VulnerableCode Package Details

Search for packages

Vulnerability	Summary	Fixed by
VCID-3s9f-prpy-hbcx Aliases: CVE-2019-11358 GHSA-6c3j-c64m-qhgq	Cross-site Scripting The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`	6.1.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-a1z8-2fdu-1uhd Aliases: CVE-2021-31799 GHSA-ggxm-pgc9-g7fp	Arbitrary Code Execution in Rdoc In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via \| and tags in a filename.	6.1.2.1 Affected by 0 other vulnerabilities. 6.2.1.1 Affected by 0 other vulnerabilities. 6.3.1 Affected by 0 other vulnerabilities.
VCID-pb4n-q6u8-syds Aliases: CVE-2013-0256 GHSA-v2r9-c84j-v7xm OSV-90004	XSS exploit of RDoc documentation generated by rdoc This exploit may lead to cookie disclosure to third parties. The exploit exists in darkfish.js which is copied from the RDoc install location to the generated documentation. RDoc is a static documentation generation tool. Patching the library itself is insufficient to correct this exploit.	3.12 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.12.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.0.rc.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tmjp-8edk-nyh3 Aliases: CVE-2015-9251 GHSA-rmxg-73gg-4p98	The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing `text/javascript` responses to be executed.	6.1.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-xdph-4cg9-6qah Aliases: CVE-2012-6708 GHSA-2pqj-h3vj-pqgw	The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks. jQuery only deems the input to be HTML if it explicitly starts with the `<` character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.	6.1.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3s9f-prpy-hbcx
Aliases:
CVE-2019-11358
GHSA-6c3j-c64m-qhgq

Cross-site Scripting The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`

6.1.2
Affected by 1 other vulnerability.

VCID-a1z8-2fdu-1uhd
Aliases:
CVE-2021-31799
GHSA-ggxm-pgc9-g7fp

Arbitrary Code Execution in Rdoc In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

6.1.2.1
Affected by 0 other vulnerabilities.

6.2.1.1
Affected by 0 other vulnerabilities.

6.3.1
Affected by 0 other vulnerabilities.

VCID-pb4n-q6u8-syds
Aliases:
CVE-2013-0256
GHSA-v2r9-c84j-v7xm
OSV-90004

XSS exploit of RDoc documentation generated by rdoc This exploit may lead to cookie disclosure to third parties. The exploit exists in darkfish.js which is copied from the RDoc install location to the generated documentation. RDoc is a static documentation generation tool. Patching the library itself is insufficient to correct this exploit.

3.12
Affected by 5 other vulnerabilities.

3.12.1
Affected by 4 other vulnerabilities.

4.0.0.rc.2
Affected by 4 other vulnerabilities.

VCID-tmjp-8edk-nyh3
Aliases:
CVE-2015-9251
GHSA-rmxg-73gg-4p98

The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing `text/javascript` responses to be executed.

6.1.2
Affected by 1 other vulnerability.

VCID-xdph-4cg9-6qah
Aliases:
CVE-2012-6708
GHSA-2pqj-h3vj-pqgw

The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks. jQuery only deems the input to be HTML if it explicitly starts with the `<` character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

