Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/jquery-ui-rails@7.0.0
purl pkg:gem/jquery-ui-rails@7.0.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-btgv-ef3h-83d3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. CVE-2021-41182
GHSA-9gj3-hwp5-pmwc
VCID-gypk-ukbc-7qe3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. CVE-2021-41183
GHSA-j7qv-pgf6-hvh4
VCID-sbmj-9trz-2ybf Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') jQuery-UI is the official jQuery user interface library.Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. CVE-2021-41184
GHSA-gpqq-952q-5327

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-02T16:58:23.751793+00:00 GHSA Importer Fixing VCID-gypk-ukbc-7qe3 https://github.com/advisories/GHSA-j7qv-pgf6-hvh4 38.1.0
2026-04-02T16:58:23.615640+00:00 GHSA Importer Fixing VCID-sbmj-9trz-2ybf https://github.com/advisories/GHSA-gpqq-952q-5327 38.1.0
2026-04-02T16:58:23.387378+00:00 GHSA Importer Fixing VCID-btgv-ef3h-83d3 https://github.com/advisories/GHSA-9gj3-hwp5-pmwc 38.1.0
2026-04-01T13:00:42.100068+00:00 GithubOSV Importer Fixing VCID-gypk-ukbc-7qe3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-j7qv-pgf6-hvh4/GHSA-j7qv-pgf6-hvh4.json 38.0.0
2026-04-01T13:00:37.401021+00:00 GithubOSV Importer Fixing VCID-sbmj-9trz-2ybf https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-gpqq-952q-5327/GHSA-gpqq-952q-5327.json 38.0.0
2026-04-01T13:00:36.285507+00:00 GithubOSV Importer Fixing VCID-btgv-ef3h-83d3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-9gj3-hwp5-pmwc/GHSA-9gj3-hwp5-pmwc.json 38.0.0
2026-04-01T12:48:58.549580+00:00 GitLab Importer Fixing VCID-sbmj-9trz-2ybf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/jquery-ui-rails/CVE-2021-41184.yml 38.0.0