Vulnerability Database
Blog
FAQ
Docs
Vulnerability Library
search
All ecosystems
116444
AlmaLinux
2722
Alpine
3396
Android
881
Bitnami
3900
CRAN
10
crates.io
1350
Debian
9864
GIT
33012
GitHub Actions
16
Go
2157
Hackage
18
Hex
30
Linux
13573
Maven
4882
npm
14391
NuGet
581
OSS-Fuzz
3289
Packagist
3397
Pub
8
PyPI
11905
Rocky Linux
1121
RubyGems
788
SwiftURL
31
Ubuntu
5122
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-9p57-h987-4vgx
RubyGems/phlex
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
0.1.0
0.2.0
0.2.1
0.2.2
0.3.0
0.3.1
0.3.2
...
2024-05-01T16:37:21Z
Fix available
GHSA-q655-3pj8-9fxq
RubyGems/sidekiq
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
7.2.0
7.2.1
7.2.2
7.2.3
2024-04-26T22:19:08Z
Fix available
GHSA-g7xq-xv8c-h98c
RubyGems/phlex
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
1.10.0
1.9.0
1.9.1
1.8.0
1.8.1
1.8.2
1.7.0
...
2024-04-17T00:20:23Z
Fix available
GHSA-vfmv-jfc5-pjjw
RubyGems/carrierwave
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
...
2024-03-25T19:40:36Z
Fix available
GHSA-592j-995h-p23j
RubyGems/rdoc
RDoc RCE vulnerability with .rdoc_options
6.3.0
6.3.1
6.3.2
6.3.3
6.4.0
6.5.0
6.6.0
...
2024-03-25T19:36:59Z
Fix available
GHSA-v5h6-c2hv-hv3r
RubyGems/stringio
StringIO buffer overread vulnerability
0.0.1
0.0.2
0.1.0
0.1.3
0.1.4
3.0.0
3.0.1
2024-03-25T19:36:52Z
Fix available
GHSA-vcc3-rw6f-jv97
RubyGems/nokogiri
Use-after-free in libxml2 via Nokogiri::XML::Reader
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
...
2024-03-18T20:38:40Z
Fix available
GHSA-x2h8-qmj4-g62f
RubyGems/rotp
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
6.2.1
6.2.2
2024-03-18T17:21:46Z
Fix available
GHSA-mp76-7w5v-pr75
RubyGems/turbo_boost-commands
npm/@turbo-boost/commands
TurboBoost Commands vulnerable to arbitrary method invocation
0.0.1
0.0.10
0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
...
2024-03-15T19:53:50Z
Fix available
GHSA-8832-4mm5-x2r6
RubyGems/discordrb
discordrb OS Command Injection vulnerability
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
...
2024-03-14T20:37:58Z
Fix available
GHSA-242p-4v39-2v8g
RubyGems/phlex
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
1.9.0
1.8.0
1.8.1
1.7.0
1.6.0
1.6.1
1.5.0
...
2024-03-12T15:39:46Z
Fix available
GHSA-c8v6-786g-vjx6
RubyGems/json-jwt
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
1.16.0
1.16.1
1.16.2
1.16.3
1.16.4
1.16.5
0.0.0
...
2024-02-29T03:33:14Z
Fix available
GHSA-22f2-v57c-j9cx
RubyGems/rack
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.4.1
3.0.4.2
...
2024-02-28T22:57:26Z
Fix available
GHSA-xj5v-6v4g-jfw6
RubyGems/rack
Rack has possible DoS Vulnerability with Range Header
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.4.1
3.0.4.2
...
2024-02-28T22:57:12Z
Fix available
GHSA-54rr-7fvw-6x8f
RubyGems/rack
Rack Header Parsing leads to Possible Denial of Service Vulnerability
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.4.1
3.0.4.2
...
2024-02-28T22:57:03Z
Fix available
GHSA-8mq4-9jjh-9xrc
RubyGems/yard
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
0.2.0
0.2.1
0.2.2
0.2.3
0.2.3.2
0.2.3.3
0.2.3.4
...
2024-02-28T18:57:19Z
Fix available
Load more...
RubyGems - OSV