Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/rubygem-ruby_parser@2.0.4-6?arch=el6op
Typerpm
Namespaceredhat
Namerubygem-ruby_parser
Version2.0.4-6
Qualifiers
arch el6op
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3pxk-m6dm-6qe3
vulnerability_id VCID-3pxk-m6dm-6qe3
summary 
Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows
context-dependent attackers to bypass safe-level restrictions and modify
untainted strings via the (1) exc_to_s or (2) name_err_to_s API function,
which marks the string as tainted, a different vulnerability than
CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005
regression.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4464.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4464.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4464
reference_id
reference_type
scores
0
value 0.00681
scoring_system epss
scoring_elements 0.71993
published_at 2026-06-04T12:55:00Z
1
value 0.00681
scoring_system epss
scoring_elements 0.72034
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4464
2
reference_url https://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
reference_id
reference_type
scores
url https://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=862598
reference_id 862598
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=862598
4
reference_url https://usn.ubuntu.com/1602-1/
reference_id USN-1602-1
reference_type
scores
url https://usn.ubuntu.com/1602-1/
5
reference_url https://usn.ubuntu.com/1614-1/
reference_id USN-1614-1
reference_type
scores
url https://usn.ubuntu.com/1614-1/
fixed_packages
aliases CVE-2012-4464, GHSA-gjcp-rx5c-g849
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3pxk-m6dm-6qe3
1
url VCID-7m31-x66p-3bha
vulnerability_id VCID-7m31-x66p-3bha
summary 
actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3465
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56369
published_at 2026-06-04T12:55:00Z
1
value 0.00333
scoring_system epss
scoring_elements 0.56425
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3465
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77
6
reference_url https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a
7
reference_url https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
8
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847200
reference_id 847200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847200
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3465
reference_id CVE-2012-3465
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3465
11
reference_url https://github.com/advisories/GHSA-7g65-ghrg-hpf5
reference_id GHSA-7g65-ghrg-hpf5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7g65-ghrg-hpf5
12
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
13
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m31-x66p-3bha
2
url VCID-8du4-pguk-xufz
vulnerability_id VCID-8du4-pguk-xufz
summary OpenShift: /proc/net/tcp information disclosure
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3602.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3602.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3602
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.15532
published_at 2026-06-04T12:55:00Z
1
value 0.00049
scoring_system epss
scoring_elements 0.15614
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3602
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1131680
reference_id 1131680
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1131680
3
reference_url https://access.redhat.com/errata/RHSA-2014:1796
reference_id RHSA-2014:1796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1796
4
reference_url https://access.redhat.com/errata/RHSA-2014:1906
reference_id RHSA-2014:1906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1906
fixed_packages
aliases CVE-2014-3602
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8du4-pguk-xufz
3
url VCID-8rsn-nwsu-4fev
vulnerability_id VCID-8rsn-nwsu-4fev
summary 
Ruby name_err_mesg_to_str Method Safe Level Security Bypass
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before
revision r37068 allows context-dependent attackers to bypass safe-level
restrictions and modify untainted strings via the name_err_mesg_to_str API
function, which marks the string as tainted, a different vulnerability than
CVE-2011-1005.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4466.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4466.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4466
reference_id
reference_type
scores
0
value 0.01686
scoring_system epss
scoring_elements 0.82553
published_at 2026-06-04T12:55:00Z
1
value 0.01686
scoring_system epss
scoring_elements 0.8258
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4466
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4466
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-4466
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=862614
reference_id 862614
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=862614
4
reference_url https://usn.ubuntu.com/1602-1/
reference_id USN-1602-1
reference_type
scores
url https://usn.ubuntu.com/1602-1/
5
reference_url https://usn.ubuntu.com/1603-1/
reference_id USN-1603-1
reference_type
scores
url https://usn.ubuntu.com/1603-1/
6
reference_url https://usn.ubuntu.com/1603-2/
reference_id USN-1603-2
reference_type
scores
url https://usn.ubuntu.com/1603-2/
7
reference_url https://usn.ubuntu.com/1614-1/
reference_id USN-1614-1
reference_type
scores
url https://usn.ubuntu.com/1614-1/
fixed_packages
aliases CVE-2012-4466, GHSA-gm9g-777x-3fp6
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8rsn-nwsu-4fev
4
url VCID-a7v6-afbj-qkhy
