Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14139 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/09/01 9:47 a.m.4 views

Malicious code in dependency-snapshots-api-proto (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 631057766f092650ba1257605bb896b689804a362934a08e7354ca7253f43b77 The OpenSSF Package Analysis project identified 'dependency-snapshots-api-proto' @ 99.99.99 rubygems as malicious. It is considered malicious...

7.2AI score
Exploits0
OSV
OSVadded 2025/09/01 9:47 a.m.3 views

MAL-2025-46908 Malicious code in github-kredz (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 537bf1dc9a46b4e69b596275e61de6d1b75ca3eeb2979bde507688f07458c088 The OpenSSF Package Analysis project identified 'github-kredz' @ 1.0.1.1135.gf4a4623f5 rubygems as malicious. It is considered malicious because...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/09/01 9:47 a.m.5 views

Malicious code in github-kredz (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 537bf1dc9a46b4e69b596275e61de6d1b75ca3eeb2979bde507688f07458c088 The OpenSSF Package Analysis project identified 'github-kredz' @ 1.0.1.1135.gf4a4623f5 rubygems as malicious. It is considered malicious because...

7.2AI score
Exploits0
Debian
Debianadded 2025/09/01 9:8 a.m.4 views

[SECURITY] [DLA 4288-1] ruby-saml security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4288-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 01, 2025 https://wiki.debian.org/LTS -...

6.9CVSS6.5AI score0.00581EPSS
Exploits0
OpenVAS
OpenVASadded 2025/09/01 12:0 a.m.2 views

Debian: Security Advisory (DLA-4288-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9CVSS6.5AI score0.00581EPSS
Exploits0References2
OSV
OSVadded 2025/09/01 12:0 a.m.2 views

DLA-4288-1 ruby-saml - security update

Bulletin has no description...

6.9CVSS7AI score0.00581EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2025/09/01 12:0 a.m.6 views

Debian dla-4288 : ruby-saml - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4288 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4288-1 [email protected] https://www.debian.org/lts/security/...

6.9CVSS7.5AI score0.00581EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-11027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers...

10CVSS8.2AI score0.01731EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-22795

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular expression based DoS vulnerability in Action Dispatch 6.1.7.1 and 7.0.4.1 related to the If- None-Match header. A specially crafted HTTP If-None-Match...

7.5CVSS6.5AI score0.01304EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-31163

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as tho...

8.1CVSS6.8AI score0.03833EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-21289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command...

8.3CVSS7.2AI score0.02503EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-16779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would lea...

5.9CVSS5.8AI score0.00556EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-16229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the readfromstr function in saxbuf.c when a crafted input is supplied t...

5.5CVSS6AI score0.00165EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-32740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerabili...

7.5CVSS7.3AI score0.02516EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-47220

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a...

6.8AI score0.00108EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-18978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources becau...

5.3CVSS5.6AI score0.00777EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2025/08/28 10:15 p.m.209 views

Exploit for Improper Input Validation in Rubyonrails Rails

🔐 Black Box Penetration Test on DVWA This repository document...

9CVSS8.2AI score0.94262EPSS
Exploits49
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/08/28 7:12 a.m.4 views

Malicious code in omniauth-pro-sante-connect (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-18848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. CVE-2019-18848 Note that Nessus relies on the presence of t...

7.5CVSS7.2AI score0.00207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-22903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain allowed...

6.1CVSS6.4AI score0.00096EPSS
Exploits0References2
Rows per page
Query Builder