OSV - Open Source Vulnerabilities

GHSA-hg3h-g7xc-f7vp

RubyGems/view_component

view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

17 hours ago

Fix available
Severity - 5.9 (Medium)

GHSA-7f3r-gwc9-2995

RubyGems/view_component

view_component: Preview Route Can Dispatch Inherited Helper Methods

17 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-jp94-3292-c3xv

RubyGems/devise

Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

yesterday

Fix available
Severity - 6.1 (Medium)

GHSA-4cx3-3c38-j9vv

RubyGems/katalyst-koi

katalyst-koi: Session cookies can be replayed after user logout

2 days ago

Fix available
Severity - 7.4 (High)

GHSA-ff6c-w6qf-7xqc

RubyGems/css_parser

CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content

2 days ago

Fix available
Severity - 5.8 (Medium)

GHSA-v2fc-qm4h-8hqv

RubyGems/nokogiri

Nokogiri XSLT transform has a memory leak

2 days ago

Fix available
Severity - 5.3 (Medium)

GHSA-c4rq-3m3g-8wgx

RubyGems/nokogiri

Nokogiri CSS selector tokenizer has regular expression backtracking

2 days ago

Fix available
Severity - 7.5 (High)

GHSA-3h96-34p3-xm76

RubyGems/graphql

GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens

3 days ago

Fix available
Severity - 5.3 (Medium)

GHSA-hm49-wcqc-g2xg

RubyGems/net-imap

net-imap vulnerable to command Injection via "raw" arguments to multiple commands

4 days ago

Fix available
Severity - 5.8 (Medium)

GHSA-75xq-5h9v-w6px

RubyGems/net-imap

net-imap vulnerable to command Injection via unvalidated Symbol inputs

4 days ago

Fix available
Severity - 5.8 (Medium)

GHSA-87pf-fpwv-p7m7

RubyGems/net-imap

net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication

4 days ago

Fix available
Severity - 6.0 (Medium)

GHSA-q2mw-fvj9-vvcw

RubyGems/net-imap

net-imap has quadratic complexity when reading response literals

4 days ago

Fix available
Severity - 2.3 (Low)

GHSA-vcgp-9326-pqcp

RubyGems/net-imap

net-imap vulnerable to STARTTLS stripping via invalid response timing

4 days ago

Fix available
Severity - 7.6 (High)

GHSA-qc5p-3mg5-9fh8

RubyGems/avo

Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources

24 Apr

Fix available
Severity - 8.8 (High)

GHSA-q339-8rmv-2mhv

RubyGems/erb

ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

24 Apr

Fix available
Severity - 8.1 (High)

GHSA-2wvh-87g2-89hr

RubyGems/openc3

OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool

23 Apr

Fix available
Severity - 9.6 (Critical)