Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
749455
AlmaLinux
5207
Alpaquita
11417
Alpine
4310
Android
2912
Azure Linux
12016
BellSoft Hardened Containers
554
Bitnami
8237
Chainguard
8703
CleanStart
1524
CRAN
14
crates.io
2545
Debian
59472
Echo
4207
GHC
3
GIT
91340
GitHub Actions
54
Go
7951
Hackage
32
Hex
165
Julia
979
Linux
25274
Mageia
6004
Maven
6659
MinimOS
81285
npm
221278
NuGet
1765
opam
18
openEuler
7055
openSUSE
13348
OSS-Fuzz
3960
Packagist
6624
Pub
11
PyPI
20770
Red Hat
20984
Rocky Linux
3540
Root
17202
RubyGems
2008
SUSE
21141
SwiftURL
58
TuxCare
5803
Ubuntu
56912
VSCode
20
Wolfi
6094
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-mjgf-xj26-9qf9
RubyGems/pay
pay-rails/pay: non-constant-time HMAC comparison in Paddle Billing webhook signature verifier
2 days ago
No fix available
Severity - 7.4 (High)
GHSA-pxcc-8665-phx8
RubyGems/yard
YARD static cache reads raw traversal paths before router sanitization
26 Jun
Fix available
Severity - 5.3 (Medium)
GHSA-2jc5-xhx8-qj6h
RubyGems/fluent-plugin-opentelemetry
fluent-plugin-opentelemetry Has Denial of Service (DoS) via Large Payloads and Decompression Bombs in
`
in_opentelemetry
`
26 Jun
Fix available
Severity - 5.3 (Medium)
GHSA-xv9w-7v6q-hpjh
RubyGems/fluent-plugin-s3
fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in
`
in_s3
`
26 Jun
Fix available
Severity - 2.7 (Low)
GHSA-72f5-rr8c-r6gr
RubyGems/fluentd
Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in
`
out_http
`
26 Jun
Fix available
Severity - 7.2 (High)
GHSA-j9cw-hwqf-85w7
RubyGems/fluentd
Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in
`
in_http
`
and
`
in_forward
`
26 Jun
Fix available
Severity - 7.5 (High)
GHSA-pr7j-96cj-549h
RubyGems/fluentd
Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API
26 Jun
Fix available
Severity - 7.5 (High)
GHSA-44hj-4m45-frj3
RubyGems/fluentd
Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in
`
${tag}
`
Placeholder
26 Jun
Fix available
Severity - 9.8 (Critical)
GHSA-6wx8-w4f5-wwcr
RubyGems/concurrent-ruby
Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
19 Jun
Fix available
Severity - 2.1 (Low)
GHSA-wv3x-4vxv-whpp
RubyGems/concurrent-ruby
Concurrent Ruby:
`
ReentrantReadWriteLock
`
read-count overflow grants a write lock without exclusivity
19 Jun
Fix available
Severity - 2.0 (Low)
GHSA-h8w8-99g7-qmvj
RubyGems/concurrent-ruby
Concurrent Ruby :
`
AtomicReference#update
`
livelocks when the stored value is
`
Float::NAN
`
19 Jun
Fix available
Severity - 8.2 (High)
GHSA-475m-ph3x-64gp
RubyGems/oj
Oj: Integer Overflow in Oj.load 2GB String Handling
19 Jun
Fix available
Severity - 8.7 (High)
GHSA-m578-w5vf-rfcm
RubyGems/oj
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
19 Jun
Fix available
Severity - 8.7 (High)
GHSA-vwm4-62gf-x745
RubyGems/oj
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
19 Jun
Fix available
Severity - 8.7 (High)
GHSA-9cv6-qcjw-4grx
RubyGems/oj
Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling
19 Jun
Fix available
Severity - 8.7 (High)
GHSA-q2gm-54r6-8fwm
RubyGems/oj
Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation
19 Jun
Fix available
Severity - 8.7 (High)
Load more...
RubyGems - OSV