Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-g857-hhfv-j68w
  • RubyGems/zlib
 Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption 10 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
MAL-2026-2815
  • RubyGems/monolith-twirp-pullsd-authorization
 Malicious code in monolith-twirp-pullsd-authorization (RubyGems) 20 hours ago
  • No fix available
MAL-2026-2816
  • RubyGems/monolith-twirp-pullsd-users
 Malicious code in monolith-twirp-pullsd-users (RubyGems) 20 hours ago
  • No fix available
MAL-2026-2814
  • RubyGems/gitlab-orchestrator
 Malicious code in gitlab-orchestrator (RubyGems) 20 hours ago
  • No fix available
GHSA-2x79-gwq3-vxxm
  • RubyGems/iodine
 Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem 2 days ago
  • No fix available
  • Severity - 8.7 (High)
GHSA-w5xj-99cg-rccm
  • RubyGems/decidim-core
 Decidim amendments can be accepted or rejected by anyone 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-9pm8-vwc5-w2hm
  • RubyGems/fat_free_crm
 Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID 3 days ago
  • Fix available
  • Severity - 2.1 (Low)
GHSA-fc46-r95f-hq7g
  • RubyGems/decidim-core
 Decidim has a cross-site scripting (XSS) in user name 3 days ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-9hfr-gw99-8rhx
  • RubyGems/bsv-sdk
 bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts 09 Apr
  • Fix available
  • Severity - 7.5 (High)
GHSA-hc36-c89j-5f4j
  • RubyGems/bsv-sdk
  • RubyGems/bsv-wallet
 bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths) 09 Apr
  • Fix available
  • Severity - 8.1 (High)
GHSA-33qg-7wpp-89cq
  • RubyGems/rack-session
 Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization 08 Apr
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-h27x-rffw-24p4
  • RubyGems/addressable
 Addressable has a Regular Expression Denial of Service in Addressable templates 08 Apr
  • Fix available
  • Severity - 7.5 (High)
GHSA-6r34-94wq-jhrc
  • RubyGems/rdiscount
 rdiscount has an Out-of-bounds Read 06 Apr
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-g2pf-xv49-m2h5
  • RubyGems/rack
 Rack::Request accepts invalid Host characters, enabling host allowlist bypass 02 Apr
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-q2ww-5357-x388
  • RubyGems/rack
 Rack has Content-Length mismatch in Rack::Files error responses 02 Apr
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-qv7j-4883-hwh7
  • RubyGems/rack
 Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect 02 Apr
  • Fix available
  • Severity - 5.9 (Medium)
Load more...