vulnerability_id VCID-a7v6-afbj-qkhy
summary 
activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3464
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.47998
published_at 2026-06-05T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.47935
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce
6
reference_url https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23
7
reference_url https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870
8
reference_url https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc
9
reference_url https://github.com/rails/rails/issues/7215
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/issues/7215
10
reference_url https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain
11
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847199
reference_id 847199
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847199
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3464
reference_id CVE-2012-3464
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3464
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml
reference_id CVE-2012-3464.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml
15
reference_url https://github.com/advisories/GHSA-h835-75hw-pj89
reference_id GHSA-h835-75hw-pj89
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h835-75hw-pj89
16
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
17
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-3464, GHSA-h835-75hw-pj89, OSV-84516
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7v6-afbj-qkhy
5
url VCID-cce9-3g2x-h3dt
vulnerability_id VCID-cce9-3g2x-h3dt
summary 
SQL injection vulnerability in Active Record
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2661
reference_id
reference_type
scores
0
value 0.00627
scoring_system epss
scoring_elements 0.70653
published_at 2026-06-05T12:55:00Z
1
value 0.00627
scoring_system epss
scoring_elements 0.70611
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2661
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
7
reference_url https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
9
reference_url https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2661
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2661
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=827363
reference_id 827363
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=827363
12
reference_url https://github.com/advisories/GHSA-fh39-v733-mxfr
reference_id GHSA-fh39-v733-mxfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh39-v733-mxfr
13
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
14
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-2661, GHSA-fh39-v733-mxfr, OSV-82403
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cce9-3g2x-h3dt
6
url VCID-dmps-nju4-syb1
vulnerability_id VCID-dmps-nju4-syb1
summary openshift-origin-broker: default password creation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0234.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0234.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0234
reference_id
reference_type
scores
0
value 0.08806
scoring_system epss
scoring_elements 0.92673
published_at 2026-06-04T12:55:00Z
1
value 0.08806
scoring_system epss
scoring_elements 0.92685
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0234
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1097008
reference_id 1097008
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1097008
fixed_packages
aliases CVE-2014-0234
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmps-nju4-syb1
7
url VCID-dx34-zm9p-1ydc
vulnerability_id VCID-dx34-zm9p-1ydc
summary 
actionpack Improper Authentication vulnerability
The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3424
reference_id
reference_type
scores
0
value 0.00981
scoring_system epss
scoring_elements 0.77153
published_at 2026-06-05T12:55:00Z
1
value 0.00981
scoring_system epss
scoring_elements 0.77122
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3424
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600
6
reference_url https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain
7
reference_url http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=843711
reference_id 843711
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=843711
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3424
reference_id CVE-2012-3424
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3424
10
reference_url https://github.com/advisories/GHSA-92w9-2pqw-rhjj
reference_id GHSA-92w9-2pqw-rhjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92w9-2pqw-rhjj
11
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
12
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-3424, GHSA-92w9-2pqw-rhjj, OSV-84243
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx34-zm9p-1ydc
8
url VCID-f21a-143f-9qay
vulnerability_id VCID-f21a-143f-9qay
summary 
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2694
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44672
published_at 2026-06-04T12:55:00Z
1
value 0.0022
scoring_system epss
scoring_elements 0.44741
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2694
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2f3bc0467311781ac1ceb2c8c2b09002c8fe143a
10
reference_url https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/c202638225519b5e1a03ebe523b109c948fb0e52
11
reference_url https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/e2d3a87f2c211def?dmode=source&output=gplain
12
reference_url https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/jILZ34tAHF4/m/7x0hLH-o0-IJ
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=831581
reference_id 831581
