Homepage
About Snyk

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Expand this section

APPLICATION

Expand this section

OPERATING SYSTEM

Report a new vulnerability
VULNERABILITY AFFECTS TYPE PUBLISHED
  • M
Deserialization of Untrusted Data 		kramdown >=1.16.0, <2.3.1 RubyGems 19 Mar 2021
  • H
Denial of Service (DoS) 		spree <4.2.0 RubyGems 8 Mar 2021
  • M
Timing Attack 		activerecord-session_store <2.0.0 RubyGems 5 Mar 2021
  • M
Open Redirect 		actionpack >=6.0.0, <6.0.3.5 >=6.1.0.rc1, <6.1.2.1 RubyGems 2 Mar 2021
  • H
Regular Expression Denial of Service (ReDoS) 		activerecord >=6.1.0, <6.1.2.1 >=6.0.0, <6.0.3.5 >=4.2.0, <5.2.4.5 RubyGems 2 Mar 2021
  • H
Unsafe Dependency Resolution 		bundler >=1.16.0, <2.2.10 >=2.2.11, <2.2.16 RubyGems 22 Feb 2021
  • M
Man-in-the-Middle (MitM) 		twitter-stream >=0.0.0 RubyGems 21 Feb 2021
  • M
Man-in-the-Middle (MitM) 		tweetstream >=0.0.0 RubyGems 21 Feb 2021
  • H
Code Injection 		lodash-rails <4.17.21 RubyGems 15 Feb 2021
  • H
Denial of Service (DoS) 		rails >=4.2.0, <5.2.4.5 >=6.0.0.beta1, <6.0.3.5 >=6.1.0.rc1, <6.1.2.1 RubyGems 11 Feb 2021
  • M
Server-Side Request Forgery (SSRF) 		carrierwave >=2.0.0.rc, <2.1.1 <1.3.2 RubyGems 9 Feb 2021
  • M
Remote Code Execution (RCE) 		carrierwave >=2.0.0.rc, <2.1.1 <1.3.2 RubyGems 9 Feb 2021
  • H
Command Injection 		mechanize >=2.0.0, <2.7.7 RubyGems 3 Feb 2021
  • M
Cross-site Scripting (XSS) 		rails_admin <1.4.3 >=2.0.0, <2.0.2 RubyGems 13 Jan 2021
  • H
Cross-site Scripting (XSS) 		redcarpet <3.5.1 RubyGems 12 Jan 2021
  • H
Authentication Bypass 		omniauth-apple >=1.0.0, <1.0.1 RubyGems 5 Jan 2021
  • L
XML External Entity (XXE) Injection 		nokogiri <1.11.0.rc4 RubyGems 31 Dec 2020
  • C
Malicious Package 		pretty_color >=0.0.0 RubyGems 17 Dec 2020
  • C
Malicious Package 		ruby-bitcoin >=0.0.0 RubyGems 17 Dec 2020
  • M
Information Exposure 		gitaly >=1.79.0, <13.3.9 >=13.4, <13.4.5 >=13.5, <13.5.2 RubyGems 17 Nov 2020
  • H
Information Exposure 		spree_api >=3.7.0, <3.7.13 >=4.0.0, <4.0.5 >=4.1.0, <4.1.12 RubyGems 15 Nov 2020
  • L
Remote Code Execution (RCE) 		dependabot-common >=0.119.0.beta1, <0.125.1 RubyGems 15 Nov 2020
  • L
Remote Code Execution (RCE) 		dependabot-omnibus >=0.119.0.beta1, <0.125.1 RubyGems 15 Nov 2020
  • H
Regression in JWT Signature Validation 		omniauth-auth0 >=2.3.0, <2.4.1 RubyGems 23 Oct 2020
  • H
Authentication Bypass 		spree >=3.7.0, <3.7.11 >=4.0.0, <4.0.4 >=4.1.0, <4.1.11 RubyGems 21 Oct 2020
  • H
Cross-site Scripting (XSS) 		actionpack >=6.0.0, <6.0.3.4 RubyGems 8 Oct 2020
  • M
Timing Attack 		shrine <3.3.0 RubyGems 6 Oct 2020
  • H
HTTP Request Smuggling 		webrick <1.5.1 >=1.6.0, <1.6.1 RubyGems 29 Sep 2020
  • H
Man-in-the-Middle (MitM) 		oauth <0.5.5 RubyGems 25 Sep 2020
  • H
Cross-site Scripting (XSS) 		gon <6.4.0 RubyGems 24 Sep 2020