyGems/dalli
Unsanitized input leading to code injection in Dalli
  • 0.10.0
  • 0.10.1
  • 0.11.0
  • 0.11.1
  • 0.11.2
  • 0.9.0
  • 0.9.1
  • ...
2022-11-26T20:38:35.057569Z Fix available
GHSA-vc47-6rqg-c7f5
  • RubyGems/cgi
  • RubyGems/cgi
  • RubyGems/cgi
HTTP response splitting in CGI
  • 0.3.0
  • 0.3.1
  • 0.3.2
  • 0.3.3
  • 0.3.4
  • 0.2.0
  • 0.2.1
  • ...
2022-11-24T02:26:25.479814Z Fix available
GHSA-r74q-gxcg-73hx
  • RubyGems/simple_form
Improper Input Validation in simple_form
  • 0.4.0
  • 0.5
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • ...
2022-11-22T23:23:44.043834Z Fix available
GHSA-xq5j-gw7f-jgj8
  • RubyGems/actionview
  • RubyGems/actionview
CSRF Vulnerability in rails-ujs
  • 5.0.0
  • 5.0.0.1
  • 5.0.1
  • 5.0.1.rc1
  • 5.0.1.rc2
  • 5.0.2
  • 5.0.2.rc1
  • ...
2022-11-22T01:31:15.986036Z Fix available
GHSA-j5rj-g695-342r
  • RubyGems/fat_free_crm
  • RubyGems/fat_free_crm
  • RubyGems/fat_free_crm
  • RubyGems/fat_free_crm
  • RubyGems/fat_free_crm
Moderate severity vulnerability that affects fat_free_crm
  • 0.11.0
  • 0.11.1
  • 0.11.2
  • 0.11.3
  • 0.11.4
  • 0.12.0
  • 0.12.1
  • ...
2022-11-22T01:11:35.154510Z Fix available
GHSA-xxx9-3xcr-gjj3
  • RubyGems/nokogiri
XML Injection in Xerces Java affects Nokogiri
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 1.0.6
  • ...
2022-11-22T01:05:52.624928Z Fix available
GHSA-9h36-4jf2-hx53
  • RubyGems/extlib
High severity vulnerability that affects extlib
  • 0.9.10
  • 0.9.11
  • 0.9.12
  • 0.9.13
  • 0.9.14
  • 0.9.15
  • 0.9.2
  • ...
2022-11-22T01:05:42.257423Z Fix available
GHSA-mh37-8c3g-3fgc
  • RubyGems/rubygems-update
  • RubyGems/rubygems-update
Escape sequence injection in RubyGems
  • 2.6.0
  • 2.6.1
  • 2.6.10
  • 2.6.11
  • 2.6.12
  • 2.6.13
  • 2.6.14
  • ...
2022-11-22T01:04:04.126604Z Fix available
GHSA-j858-xp5v-f8xx
  • RubyGems/dragonfly
Remote code execution in Dragonfly
  • 0.1.0
  • 0.1.1
  • 0.1.4
  • 0.1.5
  • 0.1.6
  • 0.2.1
  • 0.3.0
  • ...
2022-11-22T01:03:55.248664Z Fix available
GHSA-79m3-q3wh-c3qm
  • RubyGems/publify_core
Incorrect Authorization in publify
  • 9.0.0
  • 9.0.0.pre1
  • 9.0.0.pre2
  • 9.0.0.pre3
  • 9.0.0.pre4
  • 9.0.0.pre5
  • 9.0.0.pre6
  • ...
2022-11-22T01:03:25.357930Z Fix available
GHSA-4q53-fqhc-cr46
  • RubyGems/ember-source
  • RubyGems/ember-source
Low severity vulnerability that affects ember-source
  • 1.2.0
  • 1.2.0.1
  • 1.2.1.1
  • 1.3.0
  • 1.3.1.1
2022-11-22T01:03:20.093110Z Fix available
GHSA-vx9j-46rh-fqr8
  • RubyGems/actionview
  • RubyGems/actionview
Moderate severity vulnerability that affects actionview
  • 4.1.0
  • 4.1.0.beta1
  • 4.1.0.beta2
  • 4.1.0.rc1
  • 4.1.0.rc2
  • 4.1.1
  • 4.1.10
  • ...
2022-11-22T01:03:17.591015Z Fix available
GHSA-fwcm-636p-68r5
  • RubyGems/carrierwave
  • RubyGems/carrierwave
Server-side request forgery in CarrierWave
  • 0.1
  • 0.10.0
  • 0.11.0
  • 0.11.1
  • 0.11.2
  • 0.2.0
  • 0.2.1
  • ...
2022-11-22T01:03:15.965021Z Fix available
GHSA-ch3h-j2vf-95pv
  • RubyGems/actionview
  • RubyGems/actionview
  • RubyGems/actionview
  • RubyGems/actionview
XSS Vulnerability in Action View tag helpers
  • 4.1.0
  • 4.1.0.beta1
  • 4.1.0.beta2
  • 4.1.0.rc1
  • 4.1.0.rc2
  • 4.1.1
  • 4.1.10
  • ...
2022-11-22T01:03:15.891357Z Fix available
GHSA-p65m-qr5x-rrqq
  • RubyGems/webbynode
High severity vulnerability that affects webbynode
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.2.0
  • 0.2.1
  • 0.2.2
  • 0.2.3
  • ...
2022-11-22T01:03:15.867188Z No fix available