rubygems
200,070 packages · rubygems.org
Security Advisories in rubygems
High
8 days ago
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
rubygems
rack
Moderate
about 1 month ago
Google Sign-In for Rails allowed redirect to protocol-relative URI
rubygems
google_sign_in
Moderate
about 1 month ago
Google Sign-In for Rails allowed redirects to malformed URLs
rubygems
google_sign_in
Critical
about 2 months ago
Active Storage allowed transformation methods that were potentially unsafe
rubygems
activestorage
Moderate
about 2 months ago
Active Record logging vulnerable to ANSI escape injection
rubygems
activerecord
Critical
about 2 months ago
JWE is missing AES-GCM authentication tag validation in encrypted JWE
rubygems
jwe
Moderate
3 months ago
Measured is vulnerable to Path Traversal attacks during class initialization
rubygems
measured
Moderate
3 months ago
resolv vulnerable to DoS via insufficient DNS domain name length validation
rubygems
resolv
Critical
3 months ago
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
rubygems
job-iteration
Moderate
3 months ago
HashiCorp Vagrant has code injection vulnerability through default synced folders
rubygems
vagrant
Moderate
3 months ago
Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling
rubygems
webrick
High
4 months ago
OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint
rubygems
openc3-cosmos-tool-iframe
Critical
4 months ago
OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint
rubygems
openc3-cosmos-tool-iframe
Moderate
4 months ago
Insufficient input sanitization in ejson2env
go, rubygems
github.com/Shopify/ejson2env, ejson2env, github.com/Shopify/ejson2env/v2
Moderate
5 months ago
net-imap rubygem vulnerable to possible DoS by memory exhaustion
rubygems
net-imap
Low
5 months ago
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
rubygems
nokogiri
Low
6 months ago
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
rubygems
publify_core
High
7 months ago
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs
rubygems
nokogiri
Critical
7 months ago
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
rubygems
camaleon_cms
Critical
7 months ago
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
rubygems
ruby-saml
Critical
7 months ago
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)
rubygems
ruby-saml
High
7 months ago
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
rubygems
ruby-saml
Critical
7 months ago
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue
rubygems
omniauth-saml
Critical
7 months ago
graphql allows remote code execution when loading a crafted GraphQL schema
rubygems
graphql
Moderate
7 months ago
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
rubygems
rack
Moderate
7 months ago
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
rubygems
cgi
Critical
7 months ago
Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account
rubygems
oxidized-web
Low
8 months ago
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
rubygems
nokogiri
Moderate
9 months ago
Password Pusher Allows Session Token Interception Leading to Potential Hijacking
rubygems
pwpush
Low
10 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
10 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
10 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
10 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
10 months ago
rails-html-sanitize has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
11 months ago
Password Pusher rate limiter can be bypassed by forging proxy headers
rubygems
pwpush
Moderate
11 months ago
