publify_core (RubyGems) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the RubyGems package publify_core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2021-25973 — CVSS 6.5 (medium): In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin…
CVE-2024-39311 — CVSS 5.4 (medium): Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of…
CVE-2021-25974 — CVSS 5.4 (medium): In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute…
CVE-2021-25975 — CVSS 5.4 (medium): In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with…
CVE-2022-1811 — CVSS 5.4 (medium): Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
CVE-2022-1553 — CVSS 4.9 (medium): Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers…
CVE-2022-1810 — CVSS 4.3 (medium): Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.