Vulnerability Database
About
Vulnerability Library
search
All ecosystems
21219
Android
361
crates.io
882
DWF
30
Go
681
GSD
26
Hex
12
JavaScript
1
Linux
7657
Maven
1475
npm
2547
NuGet
192
OSS-Fuzz
2591
Packagist
940
PyPI
3333
RubyGems
490
UVI
1
ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-w749-p3v6-hccq
RubyGems/activestorage
RubyGems/activestorage
RubyGems/activestorage
RubyGems/activestorage
Possible code injection vulnerability in Rails / Active Storage
5.2.0
5.2.1
5.2.1.1
5.2.1.rc1
5.2.2
5.2.2.1
5.2.2.rc1
...
2022-06-21T16:18:03.112261Z
Fix available
GHSA-34hf-g744-jw64
RubyGems/i18n
Denial of service attack in i18n
0.1.0
0.2.0
0.2.1
0.3.0
0.3.1
0.3.2
0.3.3
...
2022-06-17T21:48:54.831079Z
Fix available
GHSA-xc85-32mf-xpv8
RubyGems/rack
RubyGems/rack
RubyGems/rack
RubyGems/rack
RubyGems/rack
Rack arbitrary code execution via timing attack
1.5.0
1.5.1
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
...
2022-06-17T21:48:43.788130Z
Fix available
GHSA-q58j-fmvf-9rq6
RubyGems/rails
Cross site scripting in rails < 3.0.6
0.10.0
0.10.1
0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
...
2022-06-17T21:48:43.118956Z
Fix available
GHSA-cv3f-px9r-54hm
RubyGems/passenger
Phusion Passenger information disclosure
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
2.0.1
2.0.2
...
2022-06-17T21:31:01.888072Z
Fix available
GHSA-4284-jfhc-f854
RubyGems/passenger
Phusion Passenger incorrect permission assignment
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
2.0.1
2.0.2
...
2022-06-17T21:30:26.385287Z
Fix available
GHSA-g28x-pgr3-qqx6
RubyGems/octokit
Octokit gem published with world-writable files
4.23.0
4.24.0
2022-06-17T19:47:04.110830Z
Fix available
GHSA-26qj-cr27-r5c4
RubyGems/octopoller
Octopoller gem published with world-writable files
0.2.0
2022-06-17T19:20:37Z
Fix available
GHSA-64qm-hrgp-pgr9
RubyGems/mechanize
Authorization header leak on port redirect in mechanize
0.1.0
0.1.1
0.1.2
0.1.3
0.2.0
0.2.1
0.2.2
...
2022-06-15T20:28:44.077940Z
Fix available
GHSA-5g4r-2qhx-vqfm
RubyGems/trilogy
Use of Uninitialized Variable in trilogy
2.0.0
2.1.0
2022-06-15T20:25:38.848641Z
Fix available
GHSA-fj34-jhjx-xmvv
RubyGems/dragonfly
Arbitrary file write in dragonfly
0.1.0
0.1.1
0.1.4
0.1.5
0.1.6
0.2.1
0.3.0
...
2022-06-14T20:48:01.661590Z
Fix available
GHSA-5c5f-7vfq-3732
RubyGems/jmespath
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
0.2.0
0.9.0
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
...
2022-06-10T20:33:00.446152Z
Fix available
GHSA-f2rp-4rv7-fc95
RubyGems/foreman_fog_proxmox
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
0.10.0
0.10.1
0.10.2
0.11.0
0.11.1
0.12.0
0.12.1
...
2022-06-10T02:20:38.938682Z
Fix available
GHSA-4xjh-m3qx-49wc
RubyGems/jekyll
RubyGems/jekyll
RubyGems/jekyll
Jekyll allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.10.0
0.11.0
...
2022-06-10T02:20:11.717615Z
Fix available
GHSA-h6rj-8r3c-9gpj
RubyGems/bson
RubyGems/bson
bson is vulnerable to denial of service due to incorrect regex validation
0.20
0.20.1
1.0
1.0.1
1.0.2
1.0.3
1.0.4
...
2022-06-10T02:20:10.455562Z
Fix available
GHSA-jp5v-5gx4-jmj9
RubyGems/actionpack
RubyGems/actionpack
Ability to forge per-form CSRF tokens in Rails
5.0.0
5.0.0.1
5.0.1
5.0.1.rc1
5.0.1.rc2
5.0.2
5.0.2.rc1
...
2022-06-10T02:19:50.087603Z
Fix available
Load more...
