Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-53p3-c7vp-4mcc
  • RubyGems/action_text-trix
  • npm/trix
 Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController) yesterday
  • Fix available
  • Severity - 2.1 (Low)
GHSA-c4r5-fxqw-vh93
  • RubyGems/ruby-lsp
 Ruby LSP has arbitrary code execution through branch setting 3 days ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-qvqr-5cv7-wh35
  • RubyGems/mcp
 MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay 3 days ago
  • Fix available
  • Severity - 8.2 (High)
MAL-2026-2265
  • RubyGems/monolith-twirp-codingagentintegrations-codingagentintegrations
 Malicious code in monolith-twirp-codingagentintegrations-codingagentintegrations (RubyGems) 3 days ago
  • No fix available
MAL-2026-2266
  • RubyGems/monolith-twirp-copilot-registry
 Malicious code in monolith-twirp-copilot-registry (RubyGems) 3 days ago
  • No fix available
MAL-2026-2267
  • RubyGems/monolith-twirp-partitioning-pull_requests
 Malicious code in monolith-twirp-partitioning-pull_requests (RubyGems) 3 days ago
  • No fix available
MAL-2026-2263
  • RubyGems/monolith-twirp-reposinsights-reposinsights
 Malicious code in monolith-twirp-reposinsights-reposinsights (RubyGems) 3 days ago
  • No fix available
MAL-2026-2262
  • RubyGems/monolith-twirp-pullsd-teams
 Malicious code in monolith-twirp-pullsd-teams (RubyGems) 3 days ago
  • No fix available
MAL-2026-2259
  • RubyGems/monolith-twirp-loops-core
 Malicious code in monolith-twirp-loops-core (RubyGems) 3 days ago
  • No fix available
MAL-2026-2261
  • RubyGems/monolith-twirp-pullsd-repositories
 Malicious code in monolith-twirp-pullsd-repositories (RubyGems) 3 days ago
  • No fix available
MAL-2026-2260
  • RubyGems/monolith-twirp-pullsd-pullrequestinfo
 Malicious code in monolith-twirp-pullsd-pullrequestinfo (RubyGems) 3 days ago
  • No fix available
MAL-2026-2264
  • RubyGems/monolith-twirp-scribe-scribe
 Malicious code in monolith-twirp-scribe-scribe (RubyGems) 3 days ago
  • No fix available
GHSA-2j22-pr5w-6gq8
  • RubyGems/loofah
 Loofah has improper detection of disallowed URIs via `allowed_uri?` 4 days ago
  • Fix available
  • Severity - 2.3 (Low)
GHSA-p9fm-f462-ggrg
  • RubyGems/activestorage
 Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests 5 days ago
  • Fix available
  • Severity - 2.3 (Low)
GHSA-pv9c-9mfh-hvxq
  • RubyGems/icalendar
 iCalendar has ICS injection via unsanitized URI property values 6 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-73f9-jhhh-hr5m
  • RubyGems/activestorage
 Rails Active Storage has possible glob injection in its DiskService 23 Mar
  • Fix available
  • Severity - 6.6 (Medium)
Load more...