OSV - Open Source Vulnerabilities

GHSA-2c47-m757-32g6

Go/github.com/Shopify/ejson2env/v2
RubyGems/ejson2env
Go/github.com/Shopify/ejson2env

Insufficient input sanitization in ejson2env

21 May

Fix available
Severity - 6.6 (Medium)

GHSA-gjh7-p2fx-99vx

RubyGems/rack

Rack has an Unbounded-Parameter DoS in Rack::QueryParser

08 May

Fix available
Severity - 7.5 (High)

GHSA-9j94-67jr-4cqj

RubyGems/rack-session

Rack session gets restored after deletion

08 May

Fix available
Severity - 4.2 (Medium)

GHSA-vpfw-47h7-xj4g

RubyGems/rack

Rack session gets restored after deletion

08 May

Fix available
Severity - 4.2 (Medium)

GHSA-j3g3-5qv5-52mj

RubyGems/net-imap

net-imap rubygem vulnerable to possible DoS by memory exhaustion

28 Apr

Fix available
Severity - 6.0 (Medium)

MAL-2025-3295

RubyGems/bvr-api

Malicious code in bvr-api (RubyGems)

24 Apr

No fix available

GHSA-5w6v-399v-w3cc

RubyGems/nokogiri

Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415

21 Apr

Fix available

GHSA-8fm5-gg2f-f66q

RubyGems/publify_core

Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

28 Mar

Fix available
Severity - 1.8 (Low)

MAL-2025-3021

RubyGems/evenote-thrift

Malicious code in evenote-thrift (RubyGems)

28 Mar

No fix available

GHSA-pfqj-w6r6-g86v

RubyGems/pitchfork

Pitchfork HTTP Request/Response Splitting vulnerability

27 Mar

Fix available
Severity - 4.3 (Medium)

GHSA-mrxw-mxhj-p664

RubyGems/nokogiri

Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs

14 Mar

Fix available
Severity - 7.8 (High)

GHSA-rp28-mvq3-wf8j

RubyGems/camaleon_cms

Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

14 Mar

Fix available
Severity - 9.4 (Critical)

GHSA-754f-8gm6-c4r2

RubyGems/ruby-saml

Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

12 Mar

Fix available
Severity - 9.3 (Critical)

GHSA-4vc4-m8qh-g8jm

RubyGems/ruby-saml

Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)

12 Mar

Fix available
Severity - 9.3 (Critical)

GHSA-92rq-c8cf-prrq

RubyGems/ruby-saml

Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses

12 Mar

Fix available
Severity - 7.7 (High)

GHSA-hw46-3hmr-x9xv

RubyGems/omniauth-saml

omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue

12 Mar

Fix available