Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at

Advisory Archive

Date Rubygem Title CVE
2019-07-01 field_test Arbitrary Variants Via Query Parameters 2019-13146
2019-06-04 chartkick XSS Vulnerability in Chartkick Ruby Gem 2019-12732
2019-04-22 nokogiri Nokogiri gem, via libxslt, is affected by improper access control vulnerability 2019-11068
2019-04-10 airbrake-ruby Blacklist keys are no longer being filtered in airbrake-ruby 2019-16060
2019-04-04 bootstrap-sass Remote code execution in bootstrap-sass 2019-10842
2019-03-25 doorkeeper-openid_connect Doorkeeper::OpenidConnect Open Redirect 2019-9837
2019-03-13 actionview File Content Disclosure in Action View 2019-5418
2019-03-13 actionview Denial of Service Vulnerability in Action View 2019-5419
2019-03-13 railties Possible Remote Code Execution Exploit in Rails Development Mode 2019-5420
2019-03-08 chloride Improper handling of ssh known_hosts file with Chloride 2018-6517
2019-03-05 rubygems-update Escape sequence injection vulnerability in verbose 2019-8321
2019-03-05 rubygems-update Escape sequence injection vulnerability in api response handling 2019-8323
2019-03-05 rubygems-update Escape sequence injection vulnerability in errors 2019-8325
2019-03-05 rubygems-update Escape sequence injection vulnerability in gem owner 2019-8322
2019-03-05 rubygems-update Installing a malicious gem may lead to arbitrary code execution 2019-8324
2019-03-05 rubygems-update Delete directory using symlink when decompressing tar 2019-8320
2019-02-15 bootstrap-sass XSS vulnerability in bootstrap-sass 2019-8331
2019-02-15 bootstrap XSS vulnerability in bootstrap 2019-8331
2019-02-07 devise Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module 2019-5421
2018-11-27 activestorage Bypass vulnerability in Active Storage 2018-16477
2018-11-27 activejob Broken Access Control vulnerability in Active Job 2018-16476
2018-11-09 easymon Reflected XSS in Firefox in check endpoint 2018-1000855
2018-11-05 rack Possible DoS vulnerability in Rack 2018-16470
2018-11-05 rack Possible XSS vulnerability in Rack 2018-16471
2018-10-30 loofah Loofah XSS Vulnerability 2018-16468
2018-10-27 fat_free_crm fat_free_crm gem XSS vulnerability via query parameter 2018-1000842
2018-10-19 mysql-binuuid-rails mysql-binuuid-rails allows SQL Injection by removing default string escaping 2018-18476
2018-10-04 nokogiri Nokogiri gem, via libxml2, is affected by multiple vulnerabilities 2018-14404
2018-09-28 jekyll Jekyll _config.yml privilege escalation 2018-17567
2018-09-14 smart_proxy_dynflow smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature 2018-14643