Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2016-04-01 administrate Cross-site request forgery (CSRF) vulnerability in administrate gem 2016-3098
2016-02-29 actionpack Possible Information Leak Vulnerability in Action View 2016-2097
2016-02-29 actionview Possible Information Leak Vulnerability in Action View 2016-2097
2016-02-29 actionpack Possible remote code execution vulnerability in Action Pack 2016-2098
2016-01-25 actionview Possible Information Leak Vulnerability in Action View 2016-0752
2016-01-25 actionpack Possible Object Leak and Denial of Service attack in Action Pack 2016-0751
2016-01-25 rails-html-sanitizer Possible XSS vulnerability in rails-html-sanitizer 2015-7578
2016-01-25 activerecord Nested attributes rejection proc bypass in Active Record 2015-7577
2016-01-25 rails-html-sanitizer Possible XSS vulnerability in rails-html-sanitizer 2015-7580
2016-01-25 rails-html-sanitizer XSS vulnerability in rails-html-sanitizer 2015-7579
2016-01-25 actionpack Possible Information Leak Vulnerability in Action View 2016-0752
2016-01-25 actionpack Timing attack vulnerability in basic authentication in Action Controller. 2015-7576
2016-01-25 actionpack Object leak vulnerability for wildcard controller routes in Action Pack 2015-7581
2016-01-25 activemodel Possible Input Validation Circumvention in Active Model 2016-0753
2016-01-19 nokogiri Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2 2015-7499
2016-01-18 devise Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie 2015-8314
2016-01-14 ember-source Ember.js XSS Vulnerability with User-Supplied JSON 2015-7565
2016-01-12 mapbox-rails mapbox-rails Content Injection via TileJSON Name
2016-01-08 auto_awesomplete auto_awesomplete Gem for Ruby allows arbitrary search execution
2016-01-08 thor Command injection in Thor Gem 2016-10545
2016-01-08 auto_select2 auto_select2 Gem for Ruby allows arbitrary search execution
2016-01-04 colorscore colorscore Gem for Ruby lib/colorscore/histogram.rb Arbitrary Command Injection 2015-7541
2015-12-18 rack-attack rack-attack Gem for Ruby missing normalization before request path processing
2015-12-15 nokogiri Nokogiri gem contains several vulnerabilities in libxml2 2015-5312
2015-12-15 git-fastclone git-fastclone Shell Metacharacter Injection Arbitrary Command Execution 2015-8969
2015-12-11 git-fastclone git-fastclone permits arbitrary shell command execution from .gitmodules 2015-8968
2015-12-09 mail SMTP command injection 2015-9097
2015-11-23 passenger Phusion Passenger Server allows to overwrite headers in some cases 2015-7519
2015-11-17 mustache-js-rails mustache.js - quoteless attributes in templates can lead to XSS
2015-10-24 mapbox-rails mapbox-rails Content Injection via TileJSON attribute