CVE-2011-5331

Distributed Ruby aka DRuby 1.8 mishandles instanceeval...

CVE-2019-14282

The simplecaptcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

CVE-2019-13589

The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5...

CVE-2013-4457

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation...

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

CVE-2012-6134

Cross-site request forgery CSRF vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state...

Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser bsc1242894. CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middleware is...

Astra Linux - уязвимость в yajl

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

Oracle Linux 8 : ruby:2.5 (ELSA-2025-7539)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7539 advisory. - Fix integer overflow in searchinrange function in regexec.c CVE-2019-19012. Resolves: RHEL-87505 rubygem-abrt rubygem-bson rubygem-bundler Tenable ha...

Ubuntu: Security Advisory (USN-7507-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ruby3.4-rubygem-globalid-1.2.1-1.7 on GA media (moderate)

ruby3.4-rubygem-globalid-1.2.1-1.7 on GA media Announcement ID: openSUSE-SU-2025:15116-1 Rating: moderate Cross-References: CVE-2023-22799 CVSS scores: CVE-2023-22799 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one...

ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 on GA media (moderate)

ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15113-1 Rating: moderate Cross-References: CVE-2022-21831 CVSS scores: CVE-2022-21831 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves on...

ruby3.4-rubygem-multi_xml-0.6.0-1.29 on GA media (moderate)

ruby3.4-rubygem-multixml-0.6.0-1.29 on GA media Announcement ID: openSUSE-SU-2025:15122-1 Rating: moderate Cross-References: CVE-2013-0175 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 on GA media (moderate)

ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 on GA media Announcement ID: openSUSE-SU-2025:15130-1 Rating: moderate Cross-References: CVE-2020-7663 CVSS scores: CVE-2020-7663 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Tumbleweed An update that solves on...

ruby3.4-rubygem-actionmailer-7.0-7.0.8.6-1.3 on GA media (moderate)

ruby3.4-rubygem-actionmailer-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15109-1 Rating: moderate Cross-References: CVE-2024-47889 CVSS scores: CVE-2024-47889 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one...

ruby3.4-rubygem-puma-6.4.3-1.3 on GA media (moderate)

ruby3.4-rubygem-puma-6.4.3-1.3 on GA media Announcement ID: openSUSE-SU-2025:15123-1 Rating: moderate Cross-References: CVE-2019-16770 CVE-2020-11076 CVE-2022-23634 CVE-2024-45614 CVSS scores: CVE-2019-16770 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-11076 SUSE : 6.8...

ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media (moderate)

ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media Announcement ID: openSUSE-SU-2025:15117-1 Rating: moderate Cross-References: CVE-2015-1840 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in th...

ruby3.4-rubygem-rails-7.0-7.0.8.6-1.3 on GA media (moderate)

ruby3.4-rubygem-rails-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15124-1 Rating: moderate Cross-References: CVE-2023-38037 CVE-2024-26143 CVE-2024-28103 CVE-2024-34341 CVE-2024-41128 CVE-2024-47887 CVE-2024-47888 CVE-2024-47889 CVSS scores: CVE-2024-26143 SUSE : 5.4...

ruby3.4-rubygem-loofah-2.23.1-1.3 on GA media (moderate)

ruby3.4-rubygem-loofah-2.23.1-1.3 on GA media Announcement ID: openSUSE-SU-2025:15120-1 Rating: moderate Cross-References: CVE-2018-16468 CVE-2018-8048 CVE-2019-15587 CVE-2022-23514 CVE-2022-23515 CVE-2022-23516 CVSS scores: CVE-2018-16468 SUSE : 6.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L...