Sign upLogin

Dalphi/dalphi

View on GitHub
Star

Showing 1,441 of 1,441 total issues

XSS Vulnerability in Chartkick Ruby Gem
Open

    chartkick (2.2.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-12732

Criticality: Medium

URL: https://github.com/ankane/chartkick/issues/488

Solution: upgrade to >= 3.2.0

XSS Vulnerability on closeText option of Dialog jQuery UI
Open

    jquery-ui-rails (5.0.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-7103

Criticality: Medium

URL: https://github.com/jquery/api.jqueryui.com/issues/281

Solution: upgrade to >= 6.0.0

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.11.0)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

Information Exposure with Puma when used with Rails
Open

    puma (3.11.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.11.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

HTTP Request Smuggling in puma
Open

    puma (3.11.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

CSS injection with width and height options
Open

    chartkick (2.2.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-16254

Criticality: Medium

URL: https://github.com/ankane/chartkick/issues/546

Solution: upgrade to >= 3.4.0

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

    simple_form (3.5.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16676

Criticality: Critical

URL: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx

Solution: upgrade to >= 5.0

RDoc OS command injection vulnerability
Open

    rdoc (4.3.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-31799

Criticality: High

URL: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/

Solution: upgrade to ~> 6.1.2.1, ~> 6.2.1.1, >= 6.3.1

Block has too many lines. [434/25]
Open

RSpec.describe Project, type: :model do
  before(:each) do
    @project = FactoryGirl.build(:project)
  end
Severity: Minor
Found in spec/models/project_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [339/25]
Open

RSpec.describe 'Statistics API', type: :request do
  before(:each) do
    @auth_token = ApplicationController.generate_auth_token
  end
Severity: Minor
Found in spec/requests/api/v1/statistics_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [300/25]
Open

RSpec.describe 'AnnotationDocuments API', type: :request do
  before(:each) do
    @auth_token = ApplicationController.generate_auth_token
  end
Severity: Minor
Found in spec/requests/api/v1/annotation_documents_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [276/25]
Open

RSpec.describe RawDatum, type: :model do
  before(:each) do
    @raw_datum = FactoryGirl.build(:raw_datum)
  end
Severity: Minor
Found in spec/models/raw_datum_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [258/25]
Open

RSpec.describe Service, type: :model do
  before(:each) do
    @iterate_service = FactoryGirl.build(:iterate_service)
    @ml_service = FactoryGirl.build(:machine_learning_service)
    @merge_service = FactoryGirl.build(:merge_service)
Severity: Minor
Found in spec/models/service_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Class has too many lines. [244/100]
Open

class ProjectsController < ApplicationController
  include ServiceRoles

  before_action :authenticate_user,
                only: [:index, :show]
Severity: Minor
Found in app/controllers/projects_controller.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Block has too many lines. [213/25]
Open

RSpec.describe Interface, type: :model do
  before(:each) do
    @interface = FactoryGirl.build(:interface)
  end
Severity: Minor
Found in spec/models/interface_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Class has too many lines. [229/100]
Open

    class StatisticsController < BaseController
      include Swagger::Blocks

      before_action :set_statistic,
                    only: [
Severity: Minor
Found in app/controllers/api/v1/statistics_controller.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Class has too many lines. [227/100]
Open

    class AnnotationDocumentsController < BaseController
      include Swagger::Blocks
      include ErrorResponse

      before_action :set_annotation_document,
Severity: Minor
Found in app/controllers/api/v1/annotation_documents_controller.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Severity
Category
Status
Source
Language