Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at

Advisory Archive

Date Rubygem Title CVE
2018-05-31 sinatra XSS via the 400 Bad Request page 2018-11627
2018-05-23 grape ruby-grape Gem has XSS via "format" parameter 2018-3769
2018-05-23 ruby-grape ruby-grape Gem has XSS via "format" parameter 2018-3769
2018-05-03 private_address_check private_address_check Ruby Gem Time-of-check Time-of-use race condition 2018-3759
2018-04-30 json-jwt Auth tag forgery vulnerability with AES-GCM encrypted JWT 2018-1000539
2018-03-29 nokogiri Revert libxml2 behavior in Nokogiri gem that could cause XSS 2018-8048
2018-03-22 rails-html-sanitizer XSS vulnerability in rails-html-sanitizer 2018-3741
2018-03-19 sanitize HTML injection/XSS in Sanitize 2018-3740
2018-03-16 loofah Loofah XSS Vulnerability 2018-8048
2018-03-07 rack-protection rack-protection gem timing attack vulnerability when validating CSRF token 2018-1000119
2018-02-27 omniauth-saml omniauth-saml authentication bypass via incorrect XML canonicalization and DOM traversal 2017-11430
2018-02-27 ruby-saml Authentication bypass via incorrect XML canonicalization and DOM traversal 2017-11428
2018-02-21 doorkeeper Doorkeeper gem has stored XSS on authorization consent view 2018-1000088
2018-02-19 radiant Multiple persistent XSS vulnerabilities in Radiant CMS 2018-7261
2018-02-18 rack-protection Path traversal is possible via backslash characters on Windows. 2018-7212
2018-01-29 nokogiri Nokogiri gem, via libxml, is affected by DoS vulnerabilities 2017-16932
2018-01-29 nokogiri Nokogiri gem, via libxml, is affected by DoS vulnerabilities 2017-15412
2018-01-23 paperclip Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class. 2017-0889
2018-01-10 rails_admin rails_admin ruby gem XSS vulnerability 2017-12098
2018-01-10 delayed_job_web delayed_job_web ruby gem XSS vulnerability via `queues` parameter 2017-12097
2018-01-09 sinatra sinatra ruby gem path traversal via backslash characters on Windows 2018-7212
2018-01-04 radiant Radiant CMS 1.1.4 Markdown admin/pages/*/edit part_body_content cross site scripting 2018-5216
2017-12-17 net-ldap No validation of hostname certificate in net-ldap 2017-17718
2017-11-28 yard Potential arbitrary file read vulnerability in yard server 2017-17042
2017-11-16 redis-store Unsafe objects can be loaded from Redis 2017-1000248
2017-11-10 geminabox Stored XSS in "geminabox" via injection in Gemspec "homepage" value 2017-16792
2017-11-09 private_address_check private_address_check Ruby Gem Blacklist Bypass privilege escalation 2017-0909
2017-11-09 recurly SSRF vulnerability in Recurly gem's Resource#find. 2017-0905
2017-11-07 private_address_check private_address_check Ruby Gem Resolv.getaddresses Server-Side Request Forgery 2017-0904
2017-11-03 yajl-ruby Flaw in yajl-ruby gem may cause a DoS 2017-16516