[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-1000078":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":93,"related":94,"reserved_at":9,"published_at":100,"modified_at":101,"state":102,"summary":103,"references_raw":112,"kevs":215,"epss":216,"epss_history":219,"metrics":479,"affected":492},"CVE-2018-1000078","RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46],"GHSA-87qx-g5wg-mwmj",[],[49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91],{"_key":50},"SUSE-SU-2019:1804-1",{"_key":52},"SUSE-SU-2020:1570-1",{"_key":54},"OPENSUSE-SU-2019:1771-1",{"_key":56},"DLA-1336-1",{"_key":58},"DLA-1337-1",{"_key":60},"DLA-1358-1",{"_key":62},"DLA-1421-1",{"_key":64},"DLA-1796-1",{"_key":66},"DSA-4219-1",{"_key":68},"DSA-4259-1",{"_key":70},"MGASA-2020-0243",{"_key":72},"MGASA-2019-0062",{"_key":74},"RHSA-2018:3729",{"_key":76},"RHSA-2018:3730",{"_key":78},"RHSA-2018:3731",{"_key":80},"RHSA-2019:2028",{"_key":82},"RHSA-2020:0542",{"_key":84},"RHSA-2020:0591",{"_key":86},"RHSA-2020:0663",{"_key":88},"UBUNTU-CVE-2018-1000078",{"_key":90},"USN-3621-1",{"_key":92},"DEBIAN-CVE-2018-1000078",[],[95,96,97,98,99],{"_key":50},{"_key":52},{"_key":54},{"_key":72},{"_key":70},"2018-03-13T15:00:00.000Z","2024-08-05T12:33:49.191Z","Modified",{"cisa_kev":104,"cisa_ransomware":104,"cisa_vendor":9,"epss_severity":105,"epss_score":106,"severity":107,"severity_score":108,"severity_version":109,"severity_source":110,"severity_vector":111,"severity_status":102},false,"low",0.00823,"medium",6.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[113,122,127,132,136,142,146,151,155,159,164,169,173,177,182,186,190,194,198,203,207,211],{"url":114,"sources":115,"tags":118},"https://www.debian.org/security/2018/dsa-4219",[116,110,117],"cve.org","osv_maven",[119,120,121],"Vendor Advisory","X Refsource DEBIAN","WEB",{"url":123,"sources":124,"tags":125},"https://usn.ubuntu.com/3621-1/",[116,110],[119,126],"X Refsource UBUNTU",{"url":128,"sources":129,"tags":130},"https://access.redhat.com/errata/RHSA-2018:3729",[116,110,117],[119,131,121],"X Refsource REDHAT",{"url":133,"sources":134,"tags":135},"https://access.redhat.com/errata/RHSA-2018:3730",[116,110,117],[119,131,121],{"url":137,"sources":138,"tags":139},"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html",[116,110,117],[140,141,121],"Mailing List","X Refsource MLIST",{"url":143,"sources":144,"tags":145},"https://access.redhat.com/errata/RHSA-2018:3731",[116,110,117],[119,131,121],{"url":147,"sources":148,"tags":149},"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html",[116,110,117],[140,141,150,121],"Third Party Advisory",{"url":152,"sources":153,"tags":154},"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html",[116,110,117],[140,141,121],{"url":156,"sources":157,"tags":158},"https://www.debian.org/security/2018/dsa-4259",[116,110,117],[119,120,121],{"url":160,"sources":161,"tags":162},"http://blog.rubygems.org/2018/02/15/2.7.6-released.html",[116,110,117],[163,119,121],"X Refsource MISC",{"url":165,"sources":166,"tags":167},"https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb",[116,110,117],[163,168,150,121],"Patch",{"url":170,"sources":171,"tags":172},"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html",[116,110,117],[140,141,150,121],{"url":174,"sources":175,"tags":176},"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html",[116,110,117],[140,141,121],{"url":178,"sources":179,"tags":180},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html",[116,110,117],[119,181,121],"X Refsource SUSE",{"url":183,"sources":184,"tags":185},"https://access.redhat.com/errata/RHSA-2019:2028",[116,110,117],[119,131,121],{"url":187,"sources":188,"tags":189},"https://access.redhat.com/errata/RHSA-2020:0542",[116,110,117],[119,131,121],{"url":191,"sources":192,"tags":193},"https://access.redhat.com/errata/RHSA-2020:0591",[116,110,117],[119,131,121],{"url":195,"sources":196,"tags":197},"https://access.redhat.com/errata/RHSA-2020:0663",[116,110,117],[119,131,121],{"url":199,"sources":200,"tags":201},"https://nvd.nist.gov/vuln/detail/CVE-2018-1000078",[117],[202],"Advisory",{"url":204,"sources":205,"tags":206},"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7",[117],[121],{"url":208,"sources":209,"tags":210},"https