rubygems
200,899 packages · rubygems.org
Security Advisories in rubygems
High
5 days ago
ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
rubygems
prosemirror_to_html
High
12 days ago
Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
rubygems
prosemirror_to_html
Low
about 1 month ago
Sinatra is vulnerable to ReDoS through ETag header value generation
rubygems
sinatra
High
about 1 month ago
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
rubygems
rack
High
about 1 month ago
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
rubygems
rack
High
about 1 month ago
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
rubygems
rack
High
about 1 month ago
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
rubygems
rack
High
about 2 months ago
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
rubygems
rack
Moderate
3 months ago
Google Sign-In for Rails allowed redirect to protocol-relative URI
rubygems
google_sign_in
Moderate
3 months ago
Google Sign-In for Rails allowed redirects to malformed URLs
rubygems
google_sign_in
Critical
3 months ago
Active Storage allowed transformation methods that were potentially unsafe
rubygems
activestorage
Moderate
3 months ago
Active Record logging vulnerable to ANSI escape injection
rubygems
activerecord
Critical
3 months ago
JWE is missing AES-GCM authentication tag validation in encrypted JWE
rubygems
jwe
Moderate
4 months ago
Measured is vulnerable to Path Traversal attacks during class initialization
rubygems
measured
Moderate
4 months ago
resolv vulnerable to DoS via insufficient DNS domain name length validation
rubygems
resolv
Critical
4 months ago
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
rubygems
job-iteration
Moderate
5 months ago
HashiCorp Vagrant has code injection vulnerability through default synced folders
rubygems
vagrant
Moderate
5 months ago
Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling
rubygems
webrick
High
5 months ago
OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint
rubygems
openc3-cosmos-tool-iframe
Critical
5 months ago
OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint
rubygems
openc3-cosmos-tool-iframe
Moderate
6 months ago
Insufficient input sanitization in ejson2env
go, rubygems
github.com/Shopify/ejson2env, ejson2env, github.com/Shopify/ejson2env/v2
Moderate
7 months ago
net-imap rubygem vulnerable to possible DoS by memory exhaustion
rubygems
net-imap
Low
7 months ago
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
rubygems
nokogiri
Low
8 months ago
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
rubygems
publify_core
High
8 months ago
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs
rubygems
nokogiri
Critical
8 months ago
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
rubygems
camaleon_cms
Critical
8 months ago
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
rubygems
ruby-saml
Critical
8 months ago
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)
rubygems
ruby-saml
High
8 months ago
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
rubygems
ruby-saml
Critical
8 months ago
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue
rubygems
omniauth-saml
Critical
8 months ago
graphql allows remote code execution when loading a crafted GraphQL schema
rubygems
graphql
Moderate
9 months ago
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
rubygems
rack
Moderate
9 months ago
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
rubygems
cgi
Critical
9 months ago
Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account
rubygems
oxidized-web
Low
9 months ago
