Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-906
  • RubyGems/cucumber_json_schema
 Malicious code in cucumber_json_schema (RubyGems) yesterday
  • No fix available
GHSA-q66h-m87m-j2q6
  • RubyGems/bitcoinrb
 Bitcoinrb Vulnerable to Command injection via RPC 6 days ago
  • Fix available
  • Severity - 2.0 (Low)
GHSA-33mh-2634-fwr2
  • RubyGems/faraday
 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url 09 Feb
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-w67g-2h6v-vjgq
  • RubyGems/phlex
 Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values 06 Feb
  • Fix available
  • Severity - 7.1 (High)
GHSA-87fh-rc96-6fr6
  • RubyGems/spree_api
 Unauthenticated Spree Commerce users can access all guest addresses 05 Feb
  • Fix available
  • Severity - 7.7 (High)
GHSA-p6pv-q7rc-g4h9
  • RubyGems/spree_storefront
 Unauthenticated Spree Commerce users can view completed guest orders by Order ID 05 Feb
  • Fix available
  • Severity - 7.7 (High)
GHSA-3cx6-j9j4-54mp
  • RubyGems/decidim
  • RubyGems/decidim-core
 Decidim's private data exports can lead to data leaks 03 Feb
  • Fix available
  • Severity - 8.2 (High)
GHSA-2qxw-7fmx-gqfm
  • RubyGems/foreman_kubevirt
 foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set 02 Feb
  • Fix available
  • Severity - 8.1 (High)
GHSA-m3hq-3qj8-c5fm
  • RubyGems/fog-kubevirt
 fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation 02 Feb
  • Fix available
  • Severity - 8.1 (High)
GHSA-2762-657x-v979
  • RubyGems/alchemy_cms
 AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper 21 Jan
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-mpwp-4h2m-765c
  • RubyGems/activejob
 Active Job - Object injection security vulnerability 16 Jan
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-5qw5-wf2q-f538
  • RubyGems/activerecord-jdbc-adapter
 ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection 16 Jan
  • Fix available
  • Severity - 8.8 (High)
GHSA-w757-4qv9-mghp
  • RubyGems/openc3
 openc3-api Vulnerable to Unauthenticated Remote Code Execution 13 Jan
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-3ghg-3787-w2xr
  • RubyGems/spree_core
 Spree API has Unauthenticated IDOR - Guest Address 08 Jan
  • Fix available
  • Severity - 7.5 (High)
GHSA-g268-72p7-9j6j
  • RubyGems/spree_api
 Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification 08 Jan
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-96qw-h329-v5rg
  • RubyGems/shakapacker
  • npm/shakapacker
 Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles 08 Jan
  • Fix available
  • Severity - 7.5 (High)
Load more...