Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-x4h9-gwv3-r4m4
  • RubyGems/ruby-saml
 Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation yesterday
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-9v8j-x534-2fx3
  • RubyGems/ruby-saml
 Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential) yesterday
  • Fix available
  • Severity - 9.3 (Critical)
MAL-2025-191667
  • RubyGems/pg_result_init
 Malicious code in pg_result_init (RubyGems) 02 Dec
  • No fix available
GHSA-4249-gjr8-jpq3
  • RubyGems/prosemirror_to_html
 ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values 13 Nov
  • Fix available
  • Severity - 8.7 (High)
GHSA-9c5q-w6gr-fxcq
  • RubyGems/mqtt
 MQTT does not validate hostnames 06 Nov
  • Fix available
  • Severity - 7.4 (High)
GHSA-52c5-vh7f-26fx
  • RubyGems/prosemirror_to_html
 Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values 06 Nov
  • Fix available
  • Severity - 7.6 (High)
GHSA-mr3q-g2mv-mr4q
  • RubyGems/sinatra
 Sinatra is vulnerable to ReDoS through ETag header value generation 10 Oct
  • Fix available
  • Severity - 2.7 (Low)
GHSA-6xw4-3v39-52mm
  • RubyGems/rack
 Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing 10 Oct
  • Fix available
  • Severity - 7.5 (High)
GHSA-r657-rxjc-j557
  • RubyGems/rack
 Rack has a Possible Information Disclosure Vulnerability 10 Oct
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-wpv5-97wm-hp9c
  • RubyGems/rack
 Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) 07 Oct
  • Fix available
  • Severity - 7.5 (High)
GHSA-w9pc-fmgc-vxvw
  • RubyGems/rack
 Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) 07 Oct
  • Fix available
  • Severity - 7.5 (High)
GHSA-p543-xpfm-54cp
  • RubyGems/rack
 Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) 07 Oct
  • Fix available
  • Severity - 7.5 (High)
MAL-2025-47815
  • RubyGems/sqlcommenter_rails
 Malicious code in sqlcommenter_rails (RubyGems) 26 Sep
  • No fix available
MAL-2025-47816
  • RubyGems/your-gem-name12
 Malicious code in your-gem-name12 (RubyGems) 26 Sep
  • No fix available
GHSA-625h-95r8-8xpm
  • RubyGems/rack
 Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters 25 Sep
  • Fix available
  • Severity - 7.5 (High)
GHSA-c2f4-jgmc-q2r5
  • RubyGems/rexml
 REXML has DoS condition when parsing malformed XML file 17 Sep
  • Fix available
  • Severity - 1.2 (Low)
Load more...