Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

90 advisories

Loading
Net::IMAP: Denial of Service via incomplete raw argument validation Low
CVE-2026-47241 was published for net-imap (RubyGems) Jun 9, 2026
fg0x0 Credited to fg0x0
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction Low
CVE-2024-39311 was published for publify_core (RubyGems) Mar 28, 2025
PinkDraconian Credited to PinkDraconian
fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in `in_s3` Low
CVE-2026-44162 was published for fluent-plugin-s3 (RubyGems) Jun 26, 2026
Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption Low
CVE-2026-54906 was published for concurrent-ruby (RubyGems) Jun 19, 2026
pranjalithakur Credited to pranjalithakur
Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity Low
CVE-2026-54905 was published for concurrent-ruby (RubyGems) Jun 19, 2026
pranjalithakur Credited to pranjalithakur
cla7aye15I4nd Credited to cla7aye15I4nd
Nokogiri: Possible Use-After-Free in XInclude Processing Low
GHSA-wfpw-mmfh-qq69 was published for nokogiri (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd
Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime Low
GHSA-p67v-3w7g-wjg7 was published for nokogiri (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd
Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type Low
GHSA-wjv4-x9w8-wm3h was published for nokogiri (RubyGems) Jun 19, 2026
Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes Low
GHSA-9cv2-cfxc-v4v2 was published for nokogiri (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247 Low
GHSA-8678-w3jw-xfc2 was published for nokogiri (RubyGems) Jun 19, 2026
bilerden Credited to bilerden
Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception Low
GHSA-5v8h-3h3q-446p was published for nokogiri (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd
Pirikara Credited to Pirikara
net-imap has quadratic complexity when reading response literals Low
CVE-2026-42245 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
Rails has a possible XSS vulnerability in its Action View tag helpers Low
CVE-2026-33168 was published for actionview (RubyGems) Mar 23, 2026
Rails has a possible XSS vulnerability in its Action Pack debug exceptions Low
CVE-2026-33167 was published for actionpack (RubyGems) Mar 23, 2026
Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests Low
CVE-2026-33658 was published for activestorage (RubyGems) Mar 25, 2026
URI Credential Leakage Bypass over CVE-2025-27221 Low
CVE-2025-61594 was published for uri (RubyGems) Dec 30, 2025
Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID Low
GHSA-9pm8-vwc5-w2hm was published for fat_free_crm (RubyGems) Apr 14, 2026
bgeesaman Credited to bgeesaman
Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController) Low
GHSA-53p3-c7vp-4mcc was published for action_text-trix (RubyGems) Mar 29, 2026
Loofah has improper detection of disallowed URIs via `allowed_uri?` Low
GHSA-2j22-pr5w-6gq8 was published for loofah (RubyGems) Mar 26, 2026
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch Low
CVE-2024-26142 was published for actionpack (RubyGems) Feb 27, 2024
SValkanov Credited to SValkanov, yoshizawa-masatoshi, and postmodern yoshizawa-masatoshi yoshizawa-masatoshi
postmodern postmodern
Improper detection of disallowed URIs by Loofah `allowed_uri?` Low
GHSA-46fp-8f5p-pf2m was published for loofah (RubyGems) Mar 18, 2026
Rack Header Parsing leads to Possible Denial of Service Vulnerability Low
CVE-2024-26146 was published for rack (RubyGems) Feb 28, 2024
SValkanov Credited to SValkanov
Rack has possible DoS Vulnerability with Range Header Low
CVE-2024-26141 was published for rack (RubyGems) Feb 28, 2024
ooooooo-q Credited to ooooooo-q
ProTip! Advisories are also available from the GraphQL API