OSV - Open Source Vulnerabilities

MAL-2026-3630

RubyGems/knot-activesupport-logger

Malicious code in knot-activesupport-logger (RubyGems)

yesterday

No fix available

MAL-2026-3631

RubyGems/knot-date-utils-rb

Malicious code in knot-date-utils-rb (RubyGems)

yesterday

No fix available

MAL-2026-3632

RubyGems/knot-devise-jwt-helper

Malicious code in knot-devise-jwt-helper (RubyGems)

yesterday

No fix available

MAL-2026-3633

RubyGems/knot-rack-session-store

Malicious code in knot-rack-session-store (RubyGems)

yesterday

No fix available

MAL-2026-3634

RubyGems/knot-rails-assets-pipeline

Malicious code in knot-rails-assets-pipeline (RubyGems)

yesterday

No fix available

MAL-2026-3635

RubyGems/knot-rspec-formatter-json

Malicious code in knot-rspec-formatter-json (RubyGems)

yesterday

No fix available

MAL-2026-3636

RubyGems/knot-simple-formatter

Malicious code in knot-simple-formatter (RubyGems)

yesterday

No fix available

GHSA-hg3h-g7xc-f7vp

RubyGems/view_component

view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

5 days ago

Fix available
Severity - 5.9 (Medium)

GHSA-7f3r-gwc9-2995

RubyGems/view_component

view_component: Preview Route Can Dispatch Inherited Helper Methods

5 days ago

Fix available
Severity - 6.5 (Medium)

GHSA-jp94-3292-c3xv

RubyGems/devise

Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

5 days ago

Fix available
Severity - 6.1 (Medium)

GHSA-xv9c-mjw8-79gf

RubyGems/sidekiq-cron

Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL

6 days ago

Fix available
Severity - 6.1 (Medium)

GHSA-4cx3-3c38-j9vv

RubyGems/katalyst-koi

katalyst-koi: Session cookies can be replayed after user logout

07 May

Fix available
Severity - 7.4 (High)

GHSA-ff6c-w6qf-7xqc

RubyGems/css_parser

CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content

07 May

Fix available
Severity - 5.8 (Medium)

GHSA-v2fc-qm4h-8hqv

RubyGems/nokogiri

Nokogiri XSLT transform has a memory leak

06 May

Fix available
Severity - 5.3 (Medium)

GHSA-c4rq-3m3g-8wgx

RubyGems/nokogiri

Nokogiri CSS selector tokenizer has regular expression backtracking

06 May

Fix available
Severity - 7.5 (High)

GHSA-3h96-34p3-xm76

RubyGems/graphql

GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens

05 May

Fix available
Severity - 5.3 (Medium)