Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-w749-p3v6-hccq
  • RubyGems/activestorage
  • RubyGems/activestorage
  • RubyGems/activestorage
  • RubyGems/activestorage
Possible code injection vulnerability in Rails / Active Storage
  • 5.2.0
  • 5.2.1
  • 5.2.1.1
  • 5.2.1.rc1
  • 5.2.2
  • 5.2.2.1
  • 5.2.2.rc1
  • ...
2022-06-21T16:18:03.112261Z Fix available
GHSA-34hf-g744-jw64
  • RubyGems/i18n
Denial of service attack in i18n
  • 0.1.0
  • 0.2.0
  • 0.2.1
  • 0.3.0
  • 0.3.1
  • 0.3.2
  • 0.3.3
  • ...
2022-06-17T21:48:54.831079Z Fix available
GHSA-xc85-32mf-xpv8
  • RubyGems/rack
  • RubyGems/rack
  • RubyGems/rack
  • RubyGems/rack
  • RubyGems/rack
Rack arbitrary code execution via timing attack
  • 1.5.0
  • 1.5.1
  • 1.4.0
  • 1.4.1
  • 1.4.2
  • 1.4.3
  • 1.4.4
  • ...
2022-06-17T21:48:43.788130Z Fix available
GHSA-q58j-fmvf-9rq6
  • RubyGems/rails
Cross site scripting in rails < 3.0.6
  • 0.10.0
  • 0.10.1
  • 0.11.0
  • 0.11.1
  • 0.12.0
  • 0.12.1
  • 0.13.0
  • ...
2022-06-17T21:48:43.118956Z Fix available
GHSA-cv3f-px9r-54hm
  • RubyGems/passenger
Phusion Passenger information disclosure
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 2.0.1
  • 2.0.2
  • ...
2022-06-17T21:31:01.888072Z Fix available
GHSA-4284-jfhc-f854
  • RubyGems/passenger
Phusion Passenger incorrect permission assignment
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 2.0.1
  • 2.0.2
  • ...
2022-06-17T21:30:26.385287Z Fix available
GHSA-g28x-pgr3-qqx6
  • RubyGems/octokit
Octokit gem published with world-writable files
  • 4.23.0
  • 4.24.0
2022-06-17T19:47:04.110830Z Fix available
GHSA-26qj-cr27-r5c4
  • RubyGems/octopoller
Octopoller gem published with world-writable files
  • 0.2.0
2022-06-17T19:20:37Z Fix available
GHSA-64qm-hrgp-pgr9
  • RubyGems/mechanize
Authorization header leak on port redirect in mechanize
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 0.2.0
  • 0.2.1
  • 0.2.2
  • ...
2022-06-15T20:28:44.077940Z Fix available
GHSA-5g4r-2qhx-vqfm
  • RubyGems/trilogy
Use of Uninitialized Variable in trilogy
  • 2.0.0
  • 2.1.0
2022-06-15T20:25:38.848641Z Fix available
GHSA-fj34-jhjx-xmvv
  • RubyGems/dragonfly
Arbitrary file write in dragonfly
  • 0.1.0
  • 0.1.1
  • 0.1.4
  • 0.1.5
  • 0.1.6
  • 0.2.1
  • 0.3.0
  • ...
2022-06-14T20:48:01.661590Z Fix available
GHSA-5c5f-7vfq-3732
  • RubyGems/jmespath
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
  • 0.2.0
  • 0.9.0
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.1.0
  • 1.1.1
  • ...
2022-06-10T20:33:00.446152Z Fix available
GHSA-f2rp-4rv7-fc95
  • RubyGems/foreman_fog_proxmox
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
  • 0.10.0
  • 0.10.1
  • 0.10.2
  • 0.11.0
  • 0.11.1
  • 0.12.0
  • 0.12.1
  • ...
2022-06-10T02:20:38.938682Z Fix available
GHSA-4xjh-m3qx-49wc
  • RubyGems/jekyll
  • RubyGems/jekyll
  • RubyGems/jekyll
Jekyll allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file
  • 0.1.2
  • 0.1.3
  • 0.1.4
  • 0.1.5
  • 0.1.6
  • 0.10.0
  • 0.11.0
  • ...
2022-06-10T02:20:11.717615Z Fix available
GHSA-h6rj-8r3c-9gpj
  • RubyGems/bson
  • RubyGems/bson
bson is vulnerable to denial of service due to incorrect regex validation
  • 0.20
  • 0.20.1
  • 1.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • ...
2022-06-10T02:20:10.455562Z Fix available
GHSA-jp5v-5gx4-jmj9
  • RubyGems/actionpack
  • RubyGems/actionpack
Ability to forge per-form CSRF tokens in Rails
  • 5.0.0
  • 5.0.0.1
  • 5.0.1
  • 5.0.1.rc1
  • 5.0.1.rc2
  • 5.0.2
  • 5.0.2.rc1
  • ...
2022-06-10T02:19:50.087603Z Fix available