OSV - Open Source Vulnerabilities

GHSA-4249-gjr8-jpq3

RubyGems/prosemirror_to_html

ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

13 Nov

Fix available
Severity - 8.7 (High)

GHSA-9c5q-w6gr-fxcq

RubyGems/mqtt

MQTT does not validate hostnames

06 Nov

Fix available
Severity - 7.4 (High)

GHSA-52c5-vh7f-26fx

RubyGems/prosemirror_to_html

Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

06 Nov

Fix available
Severity - 7.6 (High)

GHSA-mr3q-g2mv-mr4q

RubyGems/sinatra

Sinatra is vulnerable to ReDoS through ETag header value generation

10 Oct

Fix available
Severity - 2.7 (Low)

GHSA-6xw4-3v39-52mm

RubyGems/rack

Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

10 Oct

Fix available
Severity - 7.5 (High)

GHSA-r657-rxjc-j557

RubyGems/rack

Rack has a Possible Information Disclosure Vulnerability

10 Oct

Fix available
Severity - 5.8 (Medium)

GHSA-wpv5-97wm-hp9c

RubyGems/rack

Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

07 Oct

Fix available
Severity - 7.5 (High)

GHSA-w9pc-fmgc-vxvw

RubyGems/rack

Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

07 Oct

Fix available
Severity - 7.5 (High)

GHSA-p543-xpfm-54cp

RubyGems/rack

Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

07 Oct

Fix available
Severity - 7.5 (High)

MAL-2025-47815

RubyGems/sqlcommenter_rails

Malicious code in sqlcommenter_rails (RubyGems)

26 Sep

No fix available

MAL-2025-47816

RubyGems/your-gem-name12

Malicious code in your-gem-name12 (RubyGems)

26 Sep

No fix available

GHSA-625h-95r8-8xpm

RubyGems/rack

Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters

25 Sep

Fix available
Severity - 7.5 (High)

GHSA-c2f4-jgmc-q2r5

RubyGems/rexml

REXML has DoS condition when parsing malformed XML file

17 Sep

Fix available
Severity - 1.2 (Low)

MAL-2025-46925

RubyGems/authzd-client

Malicious code in authzd-client (RubyGems)

01 Sep

No fix available

MAL-2025-46924

RubyGems/advisory_db_toolkit

Malicious code in advisory_db_toolkit (RubyGems)

01 Sep

No fix available

MAL-2025-46926

RubyGems/github_chatops_extensions

Malicious code in github_chatops_extensions (RubyGems)

01 Sep

No fix available