Vulnerability Database
Blog
FAQ
Docs
Vulnerability Library
search
All ecosystems
109377
AlmaLinux
2683
Alpine
3380
Android
861
Bitnami
3830
CRAN
10
crates.io
1325
Debian
9803
GIT
32724
GitHub Actions
16
Go
2040
Hackage
17
Hex
27
Linux
13573
Maven
4811
npm
14150
NuGet
575
OSS-Fuzz
3261
Packagist
2847
Pub
8
PyPI
11592
Rocky Linux
1030
RubyGems
784
SwiftURL
30
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-vfmv-jfc5-pjjw
RubyGems/carrierwave
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
...
2024-03-25T19:40:36Z
Fix available
GHSA-592j-995h-p23j
RubyGems/rdoc
RDoc RCE vulnerability with .rdoc_options
6.3.0
6.3.1
6.3.2
6.3.3
6.4.0
6.5.0
6.6.0
...
2024-03-25T19:36:59Z
Fix available
GHSA-v5h6-c2hv-hv3r
RubyGems/stringio
StringIO buffer overread vulnerability
0.0.1
0.0.2
0.1.0
0.1.3
0.1.4
3.0.0
3.0.1
2024-03-25T19:36:52Z
Fix available
GHSA-vcc3-rw6f-jv97
RubyGems/nokogiri
Use-after-free in libxml2 via Nokogiri::XML::Reader
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
...
2024-03-18T20:38:40Z
Fix available
GHSA-x2h8-qmj4-g62f
RubyGems/rotp
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
6.2.1
6.2.2
2024-03-18T17:21:46Z
Fix available
GHSA-mp76-7w5v-pr75
RubyGems/turbo_boost-commands
npm/@turbo-boost/commands
TurboBoost Commands vulnerable to arbitrary method invocation
0.0.1
0.0.10
0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
...
2024-03-15T19:53:50Z
Fix available
GHSA-8832-4mm5-x2r6
RubyGems/discordrb
discordrb OS Command Injection vulnerability
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
...
2024-03-14T20:37:58Z
Fix available
GHSA-242p-4v39-2v8g
RubyGems/phlex
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
1.9.0
1.8.0
1.8.1
1.7.0
1.6.0
1.6.1
1.5.0
...
2024-03-12T15:39:46Z
Fix available
GHSA-c8v6-786g-vjx6
RubyGems/json-jwt
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
1.16.0
1.16.1
1.16.2
1.16.3
1.16.4
1.16.5
0.0.0
...
2024-02-29T03:33:14Z
Fix available
GHSA-22f2-v57c-j9cx
RubyGems/rack
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.4.1
3.0.4.2
...
2024-02-28T22:57:26Z
Fix available
GHSA-xj5v-6v4g-jfw6
RubyGems/rack
Rack has possible DoS Vulnerability with Range Header
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.4.1
3.0.4.2
...
2024-02-28T22:57:12Z
Fix available
GHSA-54rr-7fvw-6x8f
RubyGems/rack
Rack Header Parsing leads to Possible Denial of Service Vulnerability
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.4.1
3.0.4.2
...
2024-02-28T22:57:03Z
Fix available
GHSA-8mq4-9jjh-9xrc
RubyGems/yard
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
0.2.0
0.2.1
0.2.2
0.2.3
0.2.3.2
0.2.3.3
0.2.3.4
...
2024-02-28T18:57:19Z
Fix available
GHSA-8h22-8cf7-hq6g
RubyGems/activestorage
Rails has possible Sensitive Session Information Leak in Active Storage
5.2.0
5.2.1
5.2.1.1
5.2.1.rc1
5.2.2
5.2.2.1
5.2.2.rc1
...
2024-02-27T21:41:16Z
Fix available
GHSA-9822-6m93-xqf4
RubyGems/actionpack
RubyGems/rails
Rails has possible XSS Vulnerability in Action Controller
7.0.0
7.0.1
7.0.2
7.0.2.1
7.0.2.2
7.0.2.3
7.0.2.4
...
2024-02-27T21:41:12Z
Fix available
GHSA-jjhx-jhvp-74wq
RubyGems/actionpack
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
7.1.0
7.1.1
7.1.2
7.1.3
2024-02-27T21:41:09Z
Fix available
Load more...
RubyGems - OSV