OSV - Open Source Vulnerabilities

GHSA-c32j-vqhx-rx3x

RubyGems/jwt

ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

6 hours ago

Fix available
Severity - 7.4 (High)

GHSA-5rv5-xj5j-3484

RubyGems/faraday

Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping

9 hours ago

Fix available

MAL-2026-3630

RubyGems/knot-activesupport-logger

Malicious code in knot-activesupport-logger (RubyGems)

5 days ago

No fix available

MAL-2026-3631

RubyGems/knot-date-utils-rb

Malicious code in knot-date-utils-rb (RubyGems)

5 days ago

No fix available

MAL-2026-3632

RubyGems/knot-devise-jwt-helper

Malicious code in knot-devise-jwt-helper (RubyGems)

5 days ago

No fix available

MAL-2026-3633

RubyGems/knot-rack-session-store

Malicious code in knot-rack-session-store (RubyGems)

5 days ago

No fix available

MAL-2026-3634

RubyGems/knot-rails-assets-pipeline

Malicious code in knot-rails-assets-pipeline (RubyGems)

5 days ago

No fix available

MAL-2026-3635

RubyGems/knot-rspec-formatter-json

Malicious code in knot-rspec-formatter-json (RubyGems)

5 days ago

No fix available

MAL-2026-3636

RubyGems/knot-simple-formatter

Malicious code in knot-simple-formatter (RubyGems)

5 days ago

No fix available

GHSA-hg3h-g7xc-f7vp

RubyGems/view_component

view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

08 May

Fix available
Severity - 5.9 (Medium)

GHSA-7f3r-gwc9-2995

RubyGems/view_component

view_component: Preview Route Can Dispatch Inherited Helper Methods

08 May

Fix available
Severity - 6.5 (Medium)

GHSA-jp94-3292-c3xv

RubyGems/devise

Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

08 May

Fix available
Severity - 6.1 (Medium)

GHSA-xv9c-mjw8-79gf

RubyGems/sidekiq-cron

Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL

07 May

Fix available
Severity - 6.1 (Medium)

GHSA-4cx3-3c38-j9vv

RubyGems/katalyst-koi

katalyst-koi: Session cookies can be replayed after user logout

07 May

Fix available
Severity - 7.4 (High)

GHSA-ff6c-w6qf-7xqc

RubyGems/css_parser

CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content

07 May

Fix available
Severity - 5.8 (Medium)

GHSA-v2fc-qm4h-8hqv

RubyGems/nokogiri

Nokogiri XSLT transform has a memory leak

06 May

Fix available
Severity - 5.3 (Medium)