See the full list of npm packages compromised in the "SHA1-Hulud npm supply chain incident – Nov 2025" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
| VULNERABILITY | AFFECTS | TYPE | PUBLISHED |
|---|---|---|---|
| em-http-request<1.1.6 | RubyGems | 26 May 2020 |
| puma<3.12.5>=4.0.0, <4.3.4 | RubyGems | 22 May 2020 |
| puma<3.12.6>=4.0.0, <4.3.5 | RubyGems | 22 May 2020 |
| em-imap>=0.0.0 | RubyGems | 20 May 2020 |
| actionpack<5.2.4.3>=6.0.0, <6.0.3.1 | RubyGems | 19 May 2020 |
| activesupport<5.2.4.3>=6.0.0, <6.0.3.1 | RubyGems | 19 May 2020 |
| actionpack<5.2.4.3>=6.0.0, <6.0.3.1 | RubyGems | 19 May 2020 |
| actionview<5.2.4.3>=6.0.0, <6.0.3.1 | RubyGems | 19 May 2020 |
| activestorage<5.2.4.3>=6.0.0, <6.0.3.1 | RubyGems | 19 May 2020 |
| actionview<4.2.11.3>=5.0.0, <5.0.1 | RubyGems | 17 May 2020 |
| rack<2.1.3 | RubyGems | 13 May 2020 |
| sorcery<0.15.0 | RubyGems | 8 May 2020 |
| actionpack-page_caching<1.2.1 | RubyGems | 6 May 2020 |
| activeresource<5.1.1 | RubyGems | 6 May 2020 |
| doorkeeper>=5.0.0, <5.0.3>=5.1.0, <5.1.1>=5.2.0, <5.2.5>=5.3.0, <5.3.2 | RubyGems | 4 May 2020 |
| bson<3.0.4 | RubyGems | 30 Apr 2020 |
| log4j-jars<2.15.0 | RubyGems | 28 Apr 2020 |
| slyphon-log4j>=0.0.0 | RubyGems | 28 Apr 2020 |
| lodash-rails<4.17.21 | RubyGems | 28 Apr 2020 |
| faye<1.0.4>=1.1.0, <1.1.3>=1.2.0, <1.2.5 | RubyGems | 28 Apr 2020 |
| faye<1.1.0 | RubyGems | 23 Apr 2020 |
| damn_weather>=0.0.0 | RubyGems | 17 Apr 2020 |
| capistrano-telegram-notification>=0.0.0 | RubyGems | 17 Apr 2020 |
| a14z6ch-elapsed_days>=0.0.0 | RubyGems | 17 Apr 2020 |
| active-model-policy>=0.0.0 | RubyGems | 17 Apr 2020 |
| active-admin_import>=0.0.0 | RubyGems | 17 Apr 2020 |
| action-parameter>=0.0.0 | RubyGems | 17 Apr 2020 |
| active-model_serializer_plus>=0.0.0 | RubyGems | 17 Apr 2020 |
| about-pos>=0.0.0 | RubyGems | 17 Apr 2020 |
| rubylove-playing-cards>=0.0.0 | RubyGems | 17 Apr 2020 |