Every CVE whose affected-product data names Loofah Project Loofah, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2022-23514 — CVSS 7.5 (high): Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1…
CVE-2022-23516 — CVSS 7.5 (high): Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0…
CVE-2022-23515 — CVSS 6.1 (medium): Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0…
CVE-2022-23518 — CVSS 6.1 (medium): rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to…
CVE-2018-8048 — CVSS 6.1 (medium): In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML…
CVE-2019-15587 — CVSS 5.4 (medium): In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
CVE-2018-16468 — CVSS 5.4 (medium): In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.