Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at

Advisory Archive

Date Rubygem Title CVE
2015-06-16 rack Potential Denial of Service Vulnerability in Rack 2015-3225
2015-06-16 activesupport XSS Vulnerability in ActiveSupport::JSON.encode 2015-3226
2015-06-16 jquery-rails CSRF Vulnerability in jquery-rails 2015-1840
2015-06-16 spina Cross-site request forgery (CSRF) vulnerability in Spina gem 2015-4619
2015-06-16 web-console IP whitelist bypass in Web Console 2015-3224
2015-06-16 jquery-ujs CSRF Vulnerability in jquery-ujs 2015-1840
2015-06-05 paperclip Paperclip Gem for Ruby vulnerable to content type spoofing 2015-2963
2015-06-04 bson Data Injection Vulnerability in bson Rubygem 2015-4412
2015-06-04 moped Data Injection Vulnerability in moped Rubygem 2015-4410
2015-06-04 sidekiq Sidekiq Gem for Ruby web/views/queue.erb CurrentMessagesInQueue Element Reflected XSS
2015-05-11 sidekiq-pro Sidekiq Pro Gem for Ruby web/views/batch.erb Class and ErrorMessage Elements Reflected XSS
2015-05-05 open-uri-cached open-uri-cached Gem for Ruby Unsafe Temporary File Creation Local Privilege Escalation 2015-3649
2015-04-29 ruby-saml Ruby-Saml Gem is vulnerable to XPath Injection
2015-04-21 sidekiq Sidekiq Gem for Ruby web/views/queue.erb msg.display_class Element XSS
2015-04-15 refile refile Gem for Ruby contains a remote code execution vulnerability
2015-04-14 ember-source Ember.js XSS Vulnerability With {{view "select"}} Options 2015-1866
2015-04-14 nokogiri Nokogiri gem contains several vulnerabilities in libxml2 and libxslt 2015-1819
2015-04-07 redcarpet redcarpet Gem for Ruby markdown.c parse_inline() Function XSS
2015-03-24 http HTTPS MitM vulnerability in http.rb 2015-1828
2015-03-24 rest-client rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses 2015-1820
2015-03-05 spree Spree API Information Disclosure CSRF
2015-02-17 xaviershay-dm-rails xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table 2015-2179
2015-02-16 fat_free_crm Fat Free CRM Gem being vulnerable to CSRF-type attacks 2015-1585
2015-02-10 doorkeeper Doorkeeper Gem for Ruby stores sensitive information in production logs
2015-02-03 ruby-saml Ruby-Saml Gem is vulnerable to arbitrary code execution
2015-01-12 rest-client Rest-Client Gem for Ruby logs password information in plaintext 2015-3448
2014-12-18 doorkeeper Cross-site request forgery (CSRF) vulnerability in doorkeeper 1.4.0 and earlier. 2014-8144
2014-12-08 sentry-raven sentry-raven Gem for Ruby contains a flaw that can result in a denial of service 2014-9490
2014-12-04 gollum-grit_adapter gollum-grit_adapter Search Functionality Allows Arbitrary Command Execution 2014-9489
2014-11-17 actionpack Arbitrary file existence disclosure in Action Pack 2014-7829