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
rubygems
nokogiri
Moderate
11 months ago
Password Pusher Allows Session Token Interception Leading to Potential Hijacking
rubygems
pwpush
Low
12 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
12 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
12 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
12 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
12 months ago
rails-html-sanitize has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
12 months ago
Password Pusher rate limiter can be bypassed by forging proxy headers
rubygems
pwpush
Moderate
about 1 year ago
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
rubygems
decidim-meetings
High
about 1 year ago
Decidim-Awesome has SQL injection in AdminAccountability
rubygems
decidim-decidim_awesome
Moderate
about 1 year ago
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
rubygems
sinatra
Moderate
about 1 year ago
MPXJ has a Potential Path Traversal Vulnerability
nuget, pypi, rubygems, maven
MPXJ.Net, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, mpxj, net.sf.mpxj:mpxj
Moderate
about 1 year ago
Possible ReDoS vulnerability in block_format in Action Mailer
rubygems
actionmailer
Moderate
about 1 year ago
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
rubygems
actiontext
Moderate
about 1 year ago
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
rubygems
actionpack
Moderate
about 1 year ago
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
rubygems
actionpack
Moderate
about 1 year ago
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
npm, rubygems
@openc3/tool-common, openc3
Moderate
about 1 year ago
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
npm, rubygems
@openc3/tool-common, openc3
High
about 1 year ago
Decidim has a cross-site scripting vulnerability in the version control page
rubygems
decidim
Moderate
about 1 year ago
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
rubygems
camaleon_cms
High
about 1 year ago
Heap-based Buffer Overflow in sqlite-vec
cargo, rubygems, npm, pypi
sqlite-vec
Moderate
about 1 year ago
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
rubygems
camaleon_cms
Moderate
about 1 year ago
Puma's header normalization allows for client to clobber proxy set headers
rubygems
puma
High
about 1 year ago
protobuf-java has potential Denial of Service issue
rubygems, maven
google-protobuf, com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-javalite, com.google.protobuf:protobuf-java
High
about 1 year ago
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
rubygems
camaleon_cms
Moderate
about 1 year ago
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
rubygems
camaleon_cms
High
about 1 year ago
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
rubygems
camaleon_cms
High
about 1 year ago
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
rubygems
camaleon_cms
Moderate
about 1 year ago
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
rubygems
devise-two-factor
Moderate
about 1 year ago
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
rubygems
decidim
Moderate
about 1 year ago
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
rubygems
decidim-admin
Critical
about 1 year ago
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
rubygems
omniauth-saml
Critical
about 1 year ago
SAML authentication bypass via Incorrect XPath selector
rubygems
ruby-saml
Moderate
over 1 year ago
Decidim cross-site scripting (XSS) in the admin panel
rubygems
decidim-admin
Filter by Severity
Filter by Package
actionpack
58
nokogiri
45
rack