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183",[117],[121],{"url":212,"sources":213,"tags":214},"https://usn.ubuntu.com/3621-1",[117],[121],[],{"date":217,"score":106,"percentile":218},"2026-06-04",0.74798,[220,224,227,230,233,236,239,242,245,248,251,254,257,260,263,267,270,273,276,279,281,284,287,289,292,294,297,299,302,305,308,310,313,315,317,319,322,325,328,331,334,337,339,342,345,348,351,353,356,359,362,365,368,370,373,375,378,381,384,387,390,393,396,399,402,405,408,411,414,417,420,423,425,428,431,434,437,440,443,446,449,452,455,458,461,464,467,470,473,476],{"date":221,"score":222,"percentile":223},"2025-11-04",0.00763,0.72565,{"date":225,"score":222,"percentile":226},"2025-11-05",0.7255,{"date":228,"score":222,"percentile":229},"2025-11-06",0.72548,{"date":231,"score":222,"percentile":232},"2025-11-07",0.72564,{"date":234,"score":222,"percentile":235},"2025-11-08",0.72562,{"date":237,"score":222,"percentile":238},"2025-11-09",0.72555,{"date":240,"score":222,"percentile":241},"2025-11-10",0.72546,{"date":243,"score":222,"percentile":244},"2025-11-11",0.72552,{"date":246,"score":222,"percentile":247},"2025-11-12",0.7257,{"date":249,"score":222,"percentile":250},"2025-11-13",0.72578,{"date":252,"score":222,"percentile":253},"2025-11-14",0.72585,{"date":255,"score":222,"percentile":256},"2025-11-15",0.72584,{"date":258,"score":222,"percentile":259},"2025-11-16",0.7258,{"date":261,"score":222,"percentile":262},"2025-11-17",0.72574,{"date":264,"score":265,"percentile":266},"2025-11-18",0.01347,0.78384,{"date":268,"score":265,"percentile":269},"2025-11-19",0.78392,{"date":271,"score":265,"percentile":272},"2025-11-20",0.78399,{"date":274,"score":222,"percentile":275},"2025-11-21",0.72597,{"date":277,"score":222,"percentile":278},"2025-11-22",0.72591,{"date":280,"score":222,"percentile":262},"2025-11-23",{"date":282,"score":222,"percentile":283},"2025-11-24",0.72566,{"date":285,"score":222,"percentile":286},"2025-11-25",0.72568,{"date":288,"score":222,"percentile":262},"2025-11-26",{"date":290,"score":222,"percentile":291},"2025-11-27",0.72577,{"date":293,"score":222,"percentile":247},"2025-11-28",{"date":295,"score":222,"percentile":296},"2025-11-29",0.7256,{"date":298,"score":222,"percentile":238},"2025-11-30",{"date":300,"score":222,"percentile":301},"2025-12-01",0.72682,{"date":303,"score":222,"percentile":304},"2025-12-02",0.72694,{"date":306,"score":222,"percentile":307},"2025-12-03",0.72692,{"date":309,"score":222,"percentile":232},"2025-12-04",{"date":311,"score":222,"percentile":312},"2025-12-05",0.72573,{"date":314,"score":222,"percentile":262},"2025-12-06",{"date":316,"score":222,"percentile":250},"2025-12-07",{"date":318,"score":222,"percentile":259},"2025-12-08",{"date":320,"score":222,"percentile":321},"2025-12-09",0.72611,{"date":323,"score":222,"percentile":324},"2025-12-10",0.72644,{"date":326,"score":222,"percentile":327},"2025-12-11",0.72663,{"date":329,"score":222,"percentile":330},"2025-12-12",0.72684,{"date":332,"score":222,"percentile":333},"2025-12-13",0.72699,{"date":335,"score":222,"percentile":336},"2025-12-14",0.72697,{"date":338,"score":222,"percentile":333},"2025-12-15",{"date":340,"score":222,"percentile":341},"2025-12-16",0.72715,{"date":343,"score":222,"percentile":344},"2025-12-17",0.7273,{"date":346,"score":222,"percentile":347},"2025-12-18",0.72754,{"date":349,"score":222,"percentile":350},"2025-12-19",0.72784,{"date":352,"score":222,"percentile":350},"2025-12-20",{"date":354,"score":222,"percentile":355},"2025-12-21",0.72779,{"date":357,"score":222,"percentile":358},"2025-12-22",0.72776,{"date":360,"score":222,"percentile":361},"2025-12-23",0.72767,{"date":363,"score":222,"percentile":364},"2025-12-24",0.72777,{"date":366,"score":222,"percentile":367},"2025-12-25",0.72805,{"date":369,"score":222,"percentile":367},"2025-12-26",{"date":371,"score":222,"percentile":372},"2025-12-27",0.72825,{"date":374,"score":222,"percentile":355},"2025-12-28",{"date":376,"score":222,"percentile":377},"2025-12-29",0.72775,{"date":379,"score":222,"percentile":380},"2025-12-30",0.72789,{"date":382,"score":222,"percentile":383},"2025-12-31",0.72818,{"date":385,"score":222,"percentile":386},"2026-01-01",0.72963,{"date":388,"score":222,"percentile":389},"2026-01-02",0.72961,{"date":391,"score":222,"percentile":392},"2026-01-03",0.7296,{"date":394,"score":222,"percentile":395},"2026-01-04",0.72826,{"date":397,"score":222,"percentile":398},"2026-01-05",0.72815,{"date":400,"score":222,"percentile":401},"2026-01-06",0.72828,{"date":403,"score":222,"percentile":404},"2026-01-07",0.7284,{"date":406,"score":222,"percentile":407},"2026-01-08",0.72853,{"date":409,"score":106,"percentile":410},"2026-01-09",0.73939,{"date":412,"score":106,"percentile":413},"2026-01-10",0.73935,{"date":415,"score":106,"percentile":416},"2026-01-11",0.73922,{"date":418,"score":106,"percentile":419},"2026-01-12",0.73911,{"date":421,"score":106,"percentile":422},"2026-01-13",0.73909,{"date":424,"score":106,"percentile":413},"2026-01-14",{"date":426,"score":106,"percentile":427},"2026-01-15",0.73945,{"date":429,"score":106,"percentile":430},"2026-01-16",0.73961,{"date":432,"score":106,"percentile":433},"2026-01-17",0.73959,{"date":435,"score":106,"percentile":436},"2026-01-18",0.73933,{"date":438,"score":106,"percentile":439},"2026-01-19",0.73921,{"date":441,"score":106,"percentile":442},"2026-01-20",0.73925,{"date":444,"score":106,"percentile":445},"2026-01-21",0.73929,{"date":447,"score":106,"percentile":448},"2026-01-22",0.73934,{"date":450,"score":106,"percentile":451},"2026-01-23",0.73965,{"date":453,"score":106,"percentile":454},"2026-01-24",0.73974,{"date":456,"score":106,"percentile":457},"2026-01-25",0.73957,{"date":459,"score":106,"percentile":460},"2026-01-26",0.73955,{"date":462,"score":106,"percentile":463},"2026-01-27",0.7396,{"date":465,"score":106,"percentile":466},"2026-01-28",0.73973,{"date":468,"score":106,"percentile":469},"2026-01-29",0.73972,{"date":471,"score":106,"percentile":472},"2026-01-30",0.73977,{"date":474,"score":106,"percentile":475},"2026-01-31",0.73983,{"date":477,"score":106,"percentile":478},"2026-02-01",0.74108,[480,490],{"source":110,"cvss_v2_0":481,"cvss_v3_0":486,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":482,"baseSeverity":9,"vectorString":483,"impactScore":484,"exploitabilityScore":485},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":108,"baseSeverity":487,"vectorString":111,"impactScore":488,"exploitabilityScore":489},"MEDIUM",4.5,7.2,{"source":117,"cvss_v2_0":9,"cvss_v3_0":491,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":108,"baseSeverity":9,"vectorString":111,"impactScore":488,"exploitabilityScore":489},[493,502,513,523],{"ecosystem":9,"name":494,"vendor":495,"product":496,"cpe_part":497,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":498},"debian linux","debian","debian_linux","o",[499],{"version":500,"is_range":104,"range_type":501,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0","cpe",{"ecosystem":503,"name":504,"vendor":503,"product":504,"cpe_part":9,"purl_type":505,"purl_namespace":9,"purl_name":504,"source":9,"versions":506},"RubyGems","rubygems-update","gem",[507],{"version":508,"is_range":509,"range_type":510,"version_start":9,"version_start_type":9,"version_end":511,"version_end_type":512,"fixed_in":9},"lt2_7_6",true,"ecosystem","2.7.6","excluding",{"ecosystem":514,"name":515,"vendor":516,"product":517,"cpe_part":9,"purl_type":518,"purl_namespace":516,"purl_name":517,"source":9,"versions":519},"Maven","org.jruby:jruby-stdlib","org.jruby","jruby-stdlib","maven",[520],{"version":521,"is_range":509,"range_type":510,"version_start":9,"version_start_type":9,"version_end":522,"version_end_type":512,"fixed_in":9},"lt9_1_16_0","9.1.16.0",{"ecosystem":9,"name":524,"vendor":524,"product":524,"cpe_part":525,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":526},"rubygems","a",[527,531,534,537],{"version":528,"is_range":509,"range_type":501,"version_start":9,"version_start_type":9,"version_end":529,"version_end_type":530,"fixed_in":9},"lte2.2.9","2.2.9","including",{"version":532,"is_range":509,"range_type":501,"version_start":9,"version_start_type":9,"version_end":533,"version_end_type":530,"fixed_in":9},"lte2.3.6","2.3.6",{"version":535,"is_range":509,"range_type":501,"version_start":9,"version_start_type":9,"version_end":536,"version_end_type":530,"fixed_in":9},"lte2.4.3","2.4.3",{"version":538,"is_range":509,"range_type":501,"version_start":9,"version_start_type":9,"version_end":539,"version_end_type":530,"fixed_in":9},"lte2.5.0","2.5.0"]