Vulnerability Database
Blog
FAQ
Vulnerability Library
search
All ecosystems
75685
AlmaLinux
2471
Alpine
3286
Android
807
Bitnami
6914
CRAN
9
crates.io
1223
Debian
9624
GitHub Actions
11
Go
1760
Hackage
15
Hex
25
Linux
13573
Maven
4207
npm
12763
NuGet
533
OSS-Fuzz
3090
Packagist
2365
Pub
5
PyPI
11206
Rocky Linux
1030
RubyGems
740
SwiftURL
28
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-gxhx-g4fq-49hj
RubyGems/carrierwave
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
0.1
0.10.0
...
2023-11-29T21:33:27Z
Fix available
GHSA-frgf-8jr5-j2jv
RubyGems/rmagick
memory leak flaw was found in ruby-magick
1.10.0
1.10.1
1.11.0
1.11.1
1.12.0
1.13.0
1.14.0
...
2023-10-30T21:33:39Z
Fix available
GHSA-3px7-jm2p-6h2c
RubyGems/encoded_id-rails
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
0.1.0
0.2.0
0.3.0
0.3.1
0.4.0
0.5.0
0.6.0
...
2023-10-24T02:00:50Z
Fix available
GHSA-6hvg-62q8-95v7
RubyGems/svg_optimizer
svg_optimizer rubygem external XML entity (XXE) vulnerability
0.2.6
2023-10-20T13:23:32Z
Fix available
MAL-2023-8322
Malicious code in investing_parameters (RubyGems)
1.2.1
2023-10-10T15:47:13Z
No fix available
GHSA-289m-2964-f8q5
RubyGems/bolt
Puppet Bolt privilege escalation vulnerability
0.0.1
0.10.0
0.11.0
0.12.0
0.13.0
0.14.0
0.15.0
...
2023-10-06T18:30:32Z
Fix available
GHSA-7xvc-v44j-46fh
RubyGems/geokit-rails
geokit-rails Command Injection vulnerability
1.1.4
2.0.0
2.0.0.rc1
2.0.1
2.1.0
2.2.0
2.3.0
...
2023-10-06T06:30:16Z
Fix available
GHSA-639h-86hw-qcjq
RubyGems/decidim
RubyGems/decidim-templates
Decidim has broken access control in templates
0.23.2
0.23.3
0.23.4
0.23.5
0.23.6
0.24.0
0.24.0.rc1
...
2023-10-05T20:52:46Z
Fix available
GHSA-3qc2-v3hp-6cv8
RubyGems/sidekiq
sidekiq Denial of Service vulnerability
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
...
2023-09-14T06:30:19Z
Fix available
GHSA-cr5q-6q9f-rq6q
RubyGems/activesupport
Active Support Possibly Discloses Locally Encrypted Files
5.2.0
5.2.1
5.2.1.1
5.2.1.rc1
5.2.2
5.2.2.1
5.2.2.rc1
...
2023-08-23T20:36:24Z
Fix available
GHSA-68xg-gqqm-vgj8
RubyGems/puma
Puma HTTP Request/Response Smuggling vulnerability
0.8.0
0.8.1
0.8.2
0.9.0
0.9.1
0.9.2
0.9.3
...
2023-08-18T21:50:05Z
Fix available
MAL-2023-1436
Malicious code in puppet-module-posix-system-r3.2 (RubyGems)
1.0.0
2023-08-10T15:30:28Z
No fix available
MAL-2023-1433
Malicious code in puppet-module-posix-system-r (RubyGems)
1.0.0
2023-08-09T17:50:27Z
No fix available
GHSA-7vh7-fw88-wj87
RubyGems/commonmarker
Several quadratic complexity bugs may lead to denial of service in Commonmarker
0.0.1
0.1.0
0.1.1
0.1.2
0.1.3
0.10.0
0.11.0
...
2023-08-08T17:12:00Z
Fix available
GHSA-6jwc-qr2q-7xwj
RubyGems/protocol-http1
protocol-http1 HTTP Request/Response Smuggling vulnerability
0.1.0
0.10.0
0.10.1
0.10.2
0.10.3
0.11.0
0.11.1
...
2023-08-03T16:36:34Z
Fix available
MAL-2023-1426
Malicious code in google-apis-androidpublisher_v2 (RubyGems)
0.0
2023-07-19T06:30:24Z
No fix available
Load more...
RubyGems - OSV