Vulnerability Database
Blog
FAQ
Docs
Vulnerabilities
search
All ecosystems
306656
AlmaLinux
3564
Alpine
3700
Android
2865
Bitnami
5401
Chainguard
26417
CRAN
10
crates.io
1703
Debian
46173
GHC
3
GIT
28592
GitHub Actions
28
Go
4240
Hackage
23
Hex
36
Linux
13573
Mageia
5607
Maven
5520
MinimOS
1382
npm
25965
NuGet
1437
openSUSE
10013
OSS-Fuzz
3605
Packagist
4662
Pub
10
PyPI
15821
Red Hat
15912
Rocky Linux
1757
RubyGems
1680
SUSE
16199
SwiftURL
35
Ubuntu
46317
Wolfi
14406
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2c47-m757-32g6
Go/github.com/Shopify/ejson2env/v2
RubyGems/ejson2env
Go/github.com/Shopify/ejson2env
Insufficient input sanitization in ejson2env
21 May
Fix available
Severity - 6.6 (Medium)
GHSA-gjh7-p2fx-99vx
RubyGems/rack
Rack has an Unbounded-Parameter DoS in Rack::QueryParser
08 May
Fix available
Severity - 7.5 (High)
GHSA-9j94-67jr-4cqj
RubyGems/rack-session
Rack session gets restored after deletion
08 May
Fix available
Severity - 4.2 (Medium)
GHSA-vpfw-47h7-xj4g
RubyGems/rack
Rack session gets restored after deletion
08 May
Fix available
Severity - 4.2 (Medium)
GHSA-j3g3-5qv5-52mj
RubyGems/net-imap
net-imap rubygem vulnerable to possible DoS by memory exhaustion
28 Apr
Fix available
Severity - 6.0 (Medium)
MAL-2025-3295
RubyGems/bvr-api
Malicious code in bvr-api (RubyGems)
24 Apr
No fix available
GHSA-5w6v-399v-w3cc
RubyGems/nokogiri
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
21 Apr
Fix available
GHSA-8fm5-gg2f-f66q
RubyGems/publify_core
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
28 Mar
Fix available
Severity - 1.8 (Low)
MAL-2025-3021
RubyGems/evenote-thrift
Malicious code in evenote-thrift (RubyGems)
28 Mar
No fix available
GHSA-pfqj-w6r6-g86v
RubyGems/pitchfork
Pitchfork HTTP Request/Response Splitting vulnerability
27 Mar
Fix available
Severity - 4.3 (Medium)
GHSA-mrxw-mxhj-p664
RubyGems/nokogiri
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs
14 Mar
Fix available
Severity - 7.8 (High)
GHSA-rp28-mvq3-wf8j
RubyGems/camaleon_cms
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
14 Mar
Fix available
Severity - 9.4 (Critical)
GHSA-754f-8gm6-c4r2
RubyGems/ruby-saml
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
12 Mar
Fix available
Severity - 9.3 (Critical)
GHSA-4vc4-m8qh-g8jm
RubyGems/ruby-saml
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)
12 Mar
Fix available
Severity - 9.3 (Critical)
GHSA-92rq-c8cf-prrq
RubyGems/ruby-saml
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
12 Mar
Fix available
Severity - 7.7 (High)
GHSA-hw46-3hmr-x9xv
RubyGems/omniauth-saml
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue
12 Mar
Fix available
Load more...
RubyGems - OSV