35
rubygems-update
25
puppet
23
activerecord
22
publify_core
15
passenger
14
rails-html-sanitizer
14
camaleon_cms
14
activesupport
14
puma
12
actionview
11
decidim
11
rails
10
fat_free_crm
10
ruby-saml
8
rexml
8
org.jruby:jruby-stdlib
7
doorkeeper
6
katello
6
loofah
6
webrick
6
sinatra
6
ember-source
6
sidekiq
5
commonmarker
5
activestorage
5
bundler
5
grpcio
5
grpc
5
spree
5
cgi
5
jquery-ui-rails
5
sanitize
4
avo
4
bootstrap
4
dragonfly
4
rails_admin
4
carrierwave
4
mail
4
bootstrap
4
devise
4
private_address_check
3
devise-two-factor
3
jQuery.UI.Combined
3
geminabox
3
omniauth
3
uri
3
bootstrap-sass
3
openssl
3
omniauth-saml
3
rubyzip
3
decidim-core
3
json
3
rack-cors
3
git
3
rest-client
3
org.webjars.npm:jquery-ui
3
io.grpc:grpc-protobuf
3
activeadmin
3
decidim-admin
3
fluentd
3
spina
3
gollum
3
json-jwt
3
chartkick
3
phlex
3
com.google.protobuf:protobuf-kotlin
3
yard
3
rdoc
3
google-protobuf
3
openc3
3
com.google.protobuf:protobuf-java
3
jquery-ui
3
resque
3
sidekiq-unique-jobs
2
cocoapods-downloader
2
net-imap
2
pdfkit
2
decidim-templates
2
openc3-cosmos-tool-iframe
2
kramdown
2
google_sign_in
2
safemode
2
mechanize
2
field_test
2
paperclip
2
faye
2
yajl-ruby
2
com.google.protobuf:protobuf-javalite
2
view_component
2
facter
2
lodash-rails
2
net-ldap
2
solidus_frontend
2
httparty
2
omniauth-facebook
2
radiant
2
actiontext
2
jquery-rails
2
oxidized-web
2
sup
2
mini_magick
2
ox
2
redcarpet
2
logstash-core
2
ruby-openid
2
@openc3/tool-common
2
i18n
2
actionmailer
2
VladTheEnterprising
2
spree_auth_devise
2
bootstrap
2
kaminari
2
pwpush
2
bson
2
git-fastclone
2
solidus_core
2
decidim-meetings
2
pghero
2
sprockets
2
com.google.protobuf:protobuf-kotlin-lite
2
qiita-markdown
2
secure_headers
2
twbs/bootstrap
2
bootstrap-sass
2
prosemirror_to_html
2
administrate
2
org.webjars:bootstrap
2
twitter-bootstrap-rails
2
pageflow
2
echor
2
lodash-es
2
red-arrow
2
lodash
2
rack-mini-profiler
1
logstash
1
excon
1
request_store
1
xaviershay-dm-rails
1
omniauth-auth0
1
pitchfork
1
smalruby
1
audited
1
railties
1
geocoder
1
mpxj
1
solidus_auth_devise
1
rails_multisite
1
jquery
1
rack-cache
1
stringio
1
coming-soon
1
http
1
inline_svg
1
rswag
1
xapian-core
1
omniauth-apple
1
chef
1
redis-store
1
govuk_tech_docs
1
rack-session
1
ccsv
1
restforce
1
thin
1
gon
1
thumbshooter
1
twitter-stream
1
colorscore
1
narou
1
jQuery
1
net.sf.mpxj:mpxj
1
bindata
1
unpoly-rails
1
sqlite3
1
jekyll
1
datagrid
1
gollum-lib
1
mysql-binuuid-rails
1
time
1
mixlib-archive
1
activejob
1
ciborg
1
image_processing
1
omniauth-oauth2
1
matestack-ui-core
1
smalruby-editor
1
sequenceserver
1
bolt
1
point-cli
1
addressable
1
lawn-login
1
devise_token_auth
1
gibbon
1
hammer_cli_foreman
1
simple_captcha2
1
measured
1
websocket-extensions
1
reel
1
Filter by Repository
https://github.com/rails/rails
70
https://github.com/sparklemotion/nokogiri
35
https://github.com/rack/rack
29
https://github.com/rubygems/rubygems
18
https://github.com/decidim/decidim
15
https://github.com/puppetlabs/puppet
15
https://github.com/publify/publify
14
https://github.com/rails/rails-html-sanitizer
14
https://github.com/puma/puma
12
https://github.com/phusion/passenger
11
https://github.com/owen2345/camaleon-cms
11
https://github.com/fatfreecrm/fat_free_crm
9
https://github.com/ruby/rexml
8
https://github.com/SAML-Toolkits/ruby-saml
7
https://github.com/flavorjones/loofah
6
https://github.com/sinatra/sinatra
6
https://github.com/doorkeeper-gem/doorkeeper
6
https://github.com/twbs/bootstrap
5
https://github.com/OpenC3/cosmos
5
https://github.com/solidusio/solidus
5
https://github.com/jquery/jquery-ui
4
