Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-gxhx-g4fq-49hj
  • RubyGems/carrierwave
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.0.4
  • 0.1
  • 0.10.0
  • ...
2023-11-29T21:33:27Z Fix available
GHSA-frgf-8jr5-j2jv
  • RubyGems/rmagick
memory leak flaw was found in ruby-magick
  • 1.10.0
  • 1.10.1
  • 1.11.0
  • 1.11.1
  • 1.12.0
  • 1.13.0
  • 1.14.0
  • ...
2023-10-30T21:33:39Z Fix available
GHSA-3px7-jm2p-6h2c
  • RubyGems/encoded_id-rails
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
  • 0.1.0
  • 0.2.0
  • 0.3.0
  • 0.3.1
  • 0.4.0
  • 0.5.0
  • 0.6.0
  • ...
2023-10-24T02:00:50Z Fix available
GHSA-6hvg-62q8-95v7
  • RubyGems/svg_optimizer
svg_optimizer rubygem external XML entity (XXE) vulnerability
  • 0.2.6
2023-10-20T13:23:32Z Fix available
MAL-2023-8322
Malicious code in investing_parameters (RubyGems)
  • 1.2.1
2023-10-10T15:47:13Z No fix available
GHSA-289m-2964-f8q5
  • RubyGems/bolt
Puppet Bolt privilege escalation vulnerability
  • 0.0.1
  • 0.10.0
  • 0.11.0
  • 0.12.0
  • 0.13.0
  • 0.14.0
  • 0.15.0
  • ...
2023-10-06T18:30:32Z Fix available
GHSA-7xvc-v44j-46fh
  • RubyGems/geokit-rails
geokit-rails Command Injection vulnerability
  • 1.1.4
  • 2.0.0
  • 2.0.0.rc1
  • 2.0.1
  • 2.1.0
  • 2.2.0
  • 2.3.0
  • ...
2023-10-06T06:30:16Z Fix available
GHSA-639h-86hw-qcjq
  • RubyGems/decidim
  • RubyGems/decidim-templates
Decidim has broken access control in templates
  • 0.23.2
  • 0.23.3
  • 0.23.4
  • 0.23.5
  • 0.23.6
  • 0.24.0
  • 0.24.0.rc1
  • ...
2023-10-05T20:52:46Z Fix available
GHSA-3qc2-v3hp-6cv8
  • RubyGems/sidekiq
sidekiq Denial of Service vulnerability
  • 7.0.0
  • 7.0.1
  • 7.0.2
  • 7.0.3
  • 7.0.4
  • 7.0.5
  • 7.0.6
  • ...
2023-09-14T06:30:19Z Fix available
GHSA-cr5q-6q9f-rq6q
  • RubyGems/activesupport
Active Support Possibly Discloses Locally Encrypted Files
  • 5.2.0
  • 5.2.1
  • 5.2.1.1
  • 5.2.1.rc1
  • 5.2.2
  • 5.2.2.1
  • 5.2.2.rc1
  • ...
2023-08-23T20:36:24Z Fix available
GHSA-68xg-gqqm-vgj8
  • RubyGems/puma
Puma HTTP Request/Response Smuggling vulnerability
  • 0.8.0
  • 0.8.1
  • 0.8.2
  • 0.9.0
  • 0.9.1
  • 0.9.2
  • 0.9.3
  • ...
2023-08-18T21:50:05Z Fix available
MAL-2023-1436
Malicious code in puppet-module-posix-system-r3.2 (RubyGems)
  • 1.0.0
2023-08-10T15:30:28Z No fix available
MAL-2023-1433
Malicious code in puppet-module-posix-system-r (RubyGems)
  • 1.0.0
2023-08-09T17:50:27Z No fix available
GHSA-7vh7-fw88-wj87
  • RubyGems/commonmarker
Several quadratic complexity bugs may lead to denial of service in Commonmarker
  • 0.0.1
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 0.10.0
  • 0.11.0
  • ...
2023-08-08T17:12:00Z Fix available
GHSA-6jwc-qr2q-7xwj
  • RubyGems/protocol-http1
protocol-http1 HTTP Request/Response Smuggling vulnerability
  • 0.1.0
  • 0.10.0
  • 0.10.1
  • 0.10.2
  • 0.10.3
  • 0.11.0
  • 0.11.1
  • ...
2023-08-03T16:36:34Z Fix available
MAL-2023-1426
Malicious code in google-apis-androidpublisher_v2 (RubyGems)
  • 0.0
2023-07-19T06:30:24Z No fix available