Vulnerability Database
Blog
FAQ
Docs
Vulnerability Library
search
All ecosystems
115203
AlmaLinux
2719
Alpine
3395
Android
881
Bitnami
3889
CRAN
10
crates.io
1341
Debian
9832
GIT
32913
GitHub Actions
16
Go
2093
Hackage
18
Hex
29
Linux
13573
Maven
4856
npm
14301
NuGet
580
OSS-Fuzz
3273
Packagist
2886
Pub
8
PyPI
11653
Rocky Linux
1030
RubyGems
786
SwiftURL
31
Ubuntu
5090
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-g7xq-xv8c-h98c
RubyGems/phlex
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
1.10.0
1.9.0
1.9.1
1.8.0
1.8.1
1.8.2
1.7.0
...
2024-04-17T00:20:23Z
Fix available
GHSA-vfmv-jfc5-pjjw
RubyGems/carrierwave
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
...
2024-03-25T19:40:36Z
Fix available
GHSA-592j-995h-p23j
RubyGems/rdoc
RDoc RCE vulnerability with .rdoc_options
6.3.0
6.3.1
6.3.2
6.3.3
6.4.0
6.5.0
6.6.0
...
2024-03-25T19:36:59Z
Fix available
GHSA-v5h6-c2hv-hv3r
RubyGems/stringio
StringIO buffer overread vulnerability
0.0.1
0.0.2
0.1.0
0.1.3
0.1.4
3.0.0
3.0.1
2024-03-25T19:36:52Z
Fix available
GHSA-vcc3-rw6f-jv97
RubyGems/nokogiri
Use-after-free in libxml2 via Nokogiri::XML::Reader
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
...
2024-03-18T20:38:40Z
Fix available
GHSA-x2h8-qmj4-g62f
RubyGems/rotp
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
6.2.1
6.2.2
2024-03-18T17:21:46Z
Fix available
GHSA-mp76-7w5v-pr75
RubyGems/turbo_boost-commands
npm/@turbo-boost/commands
TurboBoost Commands vulnerable to arbitrary method invocation
0.0.1
0.0.10
0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
...
2024-03-15T19:53:50Z
Fix available
GHSA-8832-4mm5-x2r6
RubyGems/discordrb
discordrb OS Command Injection vulnerability
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
...
2024-03-14T20:37:58Z
Fix available
GHSA-242p-4v39-2v8g
RubyGems/phlex
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
1.9.0
1.8.0
1.8.1
1.7.0
1.6.0
1.6.1
1.5.0
...
2024-03-12T15:39:46Z
Fix available
GHSA-c8v6-786g-vjx6
RubyGems/json-jwt
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
1.16.0
1.16.1
1.16.2
1.16.3
1.16.4
1.16.5
0.0.0
...
2024-02-29T03:33:14Z
Fix available
GHSA-22f2-v57c-j9cx
RubyGems/rack
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.4.1
3.0.4.2
...
2024-02-28T22:57:26Z
Fix available
GHSA-xj5v-6v4g-jfw6
RubyGems/rack
Rack has possible DoS Vulnerability with Range Header
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.4.1
3.0.4.2
...
2024-02-28T22:57:12Z
Fix available
GHSA-54rr-7fvw-6x8f
RubyGems/rack
Rack Header Parsing leads to Possible Denial of Service Vulnerability
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.4.1
3.0.4.2
...
2024-02-28T22:57:03Z
Fix available
GHSA-8mq4-9jjh-9xrc
RubyGems/yard
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
0.2.0
0.2.1
0.2.2
0.2.3
0.2.3.2
0.2.3.3
0.2.3.4
...
2024-02-28T18:57:19Z
Fix available
GHSA-8h22-8cf7-hq6g
RubyGems/activestorage
Rails has possible Sensitive Session Information Leak in Active Storage
5.2.0
5.2.1
5.2.1.1
5.2.1.rc1
5.2.2
5.2.2.1
5.2.2.rc1
...
2024-02-27T21:41:16Z
Fix available
GHSA-9822-6m93-xqf4
RubyGems/actionpack
RubyGems/rails
Rails has possible XSS Vulnerability in Action Controller
7.0.0
7.0.1
7.0.2
7.0.2.1
7.0.2.2
7.0.2.3
7.0.2.4
...
2024-02-27T21:41:12Z
Fix available
Load more...
RubyGems - OSV