Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2017-03-11 nokogiri Nokogiri gem contains several vulnerabilities in libxml2 and libxslt 2016-4658
2017-02-27 rubyzip Directory traversal vulnerability in rubyzip 2017-5946
2016-08-22 archive-tar-minitar Archive-Tar-Minitar Directory Traversal Vulnerability 2016-10173
2016-08-22 minitar Minitar Directory Traversal Vulnerability 2016-10173
2016-08-18 doorkeeper Doorkeeper gem does not revoke tokens & uses wrong auth/auth method 2016-6582
2016-08-11 activerecord Unsafe Query Generation Risk in Active Record 2016-6317
2016-08-11 actionview Possible XSS Vulnerability in Action View 2016-6316
2016-08-11 actionpack Possible XSS Vulnerability in Action View 2016-6316
2016-06-24 ruby-saml XML signature wrapping attack 2016-5697
2016-06-07 nokogiri Denial of service or RCE from libxml2 and libxslt 2015-8806
2016-05-18 rack-mini-profiler rack-mini-profiler may disclose information to unauthorized users 2016-4442
2016-04-23 festivaltts4r festivaltts4r Gem for Ruby Arbitrary Command Execution 2016-10194
2016-04-20 safemode Safemode Gem for Ruby is vulnerable to information disclosure 2016-3693
2016-04-13 espeak-ruby espeak-ruby Gem for Ruby Arbitrary Command Execution 2016-10193
2016-04-01 administrate Cross-site request forgery (CSRF) vulnerability in administrate gem 2016-3098
2016-02-29 actionpack Possible Information Leak Vulnerability in Action View 2016-2097
2016-02-29 actionview Possible Information Leak Vulnerability in Action View 2016-2097
2016-02-29 actionpack Possible remote code execution vulnerability in Action Pack 2016-2098
2016-01-25 actionpack Possible Information Leak Vulnerability in Action View 2016-0752
2016-01-25 activemodel Possible Input Validation Circumvention in Active Model 2016-0753
2016-01-25 actionpack Timing attack vulnerability in basic authentication in Action Controller. 2015-7576
2016-01-25 actionpack Possible Object Leak and Denial of Service attack in Action Pack 2016-0751
2016-01-25 rails-html-sanitizer Possible XSS vulnerability in rails-html-sanitizer 2015-7578
2016-01-25 activerecord Nested attributes rejection proc bypass in Active Record 2015-7577
2016-01-25 rails-html-sanitizer XSS vulnerability in rails-html-sanitizer 2015-7579
2016-01-25 actionpack Object leak vulnerability for wildcard controller routes in Action Pack 2015-7581
2016-01-25 rails-html-sanitizer Possible XSS vulnerability in rails-html-sanitizer 2015-7580
2016-01-25 actionview Possible Information Leak Vulnerability in Action View 2016-0752
2016-01-19 nokogiri Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2 2015-7499
2016-01-18 devise Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie 2015-8314