Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-vfmv-jfc5-pjjw
  • RubyGems/carrierwave
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.0.4
  • 3.0.5
  • 3.0.6
  • ...
2024-03-25T19:40:36Z Fix available
GHSA-592j-995h-p23j
  • RubyGems/rdoc
RDoc RCE vulnerability with .rdoc_options
  • 6.3.0
  • 6.3.1
  • 6.3.2
  • 6.3.3
  • 6.4.0
  • 6.5.0
  • 6.6.0
  • ...
2024-03-25T19:36:59Z Fix available
GHSA-v5h6-c2hv-hv3r
  • RubyGems/stringio
StringIO buffer overread vulnerability
  • 0.0.1
  • 0.0.2
  • 0.1.0
  • 0.1.3
  • 0.1.4
  • 3.0.0
  • 3.0.1
2024-03-25T19:36:52Z Fix available
GHSA-vcc3-rw6f-jv97
  • RubyGems/nokogiri
Use-after-free in libxml2 via Nokogiri::XML::Reader
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 1.0.6
  • ...
2024-03-18T20:38:40Z Fix available
GHSA-x2h8-qmj4-g62f
  • RubyGems/rotp
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
  • 6.2.1
  • 6.2.2
2024-03-18T17:21:46Z Fix available
GHSA-mp76-7w5v-pr75
  • RubyGems/turbo_boost-commands
  • npm/@turbo-boost/commands
TurboBoost Commands vulnerable to arbitrary method invocation
  • 0.0.1
  • 0.0.10
  • 0.0.11
  • 0.0.12
  • 0.0.13
  • 0.0.14
  • 0.0.15
  • ...
2024-03-15T19:53:50Z Fix available
GHSA-8832-4mm5-x2r6
  • RubyGems/discordrb
discordrb OS Command Injection vulnerability
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 1.0.6
  • ...
2024-03-14T20:37:58Z Fix available
GHSA-242p-4v39-2v8g
  • RubyGems/phlex
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
  • 1.9.0
  • 1.8.0
  • 1.8.1
  • 1.7.0
  • 1.6.0
  • 1.6.1
  • 1.5.0
  • ...
2024-03-12T15:39:46Z Fix available
GHSA-c8v6-786g-vjx6
  • RubyGems/json-jwt
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
  • 1.16.0
  • 1.16.1
  • 1.16.2
  • 1.16.3
  • 1.16.4
  • 1.16.5
  • 0.0.0
  • ...
2024-02-29T03:33:14Z Fix available
GHSA-22f2-v57c-j9cx
  • RubyGems/rack
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.0.4
  • 3.0.4.1
  • 3.0.4.2
  • ...
2024-02-28T22:57:26Z Fix available
GHSA-xj5v-6v4g-jfw6
  • RubyGems/rack
Rack has possible DoS Vulnerability with Range Header
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.0.4
  • 3.0.4.1
  • 3.0.4.2
  • ...
2024-02-28T22:57:12Z Fix available
GHSA-54rr-7fvw-6x8f
  • RubyGems/rack
Rack Header Parsing leads to Possible Denial of Service Vulnerability
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.0.4
  • 3.0.4.1
  • 3.0.4.2
  • ...
2024-02-28T22:57:03Z Fix available
GHSA-8mq4-9jjh-9xrc
  • RubyGems/yard
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
  • 0.2.0
  • 0.2.1
  • 0.2.2
  • 0.2.3
  • 0.2.3.2
  • 0.2.3.3
  • 0.2.3.4
  • ...
2024-02-28T18:57:19Z Fix available
GHSA-8h22-8cf7-hq6g
  • RubyGems/activestorage
Rails has possible Sensitive Session Information Leak in Active Storage
  • 5.2.0
  • 5.2.1
  • 5.2.1.1
  • 5.2.1.rc1
  • 5.2.2
  • 5.2.2.1
  • 5.2.2.rc1
  • ...
2024-02-27T21:41:16Z Fix available
GHSA-9822-6m93-xqf4
  • RubyGems/actionpack
  • RubyGems/rails
Rails has possible XSS Vulnerability in Action Controller
  • 7.0.0
  • 7.0.1
  • 7.0.2
  • 7.0.2.1
  • 7.0.2.2
  • 7.0.2.3
  • 7.0.2.4
  • ...
2024-02-27T21:41:12Z Fix available
GHSA-jjhx-jhvp-74wq
  • RubyGems/actionpack
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
  • 7.1.0
  • 7.1.1
  • 7.1.2
  • 7.1.3
2024-02-27T21:41:09Z Fix available