Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2016-05-18 rack-mini-profiler rack-mini-profiler may disclose information to unauthorized users 2016-4442
2016-04-23 festivaltts4r festivaltts4r Gem for Ruby Arbitrary Command Execution 2016-10194
2016-04-20 safemode Safemode Gem for Ruby is vulnerable to information disclosure 2016-3693
2016-04-13 espeak-ruby espeak-ruby Gem for Ruby Arbitrary Command Execution 2016-10193
2016-04-01 administrate Cross-site request forgery (CSRF) vulnerability in administrate gem 2016-3098
2016-02-29 actionpack Possible Information Leak Vulnerability in Action View 2016-2097
2016-02-29 actionpack Possible remote code execution vulnerability in Action Pack 2016-2098
2016-02-29 actionview Possible Information Leak Vulnerability in Action View 2016-2097
2016-01-25 actionview Possible Information Leak Vulnerability in Action View 2016-0752
2016-01-25 activemodel Possible Input Validation Circumvention in Active Model 2016-0753
2016-01-25 actionpack Possible Information Leak Vulnerability in Action View 2016-0752
2016-01-25 rails-html-sanitizer Possible XSS vulnerability in rails-html-sanitizer 2015-7578
2016-01-25 actionpack Timing attack vulnerability in basic authentication in Action Controller. 2015-7576
2016-01-25 actionpack Object leak vulnerability for wildcard controller routes in Action Pack 2015-7581
2016-01-25 rails-html-sanitizer XSS vulnerability in rails-html-sanitizer 2015-7579
2016-01-25 activerecord Nested attributes rejection proc bypass in Active Record 2015-7577
2016-01-25 rails-html-sanitizer Possible XSS vulnerability in rails-html-sanitizer 2015-7580
2016-01-25 actionpack Possible Object Leak and Denial of Service attack in Action Pack 2016-0751
2016-01-19 nokogiri Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2 2015-7499
2016-01-18 devise Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie 2015-8314
2016-01-14 ember-source Ember.js XSS Vulnerability with User-Supplied JSON 2015-7565
2016-01-12 mapbox-rails mapbox-rails Content Injection via TileJSON Name
2016-01-08 auto_awesomplete auto_awesomplete Gem for Ruby allows arbitrary search execution
2016-01-08 auto_select2 auto_select2 Gem for Ruby allows arbitrary search execution
2016-01-04 colorscore colorscore Gem for Ruby lib/colorscore/histogram.rb Arbitrary Command Injection 2015-7541
2015-12-18 rack-attack rack-attack Gem for Ruby missing normalization before request path processing
2015-12-15 git-fastclone git-fastclone Shell Metacharacter Injection Arbitrary Command Execution 2015-8969
2015-12-15 nokogiri Nokogiri gem contains several vulnerabilities in libxml2 2015-5312
2015-12-11 git-fastclone git-fastclone permits arbitrary shell command execution from .gitmodules 2015-8968
2015-12-09 mail SMTP command injection 2015-9097