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
rubygems
decidim-meetings
High
11 months ago
Decidim-Awesome has SQL injection in AdminAccountability
rubygems
decidim-decidim_awesome
Moderate
11 months ago
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
rubygems
sinatra
Moderate
11 months ago
MPXJ has a Potential Path Traversal Vulnerability
nuget, pypi, rubygems, maven
MPXJ.Net, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, mpxj, net.sf.mpxj:mpxj
Moderate
12 months ago
Possible ReDoS vulnerability in block_format in Action Mailer
rubygems
actionmailer
Moderate
12 months ago
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
rubygems
actiontext
Moderate
12 months ago
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
rubygems
actionpack
Moderate
12 months ago
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
rubygems
actionpack
Moderate
about 1 year ago
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
npm, rubygems
@openc3/tool-common, openc3
Moderate
about 1 year ago
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
npm, rubygems
@openc3/tool-common, openc3
High
about 1 year ago
Decidim has a cross-site scripting vulnerability in the version control page
rubygems
decidim
Moderate
about 1 year ago
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
rubygems
camaleon_cms
High
about 1 year ago
Heap-based Buffer Overflow in sqlite-vec
cargo, rubygems, npm, pypi
sqlite-vec
Moderate
about 1 year ago
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
rubygems
camaleon_cms
Moderate
about 1 year ago
Puma's header normalization allows for client to clobber proxy set headers
rubygems
puma
High
about 1 year ago
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
rubygems
camaleon_cms
Moderate
about 1 year ago
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
rubygems
camaleon_cms
High
about 1 year ago
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
rubygems
camaleon_cms
High
about 1 year ago
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
rubygems
camaleon_cms
Moderate
about 1 year ago
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
rubygems
devise-two-factor
Moderate
about 1 year ago
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
rubygems
decidim
Moderate
about 1 year ago
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
rubygems
decidim-admin
Critical
about 1 year ago
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
rubygems
omniauth-saml
Critical
about 1 year ago
SAML authentication bypass via Incorrect XPath selector
rubygems
ruby-saml
Moderate
about 1 year ago
Bootstrap Cross-Site Scripting (XSS) vulnerability
maven, packagist, nuget, rubygems, npm
org.webjars.npm:bootstrap, org.webjars:bootstrap, twbs/bootstrap, bootstrap.sass, bootstrap
Moderate
about 1 year ago
Decidim cross-site scripting (XSS) in the admin panel
rubygems
decidim-admin
Moderate
about 1 year ago
Decidim vulnerable to data disclosure through the embed feature
rubygems
decidim
Moderate
about 1 year ago
RailsAdmin Cross-site Scripting vulnerability in the list view
rubygems
rails_admin
Moderate
over 1 year ago
Missing security headers in Action Pack on non-HTML responses
rubygems
actionpack
Moderate
over 1 year ago
ActionText ContentAttachment can Contain Unsanitized HTML
rubygems
actiontext
High
over 1 year ago
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
rubygems
activeadmin
High
over 1 year ago
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
rubygems
rack-contrib
Filter by Severity
Filter by Package
actionpack
61
nokogiri
46
rack
30
rubygems-update
25
activerecord
22
puppet
22
publify_core
15
