Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-c32j-vqhx-rx3x
  • RubyGems/jwt
 ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351 yesterday
  • Fix available
  • Severity - 7.4 (High)
GHSA-5rv5-xj5j-3484
  • RubyGems/faraday
 Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping yesterday
  • Fix available
MAL-2026-3630
  • RubyGems/knot-activesupport-logger
 Malicious code in knot-activesupport-logger (RubyGems) 6 days ago
  • No fix available
MAL-2026-3631
  • RubyGems/knot-date-utils-rb
 Malicious code in knot-date-utils-rb (RubyGems) 6 days ago
  • No fix available
MAL-2026-3632
  • RubyGems/knot-devise-jwt-helper
 Malicious code in knot-devise-jwt-helper (RubyGems) 6 days ago
  • No fix available
MAL-2026-3633
  • RubyGems/knot-rack-session-store
 Malicious code in knot-rack-session-store (RubyGems) 6 days ago
  • No fix available
MAL-2026-3634
  • RubyGems/knot-rails-assets-pipeline
 Malicious code in knot-rails-assets-pipeline (RubyGems) 6 days ago
  • No fix available
MAL-2026-3635
  • RubyGems/knot-rspec-formatter-json
 Malicious code in knot-rspec-formatter-json (RubyGems) 6 days ago
  • No fix available
MAL-2026-3636
  • RubyGems/knot-simple-formatter
 Malicious code in knot-simple-formatter (RubyGems) 6 days ago
  • No fix available
GHSA-hg3h-g7xc-f7vp
  • RubyGems/view_component
 view_component: System Test Entry Point Path Check Allows Sibling Directory Escape 08 May
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-7f3r-gwc9-2995
  • RubyGems/view_component
 view_component: Preview Route Can Dispatch Inherited Helper Methods 08 May
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-jp94-3292-c3xv
  • RubyGems/devise
 Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler 08 May
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-xv9c-mjw8-79gf
  • RubyGems/sidekiq-cron
 Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL 07 May
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-4cx3-3c38-j9vv
  • RubyGems/katalyst-koi
 katalyst-koi: Session cookies can be replayed after user logout 07 May
  • Fix available
  • Severity - 7.4 (High)
GHSA-ff6c-w6qf-7xqc
  • RubyGems/css_parser
 CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content 07 May
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-v2fc-qm4h-8hqv
  • RubyGems/nokogiri
 Nokogiri XSLT transform has a memory leak 06 May
  • Fix available
  • Severity - 5.3 (Medium)
Load more...