Vulnerability-Lookup

Recent vulnerabilities from

Select from 70 available sources using the dropdown above.

ID	Description	Updated
gsd-2007-0469	The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whethe…	2007-01-22T00:00:00.000Z
gsd-2007-6183	Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialo…	2007-11-27T00:00:00.000Z
gsd-2008-7311	Spree contains a hardcoded flaw related to the config.action_controller_session hash valu…	2008-08-12T00:00:00.000Z
gsd-2008-7310	Spree contains a hash restriction weakness that occurs when parsing a modified URL. This …	2008-09-22T00:00:00.000Z
gsd-2009-4123	A security problem involving peer certificate verification was found where failed verific…	2009-12-07T00:00:00.000Z
gsd-2010-3978	Spree contains a flaw that may lead to an unauthorized information disclosure. The issue …	2010-11-02T00:00:00.000Z
gsd-2011-0739	Mail Gem for Ruby contains a flaw related to the failure to properly sanitise input passe…	2011-01-25T00:00:00.000Z
gsd-2011-3186	A response splitting flaw in Ruby on Rails 2.3.x was reported that could allow a remote a…	2011-08-16T00:00:00.000Z
gsd-2011-4319	A cross-site scripting (XSS) flaw was found in the way the 'translate' helper method of t…	2011-11-17T00:00:00.000Z
gsd-2011-5036	Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for fo…	2011-12-28T00:00:00.000Z
gsd-2012-6135	Phusion Passenger Gem for Ruby contains a flaw that is triggered during application start…	2012-02-01T00:00:00.000Z
gsd-2012-6684	Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earli…	2012-02-29T00:00:00.000Z
gsd-2012-1098	Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x befo…	2012-03-01T00:00:00.000Z
gsd-2012-1099	Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_optio…	2012-03-01T00:00:00.000Z
gsd-2012-2139	Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb i…	2012-03-14T00:00:00.000Z
gsd-2012-2140	The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands …	2012-03-14T00:00:00.000Z
gsd-2012-2126	RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers …	2012-04-20T00:00:00.000Z
gsd-2012-6109	lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1…	2012-05-04T00:00:00.000Z
gsd-2012-2660	actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x befo…	2012-05-31T00:00:00.000Z
gsd-2012-2661	The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and…	2012-05-31T00:00:00.000Z
gsd-2012-2671	Rack::Cache (rack-cache) contains a flaw related to the rubygem caching sensitive HTTP he…	2012-06-06T00:00:00.000Z
gsd-2012-6685	Nokogiri before 1.5.4 is vulnerable to XXE attacks	2012-06-08T00:00:00.000Z
gsd-2012-3424	The decode_credentials method in actionpack/lib/action_controller/metal/http_authenticati…	2012-07-26T00:00:00.000Z
gsd-2012-3463	Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_h…	2012-08-09T00:00:00.000Z
gsd-2012-3464	Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/str…	2012-08-09T00:00:00.000Z
gsd-2012-3465	Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_h…	2012-08-09T00:00:00.000Z
gsd-2012-6134	The omniauth-oauth2 Ruby Gem contains a flaw that allows an attacker to inject values int…	2012-09-08T00:00:00.000Z
gsd-2012-2125	RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for …	2012-09-25T00:00:00.000Z
gsd-2012-5604	The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directo…	2012-12-04T00:00:00.000Z
gsd-2013-0284	A bug in the Ruby agent causes database connection information and raw SQL statements to …	2012-12-06T00:00:00.000Z