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=831581
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2694
reference_id CVE-2012-2694
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2694
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml
reference_id CVE-2012-2694.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2694.yml
16
reference_url https://github.com/advisories/GHSA-q34c-48gc-m9g8
reference_id GHSA-q34c-48gc-m9g8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q34c-48gc-m9g8
17
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
18
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-2694, GHSA-q34c-48gc-m9g8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f21a-143f-9qay
9
url VCID-gq4p-3kvj-3kaq
vulnerability_id VCID-gq4p-3kvj-3kaq
summary 
Incorrect temporary file usage
The ruby_parser Gem does not create temporary files securely. In the `diff_pp` function contained in `lib/gauntlet_rubyparser.rb` function, it creates files as `/tmp/a.[pid]` and `/tmp/b.[pid]` which can be predicted and used for either a denial of service (file cannot be overwritten), or to change the contents of files that are writable.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0544.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0544.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0548.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0548.html
2
reference_url https://access.redhat.com/errata/RHSA-2013:0544
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0544
3
reference_url https://access.redhat.com/errata/RHSA-2013:0582
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0582
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0162.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0162.json
5
reference_url https://access.redhat.com/security/cve/CVE-2013-0162
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-0162
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0162
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35093
published_at 2026-06-04T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35188
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0162
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=892806
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=892806
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby_parser/CVE-2013-0162.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby_parser/CVE-2013-0162.yml
9
reference_url https://github.com/seattlerb/ruby_parser
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/seattlerb/ruby_parser
10
reference_url https://github.com/seattlerb/ruby_parser/commit/506c7e13cff6f8715385fa8488b621028b4ad280
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/seattlerb/ruby_parser/commit/506c7e13cff6f8715385fa8488b621028b4ad280
11
reference_url https://github.com/seattlerb/ruby_parser/commit/c35acd878d50a8e4ea35933e3fbdc493421d422c
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/seattlerb/ruby_parser/commit/c35acd878d50a8e4ea35933e3fbdc493421d422c
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0162
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0162
13
reference_url https://github.com/advisories/GHSA-8mvw-22r7-w6fq
reference_id GHSA-8mvw-22r7-w6fq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8mvw-22r7-w6fq
fixed_packages
aliases CVE-2013-0162, GHSA-8mvw-22r7-w6fq, OSV-90561
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gq4p-3kvj-3kaq
10
url VCID-hx86-64zz-8bds
vulnerability_id VCID-hx86-64zz-8bds
summary 
Jenkins Cross-Site Request Forgery vulnerabilities
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
references
0
reference_url https://access.redhat.com/errata/RHEA-2013:1032
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2013:1032
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2034.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2034.json
2
reference_url https://access.redhat.com/security/cve/CVE-2013-2034
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-2034
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2034
reference_id
reference_type
scores
0
value 0.00332
scoring_system epss
scoring_elements 0.56378
published_at 2026-06-05T12:55:00Z
1
value 0.00332
scoring_system epss
scoring_elements 0.56322
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2034
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=958958
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=958958
5
reference_url https://issues.jenkins-ci.org/browse/SECURITY-63
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jenkins-ci.org/browse/SECURITY-63
6
reference_url https://issues.jenkins-ci.org/browse/SECURITY-69
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jenkins-ci.org/browse/SECURITY-69
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2034
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2034
8
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02
9
reference_url http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
10
reference_url https://github.com/advisories/GHSA-fg4r-f9j2-36mw
reference_id GHSA-fg4r-f9j2-36mw
reference_type
scores
url https://github.com/advisories/GHSA-fg4r-f9j2-36mw
fixed_packages
aliases CVE-2013-2034, GHSA-fg4r-f9j2-36mw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hx86-64zz-8bds
11
url VCID-hxhy-qrkz-fkf5
vulnerability_id VCID-hxhy-qrkz-fkf5
summary Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1808.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1808.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1808
reference_id
reference_type
scores
0
value 0.01856
scoring_system epss
scoring_elements 0.83388
published_at 2026-06-04T12:55:00Z
1
value 0.01856