camaleon_cms
14
rails-html-sanitizer
14
passenger
14
activesupport
14
puma
12
decidim
11
fat_free_crm
10
rails
9
actionview
9
rexml
8
ruby-saml
8
lodash-rails
7
org.jruby:jruby-stdlib
7
doorkeeper
6
bootstrap
6
bootstrap
6
katello
6
webrick
6
ember-source
6
commonmarker
5
loofah
5
sidekiq
5
cgi
5
grpcio
5
bundler
5
jquery-rails
5
activestorage
5
spree
5
sinatra
5
grpc
5
dragonfly
4
bootstrap
4
avo
4
bootstrap-sass
4
carrierwave
4
devise
4
rails_admin
4
sanitize
4
mail
4
omniauth-saml
3
resque
3
rdoc
3
phlex
3
chartkick
3
decidim-admin
3
io.grpc:grpc-protobuf
3
rest-client
3
bootstrap-sass
3
jquery-ui-rails
3
json
3
twbs/bootstrap
3
spina
3
activeadmin
3
json-jwt
3
devise-two-factor
3
gollum
3
yard
3
openc3
3
org.webjars:bootstrap
3
geminabox
3
uri
3
private_address_check
3
rubyzip
3
openssl
3
jquery-ui
3
decidim-core
3
fluentd
3
org.webjars.npm:jquery-ui
3
rack-cors
3
git
3
omniauth
3
jQuery.UI.Combined
3
jQuery
3
sidekiq-unique-jobs
2
cocoapods-downloader
2
net-imap
2
pdfkit
2
decidim-templates
2
openc3-cosmos-tool-iframe
2
kramdown
2
google_sign_in
2
safemode
2
mechanize
2
com.google.protobuf:protobuf-kotlin
2
field_test
2
paperclip
2
faye
2
google-protobuf
2
yajl-ruby
2
view_component
2
facter
2
net-ldap
2
solidus_frontend
2
org.webjars.npm:jquery
2
httparty
2
omniauth-facebook
2
radiant
2
actiontext
2
jquery
2
oxidized-web
2
sup
2
mini_magick
2
ox
2
bootstrap.sass
2
redcarpet
2
logstash-core
2
ruby-openid
2
user_agent_parser
2
@openc3/tool-common
2
i18n
2
actionmailer
2
VladTheEnterprising
2
com.google.protobuf:protobuf-java
2
spree_auth_devise
2
kaminari
2
pwpush
2
bson
2
git-fastclone
2
solidus_core
2
decidim-meetings
2
pghero
2
sprockets
2
qiita-markdown
2
secure_headers
2
administrate
2
pageflow
2
lodash-es
2
echor
2
lodash
2
red-arrow
2
excon
1
rack-mini-profiler
1
sha3
1
xaviershay-dm-rails
1
request_store
1
bindata
1
pitchfork
1
org.webjars.npm:bootstrap
1
audited
1
unpoly-rails
1
geocoder
1
mpxj
1
solidus_auth_devise
1
rails_multisite
1
twitter-bootstrap-rails
1
exiftool_vendored
1
stringio
1
coming-soon
1
http
1
inline_svg
1
rswag
1
xapian-core
1
Autolab
1
chef
1
redis-store
1
govuk_tech_docs
1
ccsv
1
restforce
1
rack-session
1
omniauth-microsoft_graph
1
gon
1
logstash
1
smalruby
1
smalruby-editor
1
narou
1
rack-cache
1
net.sf.mpxj:mpxj
1
sequenceserver
1
ldoce
1
thin
1
jekyll
1
thumbshooter
1
gollum-lib
1
time
1
mysql-binuuid-rails
1
twitter-stream
1
sqlite3
1
ciborg
1
image_processing
1
omniauth-oauth2
1
kredis
1
em-imap
1
octopoller
1
foreman_fog_proxmox
1
bolt
1
point-cli
1
datagrid
1
addressable
1
devise_token_auth
1
activejob
1
hammer_cli_foreman
1
simple_captcha2
1
measured
1
Filter by Repository
https://github.com/rails/rails
70
https://github.com/sparklemotion/nokogiri
35
https://github.com/rack/rack
24
https://github.com/rubygems/rubygems
18
https://github.com/decidim/decidim
15
https://github.com/puppetlabs/puppet
15
https://github.com/rails/rails-html-sanitizer
14
https://github.com/publify/publify
14
https://github.com/puma/puma
12
https://github.com/phusion/passenger
11
https://github.com/owen2345/camaleon-cms
11
https://github.com/fatfreecrm/fat_free_crm
9
https://github.com/ruby/rexml
8
https://github.com/SAML-Toolkits/ruby-saml
7
https://github.com/lodash/lodash
7
https://github.com/doorkeeper-gem/doorkeeper
6
https://github.com/flavorjones/loofah
6
https://github.com/sinatra/sinatra
5
https://github.com/twbs/bootstrap
5
https://github.com/jquery/jquery
5
https://github.com/solidusio/solidus
5
https://github.com/avo-hq/avo
4
https://github.com/mikel/mail
4
https://github.com/ruby/openssl
4
