Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-5jch-xhw4-r43v
  • RubyGems/google_sign_in
 Google Sign-In for Rails allowed redirect to protocol-relative URI yesterday
  • Fix available
  • Severity - 4.2 (Medium)
MAL-2025-41805
  • RubyGems/omniauth-pro-sante-connect
 Malicious code in omniauth-pro-sante-connect (RubyGems) 3 days ago
  • No fix available
GHSA-7pwc-wh6m-44q3
  • RubyGems/google_sign_in
 Google Sign-In for Rails allowed redirects to malformed URLs 3 days ago
  • Fix available
  • Severity - 4.2 (Medium)
GHSA-r4mg-4433-c7g3
  • RubyGems/activestorage
 Active Storage allowed transformation methods that were potentially unsafe 14 Aug
  • Fix available
  • Severity - 9.2 (Critical)
GHSA-76r7-hhxj-r776
  • RubyGems/activerecord
 Active Record logging vulnerable to ANSI escape injection 13 Aug
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-c7p4-hx26-pr73
  • RubyGems/jwe
 JWE is missing AES-GCM authentication tag validation in encrypted JWE 07 Aug
  • Fix available
  • Severity - 9.1 (Critical)
MAL-2025-6629
  • RubyGems/webpack-dev-server
 Malicious code in webpack-dev-server (RubyGems) 31 Jul
  • No fix available
MAL-2025-6628
  • RubyGems/maventa_utils
 Malicious code in maventa_utils (RubyGems) 31 Jul
  • No fix available
MAL-2025-6627
  • RubyGems/maventa_common
 Malicious code in maventa_common (RubyGems) 31 Jul
  • No fix available
MAL-2025-6385
  • RubyGems/icare
 Malicious code in icare (RubyGems) 31 Jul
  • No fix available
MAL-2025-6386
  • RubyGems/icaret
 Malicious code in icaret (RubyGems) 31 Jul
  • No fix available
GHSA-rrqh-93c8-j966
  • RubyGems/ruby-saml
 Ruby SAML DOS vulnerability with large SAML response 30 Jul
  • Fix available
  • Severity - 6.9 (Medium)
MAL-2025-6348
  • RubyGems/resource_registry
 Malicious code in resource_registry (RubyGems) 30 Jul
  • No fix available
MAL-2025-6265
  • RubyGems/message_gateway
 Malicious code in message_gateway (RubyGems) 27 Jul
  • No fix available
GHSA-353f-x4gh-cqq8
  • RubyGems/nokogiri
 Nokogiri patches vendored libxml2 to resolve multiple CVEs 21 Jul
  • Fix available
GHSA-29g5-m8v7-v564
  • RubyGems/measured
 Measured is vulnerable to Path Traversal attacks during class initialization 15 Jul
  • Fix available
  • Severity - 4.9 (Medium)
Load more...