Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-9c5q-w6gr-fxcq
  • RubyGems/mqtt
 MQTT does not validate hostnames 6 days ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-52c5-vh7f-26fx
  • RubyGems/prosemirror_to_html
 Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values 6 days ago
  • Fix available
  • Severity - 7.6 (High)
GHSA-mr3q-g2mv-mr4q
  • RubyGems/sinatra
 Sinatra is vulnerable to ReDoS through ETag header value generation 10 Oct
  • Fix available
  • Severity - 2.7 (Low)
GHSA-6xw4-3v39-52mm
  • RubyGems/rack
 Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing 10 Oct
  • Fix available
  • Severity - 7.5 (High)
GHSA-r657-rxjc-j557
  • RubyGems/rack
 Rack has a Possible Information Disclosure Vulnerability 10 Oct
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-wpv5-97wm-hp9c
  • RubyGems/rack
 Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) 07 Oct
  • Fix available
  • Severity - 7.5 (High)
GHSA-w9pc-fmgc-vxvw
  • RubyGems/rack
 Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) 07 Oct
  • Fix available
  • Severity - 7.5 (High)
GHSA-p543-xpfm-54cp
  • RubyGems/rack
 Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) 07 Oct
  • Fix available
  • Severity - 7.5 (High)
MAL-2025-47815
  • RubyGems/sqlcommenter_rails
 Malicious code in sqlcommenter_rails (RubyGems) 26 Sep
  • No fix available
MAL-2025-47816
  • RubyGems/your-gem-name12
 Malicious code in your-gem-name12 (RubyGems) 26 Sep
  • No fix available
GHSA-625h-95r8-8xpm
  • RubyGems/rack
 Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters 25 Sep
  • Fix available
  • Severity - 7.5 (High)
GHSA-c2f4-jgmc-q2r5
  • RubyGems/rexml
 REXML has DoS condition when parsing malformed XML file 17 Sep
  • Fix available
  • Severity - 1.2 (Low)
MAL-2025-46925
  • RubyGems/authzd-client
 Malicious code in authzd-client (RubyGems) 01 Sep
  • No fix available
MAL-2025-46924
  • RubyGems/advisory_db_toolkit
 Malicious code in advisory_db_toolkit (RubyGems) 01 Sep
  • No fix available
MAL-2025-46926
  • RubyGems/github_chatops_extensions
 Malicious code in github_chatops_extensions (RubyGems) 01 Sep
  • No fix available
MAL-2025-46930
  • RubyGems/monolith-twirp-mailreplies-replies
 Malicious code in monolith-twirp-mailreplies-replies (RubyGems) 01 Sep
  • No fix available
Load more...