Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-hv5j-3h9f-99c2
  • RubyGems/uri
  • RubyGems/uri
  • RubyGems/uri
  • RubyGems/uri
Ruby URI component ReDoS issue
  • 0.12.0
  • 0.11.0
  • 0.10.1
  • 0.10.0
2023-03-31T23:06:14.852709Z Fix available
GHSA-fg7x-g82r-94qc
  • RubyGems/time
  • RubyGems/time
Ruby Time component ReDos issue
  • 0.2.0
  • 0.2.1
  • 0.1.0
2023-03-31T23:05:59.026018Z Fix available
GHSA-c3gv-9cxf-6f57
  • RubyGems/loofah
Cross-site Scripting in Loofah
  • 0.2.0
  • 0.2.1
  • 0.2.2
  • 0.3.0
  • 0.3.1
  • 0.4.0
  • 0.4.1
  • ...
2023-03-31T16:16:17.756080Z Fix available
GHSA-9p29-94hp-8rvc
  • RubyGems/qiita-markdown
qiita-markdown Cross-site Scripting vulnerability
  • 0.0.1
  • 0.0.2
  • 0.0.3
  • 0.0.4
  • 0.0.5
  • 0.0.6
  • 0.0.7
  • ...
2023-03-31T16:01:57.426088Z Fix available
GHSA-977c-63xq-cgw3
  • RubyGems/opensearch-ruby
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
  • 2.0.0
  • 2.0.1
2023-03-31T15:48:29.816421Z Fix available
GHSA-579w-22j4-4749
  • RubyGems/activerecord
  • RubyGems/activerecord
  • RubyGems/activerecord
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
  • 6.0.0
  • 6.0.1
  • 6.0.1.rc1
  • 6.0.2
  • 6.0.2.1
  • 6.0.2.2
  • 6.0.2.rc1
  • ...
2023-03-31T14:01:31.617843Z Fix available
GHSA-7627-mp87-jf6q
  • RubyGems/cocoapods-downloader
  • RubyGems/cocoapods-downloader
Command injection in cocoapods-downloader
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.2.0
  • 0.3.0
  • 0.4.0
  • 0.4.1
  • ...
2023-03-30T23:48:21.603642Z Fix available
GHSA-7322-9mx6-5j2m
  • RubyGems/redcarpet
redcarpet Buffer Overflow vulnerability
  • 3.3.0
  • 3.3.1
2023-03-30T23:33:08.267759Z Fix available
GHSA-m875-3xf6-mf78
  • RubyGems/unpoly-rails
unpoly-rails Denial of Service vulnerability
  • 0.20.0
  • 0.21.0
  • 0.22.0
  • 0.22.1
  • 0.23.0
  • 0.24.0
  • 0.24.1
  • ...
2023-03-30T23:03:57.669112Z Fix available
GHSA-8qwh-rm6c-jv96
  • RubyGems/oxidized-web
Oxidized Web vulnerable to Cross-site Scripting
  • 0.0.1
  • 0.0.2
  • 0.0.3
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.10.0
  • ...
2023-03-30T05:35:51.678429Z No fix available
GHSA-mc8m-x6hf-cw2g
  • RubyGems/point-cli
point-cli allows local users to obtain sensitive information by listing the process
  • 0.0.1
2023-03-30T05:34:11.322513Z No fix available
GHSA-42gq-h7xj-33r4
  • RubyGems/features
Features file injection vulnerability
  • 0.1.0
  • 0.1.2
  • 0.1.3
  • 0.1.4
  • 0.2.0
  • 0.2.1
  • 0.3.0
2023-03-30T05:30:56.825044Z No fix available
GHSA-mvw8-v767-qhjm
  • RubyGems/radiant
Radiant CMS vulnerable to Cross-site Scripting
  • 0.5.0
  • 0.5.1
  • 0.5.2
  • 0.6.0
  • 0.6.1
  • 0.6.2
  • 0.6.3
  • ...
2023-03-30T05:30:51.912125Z No fix available
GHSA-hgmw-x865-hf9x
  • RubyGems/Arabic-Prawn
Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters
  • 0.0.1
2023-03-30T05:30:08.121478Z No fix available
GHSA-5g7f-p7jg-v6mv
  • RubyGems/lean-ruport
lean-ruport allows local users to obtain sensitive information by listing the process
  • 0.3.8
2023-03-30T05:29:53.257092Z No fix available
GHSA-86cf-g34f-7462
  • RubyGems/VladTheEnterprising
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file
  • 0.1.4
  • 0.1.5
  • 0.1.6
  • 0.1.7
  • 0.1.8
  • 0.2
2023-03-30T05:29:48.298262Z No fix available