Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-3ghg-3787-w2xr
  • RubyGems/spree_core
 Spree API has Unauthenticated IDOR - Guest Address 4 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-g268-72p7-9j6j
  • RubyGems/spree_api
 Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification 4 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-96qw-h329-v5rg
  • RubyGems/shakapacker
  • npm/shakapacker
 Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles 4 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-g9jg-w8vm-g96v
  • RubyGems/action_text-trix
  • npm/trix
 Trix has a stored XSS vulnerability through its attachment attribute 31 Dec 2025
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-j4pr-3wm6-xx2r
  • RubyGems/uri
 URI Credential Leakage Bypass over CVE-2025-27221 30 Dec 2025
  • Fix available
  • Severity - 2.7 (Low)
GHSA-hm5p-x4rq-38w4
  • RubyGems/httparty
 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage 23 Dec 2025
  • Fix available
  • Severity - 7.8 (High)
MAL-2025-192925
  • RubyGems/verificator
 Malicious code in verificator (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192924
  • RubyGems/u2f_client
 Malicious code in u2f_client (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192922
  • RubyGems/stripe-server
 Malicious code in stripe-server (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192923
  • RubyGems/test_gem_978483406ebb19126a2e8c001649a4eb
 Malicious code in test_gem_978483406ebb19126a2e8c001649a4eb (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192921
  • RubyGems/stripe-rubocop
 Malicious code in stripe-rubocop (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192919
  • RubyGems/sq-samsa
 Malicious code in sq-samsa (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192920
  • RubyGems/stripe-backup
 Malicious code in stripe-backup (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192917
  • RubyGems/space-commander
 Malicious code in space-commander (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192918
  • RubyGems/sq-mdc
 Malicious code in sq-mdc (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192916
  • RubyGems/redis_connectable
 Malicious code in redis_connectable (RubyGems) 23 Dec 2025
  • No fix available
Load more...