scoring_system epss
scoring_elements 0.83412
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1808
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1808
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1808
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=918054
reference_id 918054
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=918054
fixed_packages
aliases CVE-2013-1808
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hxhy-qrkz-fkf5
12
url VCID-kt5q-24cw-3faa
vulnerability_id VCID-kt5q-24cw-3faa
summary 
activerecord vulnerable to SQL Injection
The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2695
reference_id
reference_type
scores
0
value 0.00637
scoring_system epss
scoring_elements 0.70907
published_at 2026-06-05T12:55:00Z
1
value 0.00637
scoring_system epss
scoring_elements 0.70864
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2695
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18
9
reference_url https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain
10
reference_url https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=831573
reference_id 831573
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=831573
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2695
reference_id CVE-2012-2695
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2695
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml
reference_id CVE-2012-2695.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml
14
reference_url https://github.com/advisories/GHSA-76wq-xw4h-f8wj
reference_id GHSA-76wq-xw4h-f8wj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76wq-xw4h-f8wj
15
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
16
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-2695, GHSA-76wq-xw4h-f8wj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt5q-24cw-3faa
13
url VCID-nfkr-vhvf-j3hz
vulnerability_id VCID-nfkr-vhvf-j3hz
summary mcollective has a default password set at install
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0175.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0175.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0175
reference_id
reference_type
scores
0
value 0.00483
scoring_system epss
scoring_elements 0.65521
published_at 2026-06-04T12:55:00Z
1
value 0.00483
scoring_system epss
scoring_elements 0.65573
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0175
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0175
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0175
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1086381
reference_id 1086381
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1086381
fixed_packages
aliases CVE-2014-0175
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfkr-vhvf-j3hz
14
url VCID-nubk-gfke-tqa2
vulnerability_id VCID-nubk-gfke-tqa2
summary 
CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character
The rb_get_path_check function in file.c in Ruby 1.9.3 before
patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent
attackers to create files in unexpected locations or with unexpected
names via a NUL byte in a file path.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4522.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4522.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4522
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.44524
published_at 2026-06-04T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.44593
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4522
2
reference_url https://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability
reference_id
reference_type
scores
url https://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=865940
reference_id 865940
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=865940
4
reference_url https://access.redhat.com/errata/RHSA-2013:0129
reference_id RHSA-2013:0129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0129
5
reference_url https://usn.ubuntu.com/1614-1/
reference_id USN-1614-1
reference_type
scores
url https://usn.ubuntu.com/1614-1/
fixed_packages
aliases CVE-2012-4522, GHSA-6mch-f8jc-rpmr, OSV-87917
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nubk-gfke-tqa2
15
url VCID-p6yg-d8wm-4bgz
vulnerability_id VCID-p6yg-d8wm-4bgz
summary 
SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36549
published_at 2026-06-04T12:55:00Z
1
value 0.00159
scoring_system epss
scoring_elements 0.36643
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2660
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/61eed87ce32caf534bf1f52dd8134097b4ad9e1b
10
reference_url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d#diff-3179d24efacadd64068c4d9c1184eac3
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82610.yml
12
reference_url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!original/rubyonrails-security/8SA-M3as7A8/Mr9fi9X4kNgJ
13
reference_url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain
14
reference_url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8SA-M3as7A8/m/Mr9fi9X4kNgJ
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=827353
reference_id 827353
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=827353
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
reference_id CVE-2012-2660
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2660
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-2660.yml
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
reference_id CVE-2012-2660.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml
19
reference_url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
reference_id GHSA-hgpp-pp89-4fgf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgpp-pp89-4fgf
