OSV - Open Source Vulnerabilities

GHSA-353f-x4gh-cqq8

RubyGems/nokogiri

Nokogiri patches vendored libxml2 to resolve multiple CVEs

3 days ago

Fix available

GHSA-mqcp-p2hv-vw6x

RubyGems/thor

Thor can construct an unsafe shell command from library input.

4 days ago

Fix available
Severity - 2.8 (Low)

GHSA-29g5-m8v7-v564

RubyGems/measured

Measured is vulnerable to Path Traversal attacks during class initialization

15 Jul

Fix available
Severity - 4.9 (Medium)

GHSA-xh69-987w-hrp8

RubyGems/resolv

resolv vulnerable to DoS via insufficient DNS domain name length validation

15 Jul

Fix available
Severity - 6.6 (Medium)

GHSA-6qjf-g333-pv38

RubyGems/job-iteration

Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class

14 Jul

Fix available
Severity - 8.1 (High)

GHSA-hqp6-mjw3-f586

RubyGems/vagrant

HashiCorp Vagrant has code injection vulnerability through default synced folders

02 Jul

Fix available
Severity - 5.4 (Medium)

GHSA-r995-q44h-hr64

RubyGems/webrick

Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling

26 Jun

Fix available
Severity - 6.5 (Medium)

MAL-2025-5147

RubyGems/xxxxxxxx

Malicious code in xxxxxxxx (RubyGems)

18 Jun

No fix available

MAL-2025-5146

RubyGems/teaspoon-devkit

Malicious code in teaspoon-devkit (RubyGems)

18 Jun

No fix available

MAL-2025-5145

RubyGems/jdbc-zzz

Malicious code in jdbc-zzz (RubyGems)

18 Jun

No fix available

GHSA-cf8v-5mrc-jv7f

RubyGems/openc3-cosmos-tool-iframe

OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint

13 Jun

No fix available
Severity - 7.5 (High)

GHSA-p67j-387g-75wc

RubyGems/openc3-cosmos-tool-iframe

OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint

13 Jun

No fix available
Severity - 9.1 (Critical)

GHSA-47m2-26rw-j2jw

RubyGems/rack

ReDoS Vulnerability in Rack::Multipart handle_mime_head

05 Jun

Fix available
Severity - 6.6 (Medium)

GHSA-2c47-m757-32g6

Go/github.com/Shopify/ejson2env/v2
RubyGems/ejson2env
Go/github.com/Shopify/ejson2env

Insufficient input sanitization in ejson2env

21 May

Fix available
Severity - 6.6 (Medium)

GHSA-gjh7-p2fx-99vx

RubyGems/rack

Rack has an Unbounded-Parameter DoS in Rack::QueryParser

08 May

Fix available
Severity - 7.5 (High)

GHSA-9j94-67jr-4cqj

RubyGems/rack-session

Rack session gets restored after deletion

08 May

Fix available
Severity - 4.2 (Medium)