6.1.2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:30:31.798922+00:00	GitLab Importer	Affected by	VCID-a1z8-2fdu-1uhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2021-31799.yml	38.4.0
2026-04-16T20:53:50.897327+00:00	GitLab Importer	Affected by	VCID-3s9f-prpy-hbcx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2019-11358.yml	38.4.0
2026-04-16T20:41:11.451658+00:00	GitLab Importer	Affected by	VCID-tmjp-8edk-nyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2015-9251.yml	38.4.0
2026-04-16T20:41:11.074263+00:00	GitLab Importer	Affected by	VCID-xdph-4cg9-6qah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2012-6708.yml	38.4.0
2026-04-16T20:30:24.312992+00:00	GitLab Importer	Affected by	VCID-pb4n-q6u8-syds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2013-0256.yml	38.4.0
2026-04-16T17:34:56.062981+00:00	Ruby Importer	Affected by	VCID-pb4n-q6u8-syds	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2013-0256.yml	38.4.0
2026-04-16T01:19:55.121531+00:00	GHSA Importer	Affected by	VCID-pb4n-q6u8-syds	https://github.com/advisories/GHSA-v2r9-c84j-v7xm	38.4.0
2026-04-11T22:43:38.687218+00:00	GitLab Importer	Affected by	VCID-a1z8-2fdu-1uhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2021-31799.yml	38.3.0
2026-04-11T22:04:44.239183+00:00	GitLab Importer	Affected by	VCID-3s9f-prpy-hbcx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2019-11358.yml	38.3.0
2026-04-11T21:51:46.105727+00:00	GitLab Importer	Affected by	VCID-tmjp-8edk-nyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2015-9251.yml	38.3.0
2026-04-11T21:51:45.444990+00:00	GitLab Importer	Affected by	VCID-xdph-4cg9-6qah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2012-6708.yml	38.3.0
2026-04-11T21:40:50.414172+00:00	GitLab Importer	Affected by	VCID-pb4n-q6u8-syds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2013-0256.yml	38.3.0
2026-04-11T21:31:37.182237+00:00	Ruby Importer	Affected by	VCID-pb4n-q6u8-syds	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2013-0256.yml	38.3.0
2026-04-11T12:48:00.959991+00:00	GHSA Importer	Affected by	VCID-pb4n-q6u8-syds	https://github.com/advisories/GHSA-v2r9-c84j-v7xm	38.3.0
2026-04-02T22:53:44.842782+00:00	GitLab Importer	Affected by	VCID-a1z8-2fdu-1uhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2021-31799.yml	38.1.0
2026-04-02T22:17:40.339704+00:00	GitLab Importer	Affected by	VCID-3s9f-prpy-hbcx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2019-11358.yml	38.1.0
2026-04-02T22:05:34.014420+00:00	GitLab Importer	Affected by	VCID-tmjp-8edk-nyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2015-9251.yml	38.1.0
2026-04-02T22:05:33.385458+00:00	GitLab Importer	Affected by	VCID-xdph-4cg9-6qah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2012-6708.yml	38.1.0
2026-04-02T21:54:59.328463+00:00	GitLab Importer	Affected by	VCID-pb4n-q6u8-syds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2013-0256.yml	38.1.0
2026-04-02T19:30:17.463096+00:00	Ruby Importer	Affected by	VCID-pb4n-q6u8-syds	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2013-0256.yml	38.1.0
2026-04-02T16:58:09.753233+00:00	GHSA Importer	Affected by	VCID-a1z8-2fdu-1uhd	https://github.com/advisories/GHSA-ggxm-pgc9-g7fp	38.1.0
2026-04-02T13:43:02.217330+00:00	GHSA Importer	Affected by	VCID-pb4n-q6u8-syds	https://github.com/advisories/GHSA-v2r9-c84j-v7xm	38.1.0
2026-04-01T16:35:18.498796+00:00	GitLab Importer	Affected by	VCID-3s9f-prpy-hbcx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2019-11358.yml	38.0.0
2026-04-01T16:22:31.350778+00:00	GitLab Importer	Affected by	VCID-tmjp-8edk-nyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2015-9251.yml	38.0.0
2026-04-01T16:22:30.849603+00:00	GitLab Importer	Affected by	VCID-xdph-4cg9-6qah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2012-6708.yml	38.0.0
2026-04-01T16:12:15.825392+00:00	GitLab Importer	Affected by	VCID-pb4n-q6u8-syds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2013-0256.yml	38.0.0
2026-04-01T15:47:01.175466+00:00	Ruby Importer	Affected by	VCID-pb4n-q6u8-syds	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2013-0256.yml	38.0.0
2026-04-01T12:48:49.353589+00:00	GitLab Importer	Affected by	VCID-a1z8-2fdu-1uhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rdoc/CVE-2021-31799.yml	38.0.0