Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2018-03-22 rails-html-sanitizer XSS vulnerability in rails-html-sanitizer 2018-3741
2018-03-19 sanitize HTML injection/XSS in Sanitize 2018-3740
2018-03-16 loofah Loofah XSS Vulnerability 2018-8048
2018-02-27 ruby-saml Authentication bypass via incorrect XML canonicalization and DOM traversal 2017-11428
2018-02-21 doorkeeper Doorkeeper gem has stored XSS on authorization consent view 2018-1000088
2018-02-18 rack-protection Path traversal is possible via backslash characters on Windows. 2018-7212
2018-02-18 sinatra Path traversal is possible via backslash characters on Windows. 2018-7212
2018-01-29 nokogiri Nokogiri gem, via libxml, is affected by DoS vulnerabilities 2017-15412
2018-01-29 nokogiri Nokogiri gem, via libxml, is affected by DoS vulnerabilities 2017-16932
2018-01-23 paperclip Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class. 2017-0889
2017-11-28 yard Potential arbitrary file read vulnerability in yard server 2017-17042
2017-11-16 redis-store Unsafe objects can be loaded from Redis 2017-1000248
2017-11-09 recurly SSRF vulnerability in Recurly gem's Resource#find. 2017-0905
2017-11-03 yajl-ruby Flaw in yajl-ruby gem may cause a DoS 2017-16516
2017-09-19 nokogiri Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities 2017-9050
2017-05-09 nokogiri Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 2017-5029
2017-05-01 rubocop RuboCop: insecure use of /tmp 2017-8418
2017-04-05 safemode Safemode Gem for Ruby is vulnerable to bypassing safe mode limitations 2017-7540
2017-03-11 nokogiri Nokogiri gem contains several vulnerabilities in libxml2 and libxslt 2016-4658
2017-02-27 rubyzip Directory traversal vulnerability in rubyzip 2017-5946
2017-01-11 omniauth omniauth leaks authenticity token in callback params 2017-18076
2016-11-09 passenger Predictable tmp File Path Vulnerability in Phusion Passenger 2016-10345
2016-08-22 minitar Minitar Directory Traversal Vulnerability 2016-10173
2016-08-22 archive-tar-minitar Archive-Tar-Minitar Directory Traversal Vulnerability 2016-10173
2016-08-18 doorkeeper Doorkeeper gem does not revoke tokens & uses wrong auth/auth method 2016-6582
2016-08-11 activerecord Unsafe Query Generation Risk in Active Record 2016-6317
2016-08-11 actionpack Possible XSS Vulnerability in Action View 2016-6316
2016-08-11 actionview Possible XSS Vulnerability in Action View 2016-6316
2016-06-24 ruby-saml XML signature wrapping attack 2016-5697
2016-06-07 nokogiri Denial of service or RCE from libxml2 and libxslt 2015-8806