Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2762-657x-v979
  • RubyGems/alchemy_cms
 AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper 23 hours ago
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-mpwp-4h2m-765c
  • RubyGems/activejob
 Active Job - Object injection security vulnerability 5 days ago
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-5qw5-wf2q-f538
  • RubyGems/activerecord-jdbc-adapter
 ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection 5 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-w757-4qv9-mghp
  • RubyGems/openc3
 openc3-api Vulnerable to Unauthenticated Remote Code Execution 13 Jan
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-3ghg-3787-w2xr
  • RubyGems/spree_core
 Spree API has Unauthenticated IDOR - Guest Address 08 Jan
  • Fix available
  • Severity - 7.5 (High)
GHSA-g268-72p7-9j6j
  • RubyGems/spree_api
 Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification 08 Jan
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-g9jg-w8vm-g96v
  • RubyGems/action_text-trix
  • npm/trix
 Trix has a stored XSS vulnerability through its attachment attribute 31 Dec 2025
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-j4pr-3wm6-xx2r
  • RubyGems/uri
 URI Credential Leakage Bypass over CVE-2025-27221 30 Dec 2025
  • Fix available
  • Severity - 2.7 (Low)
GHSA-hm5p-x4rq-38w4
  • RubyGems/httparty
 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage 23 Dec 2025
  • Fix available
  • Severity - 7.8 (High)
MAL-2025-192925
  • RubyGems/verificator
 Malicious code in verificator (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192924
  • RubyGems/u2f_client
 Malicious code in u2f_client (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192922
  • RubyGems/stripe-server
 Malicious code in stripe-server (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192923
  • RubyGems/test_gem_978483406ebb19126a2e8c001649a4eb
 Malicious code in test_gem_978483406ebb19126a2e8c001649a4eb (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192921
  • RubyGems/stripe-rubocop
 Malicious code in stripe-rubocop (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192919
  • RubyGems/sq-samsa
 Malicious code in sq-samsa (RubyGems) 23 Dec 2025
  • No fix available
MAL-2025-192920
  • RubyGems/stripe-backup
 Malicious code in stripe-backup (RubyGems) 23 Dec 2025
  • No fix available
Load more...