Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-c8v6-786g-vjx6
  • RubyGems/json-jwt
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
  • 0.0.0
  • 0.0.1
  • 0.0.2
  • 0.0.3
  • 0.0.4
  • 0.0.5
  • 0.0.6
  • ...
2024-02-29T03:33:14Z No fix available
GHSA-22f2-v57c-j9cx
  • RubyGems/rack
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.0.4
  • 3.0.4.1
  • 3.0.4.2
  • ...
2024-02-28T22:57:26Z Fix available
GHSA-xj5v-6v4g-jfw6
  • RubyGems/rack
Rack has possible DoS Vulnerability with Range Header
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.0.4
  • 3.0.4.1
  • 3.0.4.2
  • ...
2024-02-28T22:57:12Z Fix available
GHSA-54rr-7fvw-6x8f
  • RubyGems/rack
Rack Header Parsing leads to Possible Denial of Service Vulnerability
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.0.4
  • 3.0.4.1
  • 3.0.4.2
  • ...
2024-02-28T22:57:03Z Fix available
GHSA-8mq4-9jjh-9xrc
  • RubyGems/yard
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
  • 0.2.0
  • 0.2.1
  • 0.2.2
  • 0.2.3
  • 0.2.3.2
  • 0.2.3.3
  • 0.2.3.4
  • ...
2024-02-28T18:57:19Z Fix available
GHSA-8h22-8cf7-hq6g
  • RubyGems/activestorage
Rails has possible Sensitive Session Information Leak in Active Storage
  • 5.2.0
  • 5.2.1
  • 5.2.1.1
  • 5.2.1.rc1
  • 5.2.2
  • 5.2.2.1
  • 5.2.2.rc1
  • ...
2024-02-27T21:41:16Z Fix available
GHSA-9822-6m93-xqf4
  • RubyGems/actionpack
Rails has possible XSS Vulnerability in Action Controller
  • 7.0.0
  • 7.0.1
  • 7.0.2
  • 7.0.2.1
  • 7.0.2.2
  • 7.0.2.3
  • 7.0.2.4
  • ...
2024-02-27T21:41:12Z Fix available
GHSA-jjhx-jhvp-74wq
  • RubyGems/actionpack
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
  • 7.1.0
  • 7.1.1
  • 7.1.2
  • 7.1.3
2024-02-27T21:41:09Z Fix available
GHSA-785g-282q-pwvx
Rack CORS Middleware has Insecure File Permissions
  • 2.0.1
2024-02-26T18:30:31Z No fix available
GHSA-9w99-78rj-hmxq
  • RubyGems/decidim
  • RubyGems/decidim-core
Cross-site scripting (XSS) in the dynamic file uploads
  • 0.27.0
  • 0.27.1
  • 0.27.2
  • 0.27.3
  • 0.27.4
  • 0.27.0
  • 0.27.1
  • ...
2024-02-20T23:42:47Z Fix available
GHSA-w3q8-m492-4pwp
  • RubyGems/decidim
  • RubyGems/decidim-admin
  • RubyGems/decidim-system
  • RubyGems/devise_invitable
Possibility to circumvent the invitation token expiry period
  • 0.0.1
  • 0.0.1.alpha3
  • 0.0.1.alpha4
  • 0.0.1.alpha5
  • 0.0.1.alpha6
  • 0.0.1.alpha7
  • 0.0.1.alpha8
  • ...
2024-02-20T19:26:51Z Fix available
GHSA-f3qm-vfc3-jg6v
  • RubyGems/decidim-templates
Possible CSRF attack at questionnaire templates preview
  • 0.23.0
  • 0.23.1
  • 0.23.1.rc1
  • 0.23.2
  • 0.23.3
  • 0.23.4
  • 0.23.5
  • ...
2024-02-20T18:03:12Z Fix available
GHSA-r275-j57c-7mf2
  • RubyGems/decidim
Race condition in Endorsements
  • 0.10.0
  • 0.10.1
  • 0.11.0.pre1
  • 0.11.1
  • 0.11.2
  • 0.12.0
  • 0.12.0.pre
  • ...
2024-02-20T18:02:52Z Fix available
GHSA-cmh9-rx85-xj38
  • RubyGems/sidekiq-unique-jobs
XSS sidekiq-unique-jobs UI server vulnerability
  • 8.0.0
  • 8.0.1
  • 8.0.2
  • 8.0.3
  • 8.0.4
  • 8.0.5
  • 8.0.6
  • ...
2024-02-13T18:34:16Z Fix available
GHSA-xc9x-jj77-9p9j
  • RubyGems/nokogiri
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 1.0.6
  • ...
2024-02-05T20:22:56Z Fix available
GHSA-g8vp-2v5p-9qfh
  • RubyGems/avo
Cross-site scripting (XSS) in Action messages on Avo
  • 3.0.0.beta1
  • 3.0.0.pre1
  • 3.0.0.pre10
  • 3.0.0.pre11
  • 3.0.0.pre12
  • 3.0.0.pre13
  • 3.0.0.pre14
  • ...
2024-01-17T22:34:03Z Fix available