https://github.com/avo-hq/avo
4
https://github.com/Katello/katello
4
https://github.com/ruby/webrick
4
https://github.com/markevans/dragonfly
4
https://github.com/ruby/openssl
4
https://github.com/carrierwaveuploader/carrierwave
4
https://github.com/grpc/grpc
4
https://github.com/mikel/mail
4
https://github.com/rgrove/sanitize
4
https://github.com/jtdowney/private_address_check
3
https://github.com/cyu/rack-cors
3
https://github.com/rubygems/rubygems.org
3
https://github.com/ruby/uri
3
https://github.com/activeadmin/activeadmin
3
https://github.com/protocolbuffers/protobuf
3
https://github.com/fluent/fluentd
3
https://github.com/spree/spree
3
https://github.com/geminabox/geminabox
3
https://github.com/ruby/cgi
3
https://github.com/gollum/gollum
3
https://github.com/phlex-ruby/phlex
3
https://github.com/resque/resque
3
https://github.com/ruby-git/ruby-git
3
https://github.com/gjtorikian/commonmarker
3
https://github.com/lsegal/yard
3
https://github.com/sidekiq/sidekiq
3
https://github.com/rubyzip/rubyzip
3
https://github.com/rest-client/rest-client
3
https://github.com/svenfuchs/safemode
2
https://github.com/faye/faye
2
https://github.com/gettalong/kramdown
2
https://github.com/sparklemotion/mechanize
2
https://github.com/twitter/secure_headers
2
https://github.com/jnunemaker/httparty
2
https://github.com/basecamp/google_sign_in
2
https://github.com/github/cmark-gfm
2
https://github.com/rack/rack-session
2
https://github.com/ruby/net-imap
2
https://github.com/square/git-fastclone
2
https://github.com/kaminari/kaminari
2
https://github.com/nov/json-jwt
2
https://github.com/mhenrixon/sidekiq-unique-jobs
2
https://github.com/mperham/sidekiq
2
https://github.com/CocoaPods/cocoapods-downloader
2
https://github.com/pglombardo/PasswordPusher
2
https://github.com/vmg/redcarpet
2
https://github.com/ruby-ldap/ruby-net-ldap
2
https://github.com/solidusio/solidus_auth_devise
2
https://github.com/codevise/pageflow
2
https://github.com/ohler55/ox
2
https://github.com/lodash/lodash
2
https://github.com/ankane/field_test
2
https://github.com/emberjs/ember.js
2
https://gitlab.com/gitlab-org/cves
2
https://github.com/openid/ruby-openid
2
https://github.com/increments/qiita-markdown
2
https://github.com/plataformatec/devise
2
https://github.com/sup-heliotrope/sup
2
https://github.com/tinfoil/devise-two-factor
2
https://github.com/ankane/chartkick
2
https://github.com/ankane/pghero
2
https://github.com/omniauth/omniauth
2
https://github.com/thoughtbot/paperclip
2
https://github.com/railsadminteam/rails_admin
2
https://github.com/ytti/oxidized-web
2
https://github.com/brianmario/yajl-ruby
2
https://github.com/mongodb/bson-ruby
2
https://github.com/svenfuchs/i18n
2
https://github.com/ruby/rdoc
2
https://github.com/jquery/jquery
2
https://github.com/rubygems/bundler
1
https://github.com/sparklemotion/sqlite3-ruby
1
https://github.com/josh/rack-ssl
1
https://github.com/jwt/ruby-jwe
1
https://github.com/aws/aws-sdk-ruby
1
https://github.com/janko/image_processing
1
https://github.com/getsentry/raven-ruby
1
https://gitlab.com/2013/11
1
https://github.com/hopsoft/turbo_boost-commands
1
https://github.com/alphagov/tech-docs-gem
1
https://github.com/zvory/csv-safe
1
https://github.com/zenspider/ruby_parser-legacy
1
https://github.com/postrank-labs/goliath
1
https://github.com/mislav/will_paginate
1
https://github.com/opscode/chef
1
https://github.com/jnunemaker/crack
1
https://github.com/ManageIQ/awesome_spawn
1
https://github.com/ruby/resolv
1
https://github.com/mkdynamic/omniauth-facebook
1
https://github.com/rack/rack-contrib
1
https://github.com/excon/excon