20
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
21
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6yg-d8wm-4bgz
16
url VCID-sb81-8nm8-dudw
vulnerability_id VCID-sb81-8nm8-dudw
summary 
Circumvention of attr_protected
The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0686.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0686.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0276
reference_id
reference_type
scores
0
value 0.00606
scoring_system epss
scoring_elements 0.70074
published_at 2026-06-05T12:55:00Z
1
value 0.00606
scoring_system epss
scoring_elements 0.70033
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0276
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml
7
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8
8
reference_url https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0276
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0276
10
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
11
reference_url https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896
12
reference_url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
13
reference_url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
14
reference_url http://www.debian.org/security/2013/dsa-2620
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2620
15
reference_url http://www.openwall.com/lists/oss-security/2013/02/11/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/11/5
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=909528
reference_id 909528
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=909528
17
reference_url https://github.com/advisories/GHSA-gr44-7grc-37vq
reference_id GHSA-gr44-7grc-37vq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gr44-7grc-37vq
18
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
19
reference_url https://access.redhat.com/errata/RHSA-2013:0686
reference_id RHSA-2013:0686
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0686
fixed_packages
aliases CVE-2013-0276, GHSA-gr44-7grc-37vq, OSV-90072
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sb81-8nm8-dudw
17
url VCID-t9c8-r3yp-sbde
vulnerability_id VCID-t9c8-r3yp-sbde
summary 
Ruby on Rails Potential XSS Vulnerability in select_tag prompt
When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3463
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56425
published_at 2026-06-05T12:55:00Z
1
value 0.00333
scoring_system epss
scoring_elements 0.56369
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3463
3
reference_url https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
4
reference_url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
5
reference_url https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
6
reference_url https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3463
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3463
8
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
9
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847196
reference_id 847196
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847196
11
reference_url https://github.com/advisories/GHSA-98mf-8f57-64qf
reference_id GHSA-98mf-8f57-64qf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98mf-8f57-64qf
12
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
13
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
aliases CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9c8-r3yp-sbde
18
url VCID-tycy-2ukm-r7av
vulnerability_id VCID-tycy-2ukm-r7av
summary 
CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes
hash values without properly restricting the ability to trigger hash
collisions predictably, which allows context-dependent attackers to
cause a denial of service (CPU consumption) via crafted input to an
application that maintains a hash table, as demonstrated by a universal
multicollision attack against a variant of the MurmurHash2
algorithm, a different vulnerability than CVE-2011-4815.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5371.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5371.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5371
reference_id
reference_type
scores
0
value 0.0194
scoring_system epss
scoring_elements 0.83756
published_at 2026-06-04T12:55:00Z
1
value 0.0194
scoring_system epss
scoring_elements 0.83779
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5371
2
reference_url https://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371
reference_id
reference_type
scores
url https://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=875236
reference_id 875236
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=875236
4
reference_url https://security.gentoo.org/glsa/201412-27
reference_id GLSA-201412-27
reference_type
scores
url https://security.gentoo.org/glsa/201412-27
5
reference_url https://access.redhat.com/errata/RHSA-2026:7305
reference_id RHSA-2026:7305
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7305
6
reference_url https://access.redhat.com/errata/RHSA-2026:7307
reference_id RHSA-2026:7307
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7307
7
reference_url https://access.redhat.com/errata/RHSA-2026:8838
reference_id RHSA-2026:8838
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8838
8
reference_url https://usn.ubuntu.com/1733-1/
reference_id USN-1733-1
reference_type
scores
url https://usn.ubuntu.com/1733-1/
fixed_packages
aliases CVE-2012-5371, GHSA-phrv-cj28-9h57, OSV-87863
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tycy-2ukm-r7av
19
url VCID-wt9d-ejgc-ryg7
vulnerability_id VCID-wt9d-ejgc-ryg7
summary 
Unsafe Query Generation Risk in Ruby on Rails
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.
