OSV - Open Source Vulnerabilities

GHSA-hqp6-mjw3-f586

RubyGems/vagrant

HashiCorp Vagrant has code injection vulnerability through default synced folders

yesterday

Fix available
Severity - 5.4 (Medium)

GHSA-r995-q44h-hr64

RubyGems/webrick

Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling

26 Jun

Fix available
Severity - 6.5 (Medium)

MAL-2025-5147

RubyGems/xxxxxxxx

Malicious code in xxxxxxxx (RubyGems)

18 Jun

No fix available

MAL-2025-5146

RubyGems/teaspoon-devkit

Malicious code in teaspoon-devkit (RubyGems)

18 Jun

No fix available

MAL-2025-5145

RubyGems/jdbc-zzz

Malicious code in jdbc-zzz (RubyGems)

18 Jun

No fix available

GHSA-cf8v-5mrc-jv7f

RubyGems/openc3-cosmos-tool-iframe

OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint

13 Jun

No fix available
Severity - 7.5 (High)

GHSA-p67j-387g-75wc

RubyGems/openc3-cosmos-tool-iframe

OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint

13 Jun

No fix available
Severity - 9.1 (Critical)

GHSA-47m2-26rw-j2jw

RubyGems/rack

ReDoS Vulnerability in Rack::Multipart handle_mime_head

05 Jun

Fix available
Severity - 6.6 (Medium)

GHSA-2c47-m757-32g6

Go/github.com/Shopify/ejson2env/v2
RubyGems/ejson2env
Go/github.com/Shopify/ejson2env

Insufficient input sanitization in ejson2env

21 May

Fix available
Severity - 6.6 (Medium)

GHSA-gjh7-p2fx-99vx

RubyGems/rack

Rack has an Unbounded-Parameter DoS in Rack::QueryParser

08 May

Fix available
Severity - 7.5 (High)

GHSA-9j94-67jr-4cqj

RubyGems/rack-session

Rack session gets restored after deletion

08 May

Fix available
Severity - 4.2 (Medium)

GHSA-vpfw-47h7-xj4g

RubyGems/rack

Rack session gets restored after deletion

08 May

Fix available
Severity - 4.2 (Medium)

GHSA-j3g3-5qv5-52mj

RubyGems/net-imap

net-imap rubygem vulnerable to possible DoS by memory exhaustion

28 Apr

Fix available
Severity - 6.0 (Medium)

MAL-2025-3295

RubyGems/bvr-api

Malicious code in bvr-api (RubyGems)

24 Apr

No fix available

GHSA-5w6v-399v-w3cc

RubyGems/nokogiri

Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415

21 Apr

Fix available

GHSA-8fm5-gg2f-f66q

RubyGems/publify_core

Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

28 Mar

Fix available
Severity - 1.8 (Low)