https://github.com/carrierwaveuploader/carrierwave
4
https://github.com/ruby/webrick
4
https://github.com/rgrove/sanitize
4
https://github.com/grpc/grpc
4
https://github.com/Katello/katello
4
https://github.com/markevans/dragonfly
4
https://github.com/ruby-git/ruby-git
3
https://github.com/geminabox/geminabox
3
https://github.com/phlex-ruby/phlex
3
https://github.com/rest-client/rest-client
3
https://github.com/activeadmin/activeadmin
3
https://github.com/sidekiq/sidekiq
3
https://github.com/ruby/cgi
3
https://github.com/rubyzip/rubyzip
3
https://github.com/gjtorikian/commonmarker
3
https://github.com/fluent/fluentd
3
https://github.com/ruby/uri
3
https://github.com/gollum/gollum
3
https://github.com/cyu/rack-cors
3
https://github.com/rubygems/rubygems.org
3
https://github.com/OpenC3/cosmos
3
https://github.com/lsegal/yard
3
https://github.com/jtdowney/private_address_check
3
https://github.com/resque/resque
3
https://github.com/spree/spree
3
https://github.com/nov/json-jwt
2
https://github.com/codevise/pageflow
2
https://github.com/solidusio/solidus_auth_devise
2
https://github.com/openid/ruby-openid
2
https://github.com/mperham/sidekiq
2
https://github.com/tinfoil/devise-two-factor
2
https://github.com/ytti/oxidized-web
2
https://github.com/ankane/field_test
2
https://github.com/sup-heliotrope/sup
2
https://github.com/plataformatec/devise
2
https://github.com/CocoaPods/cocoapods-downloader
2
https://github.com/ruby-ldap/ruby-net-ldap
2
https://github.com/vmg/redcarpet
2
https://github.com/pglombardo/PasswordPusher
2
https://github.com/sparklemotion/mechanize
2
https://github.com/basecamp/google_sign_in
2
https://github.com/jnunemaker/httparty
2
https://github.com/increments/qiita-markdown
2
https://github.com/faye/faye
2
https://github.com/brianmario/yajl-ruby
2
https://gitlab.com/gitlab-org/cves
2
https://github.com/emberjs/ember.js
2
https://github.com/railsadminteam/rails_admin
2
https://github.com/gettalong/kramdown
2
https://github.com/svenfuchs/safemode
2
https://github.com/ohler55/ox
2
https://github.com/thoughtbot/paperclip
2
https://github.com/ruby/rdoc
2
https://github.com/mongodb/bson-ruby
2
https://github.com/twitter/secure_headers
2
https://github.com/ankane/pghero
2
https://github.com/svenfuchs/i18n
2
https://github.com/square/git-fastclone
2
https://github.com/ruby/net-imap
2
https://github.com/github/cmark-gfm
2
https://github.com/protocolbuffers/protobuf
2
https://github.com/ankane/chartkick
2
https://github.com/jquery/jquery-ui
2
https://github.com/rack/rack-session
2
https://github.com/kaminari/kaminari
2
https://github.com/omniauth/omniauth
2
https://github.com/mhenrixon/sidekiq-unique-jobs
2
https://github.com/omniauth/omniauth-saml
1
https://github.com/stimulusreflex/stimulus_reflex
1
https://github.com/oivoodoo/devise_masquerade
1
https://github.com/sferik/multi_xml
1
https://github.com/samg/diffy
1
https://github.com/rahult/karo
1
https://github.com/bundler/bundler
1
https://github.com/sparklemotion/nekohtml
1
https://github.com/makandra/consul
1
https://github.com/autolab/Autolab
1
https://github.com/tzinfo/tzinfo
1
https://github.com/presidentbeef/rails-security-history
1
https://github.com/igrigorik/em-http-request
1
https://github.com/octokit/octopoller.rb
1
https://github.com/padrino/padrino-contrib
1
https://github.com/rails/activerecord-session_store
1
https://github.com/twbs/bootstrap-sass
1
https://github.com/rails/web-console
1
https://github.com/sinatra/rack-protection
1
https://github.com/bbatsov/rubocop
1
https://github.com/beenhero/omniauth-weibo-oauth2
1
https://github.com/thoughtbot/administrate
1