references
0
reference_url http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
1
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0155
reference_id
reference_type
scores
0
value 0.18174
scoring_system epss
scoring_elements 0.95322
published_at 2026-06-05T12:55:00Z
1
value 0.18174
scoring_system epss
scoring_elements 0.95315
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0155
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml
11
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI
12
reference_url https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0155
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0155
14
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
15
reference_url http://www.debian.org/security/2013/dsa-2609
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2609
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=892866
reference_id 892866
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=892866
17
reference_url https://github.com/advisories/GHSA-gppp-5xc5-wfpx
reference_id GHSA-gppp-5xc5-wfpx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gppp-5xc5-wfpx
18
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
19
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
20
reference_url https://access.redhat.com/errata/RHSA-2013:0155
reference_id RHSA-2013:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0155
fixed_packages
aliases CVE-2013-0155, GHSA-gppp-5xc5-wfpx, OSV-89025
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wt9d-ejgc-ryg7
20
url VCID-ww5y-dfs2-ubef
vulnerability_id VCID-ww5y-dfs2-ubef
summary Enterprise: gears fail to properly isolate network traffic
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3674.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3674.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3674
reference_id
reference_type
scores
0
value 0.004
scoring_system epss
scoring_elements 0.61032
published_at 2026-06-04T12:55:00Z
1
value 0.004
scoring_system epss
scoring_elements 0.61081
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3674
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1148170
reference_id 1148170
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1148170
3
reference_url https://access.redhat.com/errata/RHSA-2014:1796
reference_id RHSA-2014:1796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1796
4
reference_url https://access.redhat.com/errata/RHSA-2014:1906
reference_id RHSA-2014:1906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1906
fixed_packages
aliases CVE-2014-3674
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ww5y-dfs2-ubef
21
url VCID-x2kn-aegv-9ya6
vulnerability_id VCID-x2kn-aegv-9ya6
summary 
openshift-origin-node Improper Input Validation vulnerability
Ruby gem openshift-origin-node before 2014-02-14 does not
contain a cronjob timeout which could result in a denial of
service in cron.daily and cron.weekly.
references
0
reference_url https://access.redhat.com/errata/RHBA-2014:0487
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2014:0487
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0084.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0084.json
2
reference_url https://access.redhat.com/security/cve/CVE-2014-0084
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-0084
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0084
reference_id
reference_type
scores
0
value 0.00122
scoring_system epss
scoring_elements 0.30853
published_at 2026-06-05T12:55:00Z
1
value 0.00122
scoring_system epss
scoring_elements 0.30781
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0084
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1065198
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1065198
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0084
6
reference_url https://github.com/openshift/origin-server
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openshift/origin-server
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openshift-origin-node/CVE-2014-0084.yml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openshift-origin-node/CVE-2014-0084.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0084
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0084
9
reference_url https://github.com/advisories/GHSA-756m-3qf2-hp58
reference_id GHSA-756m-3qf2-hp58
reference_type
scores
url https://github.com/advisories/GHSA-756m-3qf2-hp58
fixed_packages
aliases CVE-2014-0084, GHSA-756m-3qf2-hp58
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2kn-aegv-9ya6
22
url VCID-z5ed-ujrf-2ka2
vulnerability_id VCID-z5ed-ujrf-2ka2
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-2033 Jenkins: Build Description XSS
references
0
reference_url https://access.redhat.com/errata/RHEA-2013:1032
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2013:1032
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2033.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2033.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2033
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.39046
published_at 2026-06-04T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39134
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2033
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=958957
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=958957
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84004
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84004
5
reference_url https://issues.jenkins-ci.org/browse/SECURITY-67
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jenkins-ci.org/browse/SECURITY-67
6
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02
7
reference_url http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
8
reference_url https://access.redhat.com/security/cve/CVE-2013-2033
reference_id CVE-2013-2033
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-2033
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2033
reference_id CVE-2013-2033
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2033
10
reference_url https://github.com/advisories/GHSA-826f-32qm-vm3j
reference_id GHSA-826f-32qm-vm3j
reference_type
scores
url https://github.com/advisories/GHSA-826f-32qm-vm3j
fixed_packages
aliases CVE-2013-2033, GHSA-826f-32qm-vm3j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5ed-ujrf-2ka2
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-ruby_parser@2.0.4-6%3Farch=el6op