Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2019-06-04 chartkick XSS Vulnerability in Chartkick Ruby Gem 2019-12732
2019-04-22 nokogiri Nokogiri gem, via libxslt, is affected by improper access control vulnerability 2019-11068
2019-04-04 bootstrap-sass Remote code execution in bootstrap-sass 2019-10842
2019-03-13 railties Possible Remote Code Execution Exploit in Rails Development Mode 2019-5420
2019-03-13 actionview Denial of Service Vulnerability in Action View 2019-5419
2019-03-13 actionview File Content Disclosure in Action View 2019-5418
2019-02-15 bootstrap-sass XSS vulnerability in bootstrap-sass 2019-8331
2019-02-15 bootstrap XSS vulnerability in bootstrap 2019-8331
2019-02-07 devise Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module 2019-5421
2018-11-27 activestorage Bypass vulnerability in Active Storage 2018-16477
2018-11-27 activejob Broken Access Control vulnerability in Active Job 2018-16476
2018-11-09 easymon Reflected XSS in Firefox in check endpoint 2018-1000855
2018-11-05 rack Possible XSS vulnerability in Rack 2018-16471
2018-11-05 rack Possible DoS vulnerability in Rack 2018-16470
2018-10-30 loofah Loofah XSS Vulnerability 2018-16468
2018-10-19 mysql-binuuid-rails mysql-binuuid-rails allows SQL Injection by removing default string escaping 2018-18476
2018-10-04 nokogiri Nokogiri gem, via libxml2, is affected by multiple vulnerabilities 2018-14404
2018-08-09 active-support Malicious ruby gem - active-support 2018-3779
2018-07-27 restforce Insufficient URI encoding in restforce 2018-3777
2018-07-11 doorkeeper Doorkeeper gem does not revoke token for public clients 2018-1000211
2018-07-03 bootstrap XSS vulnerabilities via data-parent, data-target, data-container in bootstrap 2018-14040
2018-06-22 ffi ruby-ffi DDL loading issue on Windows OS 2018-1000201
2018-06-19 sprockets Path Traversal in Sprockets 2018-3760
2018-06-14 rubyzip Directory Traversal in rubyzip 2018-1000544
2018-05-31 sinatra XSS via the 400 Bad Request page 2018-11627
2018-05-23 ruby-grape ruby-grape Gem has XSS via "format" parameter 2018-3769
2018-05-23 grape ruby-grape Gem has XSS via "format" parameter 2018-3769
2018-05-03 private_address_check private_address_check Ruby Gem Time-of-check Time-of-use race condition 2018-3759
2018-04-30 json-jwt Auth tag forgery vulnerability with AES-GCM encrypted JWT 2018-1000539
2018-03-29 nokogiri Revert libxml2 behavior in Nokogiri gem that could cause XSS 2018-8048