https://github.com/P3ngu1nW/CVE_Request
1
https://github.com/ruby/rake
1
https://github.com/dmendel/bindata
1
https://github.com/ViewComponent/view_component
1
https://github.com/sisimai/rb-sisimai
1
https://github.com/dejan/espeak-ruby
1
https://github.com/joniles/mpxj
1
https://github.com/onelogin/ruby-saml
1
https://github.com/Smashing/smashing
1
https://github.com/discourse/rails_multisite
1
https://github.com/plataformatec/simple_form
1
https://github.com/ua-parser/uap-core
1
https://github.com/jamesmartin/inline_svg
1
https://github.com/pdfkit/pdfkit
1
https://github.com/recurly/recurly-client-ruby
1
https://github.com/ejschmitt/delayed_job_web
1
https://github.com/jordansissel/ruby-arr-pm
1
https://github.com/steveklabnik/request_store
1
https://github.com/rf-/keynote
1
https://github.com/rswag/rswag
1
https://github.com/socketry/protocol-http1
1
https://github.com/Shopify/omniauth-shopify-oauth2
1
https://github.com/nhosoya/omniauth-apple
1
https://github.com/jirutka/asciidoctor-include-ext
1
https://github.com/mdp/rotp
1
https://github.com/flori/json
1
https://github.com/ankane/blazer
1
https://github.com/imsebao/404team
1
https://github.com/XKCP/XKCP
1
https://github.com/Shopify/job-iteration
1
https://github.com/ankane/clockwork_web
1
https://github.com/unpoly/unpoly-rails
1
https://github.com/madler/zlib
1
https://github.com/evan/ccsv
1
https://github.com/basecamp/easymon
1
https://github.com/GNOME/libxml2
1
https://github.com/railsdog/spree
1
https://github.com/Snorby/snorby
1
https://github.com/prodigasistemas/curupira
1
https://github.com/ConradIrwin/em-imap
1
https://github.com/inukshuk/bibtex-ruby
1
https://github.com/macournoyer/thin
1
https://github.com/doorkeeper-gem/doorkeeper-openid_connect
1
https://github.com/ua-parser/uap-ruby
1
https://github.com/rails/jquery-rails
1
https://github.com/voloko/twitter-stream
1
https://github.com/jgarber/redcloth
1
https://github.com/PierreRambaud/gemirro
1
https://github.com/omniauth/omniauth-rails
1
https://github.com/halostatue/minitar
1
https://github.com/rdoc/rdoc
1
https://github.com/github/trilogy
1
https://github.com/exiftool-rb/exiftool_vendored.rb
1
https://github.com/nedap/mysql-binuuid-rails
1
https://github.com/matestack/matestack-ui-core
1
https://github.com/resque/resque-scheduler
1
https://github.com/devise-two-factor/devise-two-factor
1
https://github.com/elastic/apm-agent-ruby
1
https://github.com/datamapper/extlib
1
https://github.com/collectiveidea/audited
1
https://github.com/ruby/date
1
https://github.com/opensearch-project/opensearch-ruby
1
https://github.com/seattlerb/ruby_parser
1
https://github.com/asciidoctor/asciidoctor
1
https://github.com/webbynode/webbynode
1
https://github.com/theforeman/foreman_ansible
1
https://github.com/mongoid/moped
1
https://github.com/BetterErrors/better_errors
1
https://github.com/mkdynamic/omniauth-facebook
1
https://github.com/alphagov/tech-docs-gem
1
https://gitlab.com/2013/11
1
https://github.com/binarylogic/authlogic
1
https://github.com/janko/image_processing
1
https://github.com/aws/aws-sdk-ruby
1
https://github.com/minimagick/minimagick
1
https://github.com/jwt/ruby-jwe
1
https://github.com/josh/rack-ssl
1
https://github.com/sparklemotion/sqlite3-ruby
1
https://github.com/Shopify/pitchfork
1
https://github.com/octokit/octokit.rb
1
https://github.com/PixarAnimationStudios/ruby-jss
1
https://github.com/theforeman/ldap_fluff
1
https://github.com/spree/spree_auth_devise
1
https://github.com/decidim-ice/decidim-module-decidim_awesome
1
https://github.com/personnummer/ruby
1
https://github.com/quadule/colorscore
1