1
https://github.com/halostatue/minitar
1
https://github.com/spinacms/spina
1
https://github.com/voloko/twitter-stream
1
https://github.com/ua-parser/uap-ruby
1
https://github.com/macournoyer/thin
1
https://github.com/inukshuk/bibtex-ruby
1
https://github.com/rails/globalid
1
https://github.com/Shopify/ejson2env
1
https://github.com/Snorby/snorby
1
https://github.com/rsantamaria/papercrop
1
https://github.com/railsdog/spree
1
https://github.com/bdmac/strong_password
1
https://github.com/basecamp/easymon
1
https://github.com/thoughtbot/clearance
1
https://github.com/njh/ruby-mqtt
1
https://github.com/ruby/fileutils
1
https://github.com/theforeman/foreman_fog_proxmox
1
https://github.com/rails/sprockets
1
https://github.com/octokit/octokit.rb
1
https://github.com/Shopify/pitchfork
1
https://github.com/mongoid/moped
1
https://github.com/affix/CVE-2022-36231
1
https://github.com/bundler/bundler
1
https://github.com/rahult/karo
1
https://github.com/ahorner/text-helpers
1
https://github.com/shardlab/discordrb
1
https://github.com/stimulusreflex/stimulus_reflex
1
https://github.com/fluent/fluentd-ui
1
https://github.com/rmosolgo/graphql-ruby
1
https://github.com/omniauth/omniauth-saml
1
https://github.com/ankane/clockwork_web
1
https://github.com/unpoly/unpoly-rails
1
https://github.com/Shopify/job-iteration
1
https://github.com/flori/json
1
https://github.com/nhosoya/omniauth-apple
1
https://github.com/steveklabnik/request_store
1
https://github.com/jordansissel/ruby-arr-pm
1
https://github.com/sisimai/rb-sisimai
1
https://github.com/ejschmitt/delayed_job_web
1
https://github.com/rails/activeresource
1
https://github.com/onelogin/ruby-saml
1
https://github.com/synth/omniauth-microsoft_graph
1
https://github.com/spejman/festivaltts4r
1
https://github.com/ruby-grape/grape
1
https://github.com/jmespath/jmespath.rb
1
https://github.com/opensearch-project/opensearch-ruby
1
https://github.com/alexreisner/geocoder
1
https://github.com/sferik/rails_admin
1
https://github.com/restforce/restforce
1
https://github.com/wconrad/ftpd
1
https://github.com/tigris/open-uri-cached
1
https://github.com/beenhero/omniauth-weibo-oauth2
1
https://github.com/bbatsov/rubocop
1
https://github.com/sinatra/rack-protection
1
https://github.com/rails/web-console
1
https://github.com/ankane/pgsync
1
https://github.com/twbs/bootstrap-sass
1
https://github.com/camilova/activerecord-update-by-case
1
https://github.com/pay-rails/pay
1
https://github.com/padrino/padrino-contrib
1
https://github.com/sporkmonger/addressable
1
https://github.com/octokit/octopoller.rb
1
https://github.com/rcook/rgpg
1
https://github.com/tzinfo/tzinfo
1
https://github.com/cgriego/active_attr
1
https://github.com/jekyll/jekyll
1
https://github.com/Gurpartap/aescrypt
1
https://github.com/ankane/chartkick.js
1
https://github.com/chef/mixlib-archive
1
https://github.com/wurmlab/sequenceserver
1
https://github.com/ruby/json
1
https://github.com/whiteleaf7/narou
1
https://github.com/stevegeek/encoded_id-rails
1
https://github.com/etaminstudio/prosemirror_to_html
1
https://github.com/ruby/stringio
1
https://github.com/heartcombo/devise
1
https://github.com/wycats/handlebars.js
1
https://github.com/oauth-xx/oauth-ruby
1
https://github.com/rtomayko/rack-cache
1
https://github.com/theforeman/smart_proxy_dynflow
1
https://github.com/amro/gibbon
1
https://github.com/haml/haml
1
https://github.com/paragbagul111/CVE-2024-48652
1
https://github.com/floraison/fugit
1
https://github.com/Sorcery/sorcery
1
https://github.com/adamzaninovich/sounder
1
https://github.com/paragbagul111/CVE-2023-30145
1