Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at

Advisory Archive

Date Rubygem Title CVE
2013-01-10 nori Ruby Gem nori Parameter Parsing Remote Code Execution 2013-0285
2013-01-09 crack crack Gem for Ruby Type Casting Parameter Parsing Remote Code Execution 2013-1800
2013-01-08 extlib extlib Gem for Ruby Type Casting Parameter Parsing Remote Code Execution 2013-1802
2013-01-08 activerecord Ruby on Rails Active Record JSON Parameter Parsing Query Bypass 2013-0155
2013-01-08 actionpack Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing Remote Code Execution 2013-0156
2013-01-07 rack Rack Long String Parsing Memory Consumption Remote DoS 2013-0183
2012-12-22 activerecord Ruby on Rails find_by_* Methods Authlogic SQL Injection Bypass 2012-6496
2012-12-21 authlogic Ruby on Rails Authlogic Gem secret_token.rb Known secret_token Value Weakness 2012-6497
2012-12-06 newrelic_rpm Ruby on Rails newrelic_rpm Gem Discloses Sensitive Information 2013-0284
2012-12-04 ldap_fluff Red Hat Subscription Asset Manager rubygem-ldap_fluff Active Directory Authentication Bypass 2012-5604
2012-09-25 rubygems-update RubyGems HTTPS to HTTP Redirection MitM Downloaded Installation File Manipulation 2012-2125
2012-09-08 loofah Loofah HTML and XSS injection vulnerability
2012-09-08 omniauth-oauth2 Ruby on Rails omniauth-oauth2 Gem CSRF vulnerability 2012-6134
2012-08-09 activesupport Ruby on Rails HTML Escaping Code XSS 2012-3464
2012-08-09 actionpack Ruby on Rails select_tag Helper Method prompt Value XSS 2012-3463
2012-08-09 actionpack Ruby on Rails strip_tags Helper Method XSS 2012-3465
2012-07-26 actionpack Ruby on Rails actionpack/lib/action_controller/metal/http_authentication.rb with_http_digest Helper Method Remote DoS 2012-3424
2012-07-02 spree Potential XSS vulnerability related to the analytics dashboard
2012-07-02 spree Product Scopes could allow for unauthenticated remote command execution
2012-06-08 nokogiri Nokogiri Gem for Ruby External Entity (XXE) Expansion Internal Network Response Remote Disclosure 2012-6685
2012-06-06 rack-cache rack-cache Rubygem Sensitive HTTP Header Caching Weakness 2012-2671
2012-05-31 activerecord Ruby on Rails ActiveRecord Class Rack Query Parameter Parsing SQL Query Arbitrary IS NULL Clause Injection 2012-2660
2012-05-31 activerecord Ruby on Rails where Method ActiveRecord Class SQL Injection 2012-2661
2012-05-04 rack Rack Regular Expressions Engine Content-Disposition Header Parsing Infinite Loop Remote DoS 2012-6109
2012-04-20 rubygems-update RubyGems SSL Certificate Validation MitM Spoofing Weakness 2012-2126
2012-03-14 mail Mail Gem for Ruby File Delivery Method to Parameter Traversal Arbitrary File Manipulation 2012-2139
2012-03-14 mail Mail Gem for Ruby Multiple Delivery Method Remote Shell Command Execution 2012-2140
2012-03-01 actionpack Ruby on Rails actionpack/lib/action_view/helpers/form_options_helper.rb Manually Generated Select Tag Options XSS 2012-1099
2012-03-01 activesupport Ruby on Rails SafeBuffer Object [] Direct Manipulation XSS 2012-1098
2012-02-29 RedCloth RedCloth Gem for Ruby Textile Link Parsing XSS 2012-6684