Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-ffp2-8p2h-4m5j
  • RubyGems/pwpush
Password Pusher rate limiter can be bypassed by forging proxy headers 15 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-j4h6-gcj7-7v9v
  • RubyGems/decidim-meetings
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds 13 Nov
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-cxwf-qc32-375f
  • RubyGems/decidim-decidim_awesome
Decidim-Awesome has SQL injection in AdminAccountability 12 Nov
  • Fix available
  • Severity - 8.5 (High)
GHSA-hxx2-7vcw-mqr3
  • RubyGems/sinatra
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision 01 Nov
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-j945-c44v-97g6
  • Maven/net.sf.mpxj:mpxj
  • RubyGems/mpxj
  • PyPI/mpxj
  • NuGet/net.sf.mpxj
  • NuGet/net.sf.mpxj-for-csharp
  • NuGet/net.sf.mpxj-for-vb
  • NuGet/MPXJ.Net
MPXJ has a Potential Path Traversal Vulnerability 28 Oct
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-2rxp-v6pw-ch6m
  • RubyGems/rexml
REXML ReDoS vulnerability 28 Oct
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-v46j-h43h-rwrm
  • RubyGems/Autolab
Autolab Misconfigured Reset Password Permissions 25 Oct
  • Fix available
  • Severity - 7.1 (High)
GHSA-hhxg-rvc9-8726
  • RubyGems/camaleon_cms
camaleon_cms affected by cross site scripting 23 Oct
  • No fix available
  • Severity - 4.8 (Medium)
MAL-2024-10224
  • Not specified
Malicious code in znowflake_client (RubyGems) 16 Oct
  • No fix available
MAL-2024-10223
  • Not specified
Malicious code in zen-ruby-linter (RubyGems) 16 Oct
  • No fix available
MAL-2024-10222
  • Not specified
Malicious code in zbt_element_definer (RubyGems) 16 Oct
  • No fix available
MAL-2024-10221
  • Not specified
Malicious code in johnny_five (RubyGems) 16 Oct
  • No fix available
GHSA-h47h-mwp9-c6q6
  • RubyGems/actionmailer
Possible ReDoS vulnerability in block_format in Action Mailer 15 Oct
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-wwhv-wxv9-rpgw
  • RubyGems/actiontext
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text 15 Oct
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-vfg9-r3fq-jvx4
  • RubyGems/actionpack
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller 15 Oct
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-x76w-6vjr-8xgj
  • RubyGems/actionpack
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch 15 Oct
  • Fix available
  • Severity - 6.6 (Medium)