Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-fwhr-88qx-h9g7
  • RubyGems/actionpack
Missing security headers in Action Pack on non-HTML responses
  • 6.1.0
  • 6.1.1
  • 6.1.2
  • 6.1.2.1
  • 6.1.3
  • 6.1.3.1
  • 6.1.3.2
  • ...
2024-06-04T22:26:24Z Fix available
GHSA-prjp-h48f-jgf6
  • RubyGems/actiontext
ActionText ContentAttachment can Contain Unsanitized HTML
  • 7.1.0
  • 7.1.1
  • 7.1.2
  • 7.1.3
  • 7.1.3.1
  • 7.1.3.2
  • 7.1.3.3
  • ...
2024-06-04T22:26:22Z Fix available
GHSA-9mg6-x45v-hcfm
  • RubyGems/activeadmin
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
  • 0.1.0
  • 0.1.1
  • 0.2.0
  • 0.2.1
  • 0.2.2
  • 0.3.0
  • 0.3.1
  • ...
2024-06-02T22:32:24Z Fix available
GHSA-8c8q-2xw3-j869
  • RubyGems/rack-contrib
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
  • 0.9.0
  • 0.9.2
  • 1.0.0
  • 1.0.1
  • 1.1.0
  • 1.2.0
  • 1.2.0.39.g17d21b4
  • ...
2024-05-28T15:48:43Z Fix available
GHSA-7r3j-qmr4-jfpj
  • RubyGems/kaminari
Kaminari Insecure File Permissions Vulnerability
  • 0.15.0
  • 0.15.1
  • 0.16.0
  • 0.16.1
2024-05-28T15:47:00Z Fix available
GHSA-vg3r-rm7w-2xgh
  • RubyGems/rexml
REXML contains a denial of service vulnerability
  • 3.1.7.3
  • 3.1.8
  • 3.1.9
  • 3.1.9.1
  • 3.2.0
  • 3.2.1
  • 3.2.2
  • ...
2024-05-16T17:44:04Z Fix available
GHSA-r95h-9x8f-r3f7
  • RubyGems/nokogiri
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 1.0.6
  • ...
2024-05-13T16:05:42Z Fix available
MAL-2024-1341
Malicious code in dependency_confusion123 (RubyGems)
  • 9.9.9
2024-05-08T16:05:40Z No fix available
GHSA-qjqp-xr96-cj99
  • npm/trix
  • RubyGems/actiontext
Trix Editor Arbitrary Code Execution Vulnerability
  • 7.0.0
  • 7.0.0.alpha1
  • 7.0.0.alpha2
  • 7.0.0.rc1
  • 7.0.0.rc2
  • 7.0.0.rc3
  • 7.0.1
  • ...
2024-05-07T16:49:24Z Fix available
GHSA-9p57-h987-4vgx
  • RubyGems/phlex
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
  • 0.1.0
  • 0.2.0
  • 0.2.1
  • 0.2.2
  • 0.3.0
  • 0.3.1
  • 0.3.2
  • ...
2024-05-01T16:37:21Z Fix available
GHSA-q655-3pj8-9fxq
  • RubyGems/sidekiq
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
  • 7.2.0
  • 7.2.1
  • 7.2.2
  • 7.2.3
2024-04-26T22:19:08Z Fix available
GHSA-g7xq-xv8c-h98c
  • RubyGems/phlex
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
  • 1.10.0
  • 1.9.0
  • 1.9.1
  • 1.8.0
  • 1.8.1
  • 1.8.2
  • 1.7.0
  • ...
2024-04-17T00:20:23Z Fix available
GHSA-vfmv-jfc5-pjjw
  • RubyGems/carrierwave
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.0.4
  • 3.0.5
  • 3.0.6
  • ...
2024-03-25T19:40:36Z Fix available
GHSA-592j-995h-p23j
  • RubyGems/rdoc
RDoc RCE vulnerability with .rdoc_options
  • 6.3.0
  • 6.3.1
  • 6.3.2
  • 6.3.3
  • 6.4.0
  • 6.5.0
  • 6.6.0
  • ...
2024-03-25T19:36:59Z Fix available
GHSA-v5h6-c2hv-hv3r
  • RubyGems/stringio
StringIO buffer overread vulnerability
  • 0.0.1
  • 0.0.2
  • 0.1.0
  • 0.1.3
  • 0.1.4
  • 3.0.0
  • 3.0.1
2024-03-25T19:36:52Z Fix available
GHSA-vcc3-rw6f-jv97
  • RubyGems/nokogiri
Use-after-free in libxml2 via Nokogiri::XML::Reader
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 1.0.6
  • ...
2024-03-18T20:38:40Z Fix available