Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2c47-m757-32g6
  • Go/github.com/Shopify/ejson2env/v2
  • RubyGems/ejson2env
  • Go/github.com/Shopify/ejson2env
Insufficient input sanitization in ejson2env 21 May
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-gjh7-p2fx-99vx
  • RubyGems/rack
Rack has an Unbounded-Parameter DoS in Rack::QueryParser 08 May
  • Fix available
  • Severity - 7.5 (High)
GHSA-9j94-67jr-4cqj
  • RubyGems/rack-session
Rack session gets restored after deletion 08 May
  • Fix available
  • Severity - 4.2 (Medium)
GHSA-vpfw-47h7-xj4g
  • RubyGems/rack
Rack session gets restored after deletion 08 May
  • Fix available
  • Severity - 4.2 (Medium)
GHSA-j3g3-5qv5-52mj
  • RubyGems/net-imap
net-imap rubygem vulnerable to possible DoS by memory exhaustion 28 Apr
  • Fix available
  • Severity - 6.0 (Medium)
MAL-2025-3295
  • RubyGems/bvr-api
Malicious code in bvr-api (RubyGems) 24 Apr
  • No fix available
GHSA-5w6v-399v-w3cc
  • RubyGems/nokogiri
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415 21 Apr
  • Fix available
GHSA-8fm5-gg2f-f66q
  • RubyGems/publify_core
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction 28 Mar
  • Fix available
  • Severity - 1.8 (Low)
MAL-2025-3021
  • RubyGems/evenote-thrift
Malicious code in evenote-thrift (RubyGems) 28 Mar
  • No fix available
GHSA-pfqj-w6r6-g86v
  • RubyGems/pitchfork
Pitchfork HTTP Request/Response Splitting vulnerability 27 Mar
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-mrxw-mxhj-p664
  • RubyGems/nokogiri
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs 14 Mar
  • Fix available
  • Severity - 7.8 (High)
GHSA-rp28-mvq3-wf8j
  • RubyGems/camaleon_cms
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment 14 Mar
  • Fix available
  • Severity - 9.4 (Critical)
GHSA-754f-8gm6-c4r2
  • RubyGems/ruby-saml
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) 12 Mar
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-4vc4-m8qh-g8jm
  • RubyGems/ruby-saml
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) 12 Mar
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-92rq-c8cf-prrq
  • RubyGems/ruby-saml
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses 12 Mar
  • Fix available
  • Severity - 7.7 (High)
GHSA-hw46-3hmr-x9xv
  • RubyGems/omniauth-saml
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue 12 Mar
  • Fix available