Homepage

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
  • M
Code InjectionCVE-2024-27281
Affects rdoc | Versions <6.3.4.1>=6.4.0, <6.4.1.1>=6.5.0, <6.5.1.1
Has fix
RubyGemsPublished 22 Mar 2024
  • H
Incorrect Default PermissionsCVE-2024-28862
Affects rotp | Versions <6.3.0
Has fix
RubyGemsPublished 18 Mar 2024
  • H
Exposed Dangerous Method or FunctionCVE-2024-28181
Affects turbo_boost-commands | Versions <0.1.3>=0.2.0, <0.2.2
Has fix
RubyGemsPublished 17 Mar 2024
  • H
Cross-site Scripting (XSS)CVE-2024-28199
Affects phlex | Versions <1.0.1>=1.1.0, <1.1.1>=1.2.0, <1.2.2>=1.3.0, <1.3.3>=1.4.0, <1.4.1>=1.5.0, <1.5.2>=1.6.0, <1.6.2>=1.7.0, <1.7.1>=1.8.0, <1.8.2>=1.9.0, <1.9.1
Has fix
RubyGemsPublished 13 Mar 2024
  • H
Unsafe ReflectionCVE-2024-28121
Affects stimulus_reflex | Versions <3.4.2>=3.5.0-pre0, <3.5.0-rc4
Has fix
RubyGemsPublished 13 Mar 2024
  • M
Cross-site Scripting (XSS)CVE-2024-27285
Affects yard | Versions <0.9.35
Has fix
RubyGemsPublished 29 Feb 2024
  • M
Exposure of Data Element to Wrong SessionCVE-2024-26144
Affects actionpack | Versions >=5.2.0, <6.1.7.7>=7.0.0, <7.0.8.1
Has fix
RubyGemsPublished 25 Feb 2024
  • M
Regular Expression Denial of Service (ReDoS)CVE-2024-26142
Affects actionpack | Versions >=7.1.0, <7.1.3.1
Has fix
RubyGemsPublished 25 Feb 2024
  • M
Cross-site Scripting (XSS)CVE-2024-26143
Affects actionpack | Versions >=7.0.0, <7.0.8.1>=7.1.0, <7.1.3.1
Has fix
RubyGemsPublished 25 Feb 2024
  • H
Denial of Service (DoS)CVE-2024-26141
Affects rack | Versions >=1.3.0, <2.2.8.1>=3.0.0, <3.0.9.1
Has fix
RubyGemsPublished 25 Feb 2024
  • M
Regular Expression Denial of Service (ReDoS)CVE-2024-25126
Affects rack | Versions >=0.4.0, <2.2.8.1>=3.0.0, <3.0.9.1
Has fix
RubyGemsPublished 25 Feb 2024
  • M
Regular Expression Denial of Service (ReDoS)CVE-2024-26146
Affects rack | Versions <2.0.9.4>=2.1.0, <2.1.4.4>=2.2.0, <2.2.8.1>=3.0.0, <3.0.9.1
Has fix
RubyGemsPublished 25 Feb 2024
  • M
Cross-site Scripting (XSS)CVE-2023-51447
Affects decidim | Versions >=0.27.0, <0.27.5
Has fix
RubyGemsPublished 22 Feb 2024
  • M
Cross-site Scripting (XSS)CVE-2023-51447
Affects decidim-core | Versions >=0.27.0, <0.27.5
Has fix
RubyGemsPublished 22 Feb 2024
  • L
Race ConditionCVE-2023-47634
Affects decidim | Versions >=0.10.0, <0.26.9>=0.27.0, <0.27.5
Has fix
RubyGemsPublished 21 Feb 2024
  • M
Server-Side Request Forgery (SSRF)CVE-2023-47635
Affects decidim-templates | Versions >=0.23.0, <0.27.5
Has fix
RubyGemsPublished 21 Feb 2024
  • M
Operation on a Resource after Expiration or ReleaseCVE-2023-48220
Affects decidim-system | Versions >=0.0.1, <0.26.9>=0.27.0, <0.27.5
Has fix
RubyGemsPublished 21 Feb 2024
  • M
Operation on a Resource after Expiration or ReleaseCVE-2023-48220
Affects decidim-admin | Versions >=0.0.1, <0.26.9>=0.27.0, <0.27.5
Has fix
RubyGemsPublished 21 Feb 2024
  • M
Operation on a Resource after Expiration or ReleaseCVE-2023-48220
Affects devise_invitable | Versions >=0.4.0, <2.0.9
Has fix
RubyGemsPublished 21 Feb 2024
  • H
Cross-site Scripting (XSS)CVE-2024-25122
Affects sidekiq-unique-jobs | Versions <7.1.33>=8.0.0, <8.0.7
Has fix
RubyGemsPublished 14 Feb 2024
  • M
Use After FreeCVE-2024-25062
Affects nokogiri | Versions <1.15.6>=1.16.0, <1.16.2
Has fix
RubyGemsPublished 5 Feb 2024
  • M
Cross-site Scripting (XSS)CVE-2024-22411
Affects avo | Versions <3.0.2
Has fix
RubyGemsPublished 18 Jan 2024
  • M
Cross-site Scripting (XSS)CVE-2024-22191
Affects avo | Versions <2.47.0>=3.0.0.beta1, <3.3.0
Has fix
RubyGemsPublished 18 Jan 2024
  • M
HTTP Request SmugglingCVE-2024-21647
Affects puma | Versions <5.6.8>=6.0.0, <6.4.2
Has fix
RubyGemsPublished 9 Jan 2024
  • H
Uncontrolled Resource Consumption ('Resource Exhaustion')CVE-2024-0241
Affects encoded_id | Versions <1.0.0.rc3
Has fix
RubyGemsPublished 5 Jan 2024
  • M
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CVE-2024-21636
Affects view_component | Versions <2.83.0>=3.0.0, <3.9.0
Has fix
RubyGemsPublished 5 Jan 2024
  • H
Improper AuthenticationCVE-2024-21632
Affects omniauth-microsoft_graph | Versions <2.0.0
Has fix
RubyGemsPublished 3 Jan 2024
  • H
Improper Verification of Cryptographic SignatureCVE-2023-51774
Affects json-jwt | Versions <1.15.3.1>=1.16.0, <1.16.6
Has fix
RubyGemsPublished 27 Dec 2023
  • C
Improper Neutralization of Formula Elements in a CSV FileCVE-2023-51763
Affects activeadmin | Versions <3.2.0
Has fix
RubyGemsPublished 24 Dec 2023
  • M
Cross-site Scripting (XSS)CVE-2022-44303
Affects resque-scheduler | Versions <4.10.2
Has fix
RubyGemsPublished 20 Dec 2023