OSV - Open Source Vulnerabilities

GHSA-8fm5-gg2f-f66q

RubyGems/publify_core

Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

5 days ago

Fix available
Severity - 1.8 (Low)

MAL-2025-3021

RubyGems/evenote-thrift

Malicious code in evenote-thrift (RubyGems)

5 days ago

No fix available

GHSA-pfqj-w6r6-g86v

RubyGems/pitchfork

Pitchfork HTTP Request/Response Splitting vulnerability

6 days ago

Fix available
Severity - 4.3 (Medium)

GHSA-mrxw-mxhj-p664

RubyGems/nokogiri

Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs

14 Mar

Fix available
Severity - 7.8 (High)

GHSA-rp28-mvq3-wf8j

RubyGems/camaleon_cms

Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

14 Mar

Fix available
Severity - 9.4 (Critical)

GHSA-754f-8gm6-c4r2

RubyGems/ruby-saml

Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

12 Mar

Fix available
Severity - 9.3 (Critical)

GHSA-4vc4-m8qh-g8jm

RubyGems/ruby-saml

Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)

12 Mar

Fix available
Severity - 9.3 (Critical)

GHSA-92rq-c8cf-prrq

RubyGems/ruby-saml

Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses

12 Mar

Fix available
Severity - 7.7 (High)

GHSA-hw46-3hmr-x9xv

RubyGems/omniauth-saml

omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue

12 Mar

Fix available

GHSA-q92j-grw3-h492

RubyGems/graphql

graphql allows remote code execution when loading a crafted GraphQL schema

12 Mar

Fix available
Severity - 9.0 (Critical)

GHSA-9m3q-rhmv-5q44

RubyGems/json

Out-of-bounds Read in Ruby JSON Parser

12 Mar

Fix available
Severity - 7.5 (High)

GHSA-7wqh-767x-r66v

RubyGems/rack

Local File Inclusion in Rack::Static

10 Mar

Fix available
Severity - 7.5 (High)

MAL-2025-2209

RubyGems/poc-by-shahwar

Malicious code in poc-by-shahwar (RubyGems)

06 Mar

No fix available

MAL-2025-2210

RubyGems/poc-genrateed-by-noob

Malicious code in poc-genrateed-by-noob (RubyGems)

06 Mar

No fix available

MAL-2025-2208

RubyGems/evil_gem

Malicious code in evil_gem (RubyGems)

06 Mar

No fix available

GHSA-8cgq-6mh2-7j6v

RubyGems/rack

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

04 Mar

Fix available
Severity - 6.9 (Medium)