CVE-2025-27220 - ReDoS in CGI::Util#escapeElement.

There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...

Malicious code in luno-cocoapods (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9bb59e6b577e1a28cf71bf254ef70a0641db3319c1985827f792edb51ea14493 The OpenSSF Package Analysis project identified 'luno-cocoapods' @ 2.8.0 rubygems as malicious. It is considered malicious because: - The packag...

Ruby on Rails: 1-Click Cross-Site Scripting via Custom Configuration in SafeListSanitizer

Vulnerability description not provided...

OESA-2025-1156 yajl security update

yajl is a small event-driven JSON parser written in ANSI C, and a small validating JSON generator. Security Fixes: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in...

Malicious code in komojuu (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c9b92c44ca626e6347b7268f60a919598a96b7b49491c0e2eed6b9d7f0d3ab73 The OpenSSF Package Analysis project identified 'komojuu' @ 99.0.0 rubygems as malicious. It is considered malicious because: - The package...

Internet Bug Bounty: CVE-2024-43398: DoS vulnerability in REXML

The CVE-2024-43398 vulnerability was a denial-of-service issue in the REXML library due to poor performance when parsing specially crafted XML. This vulnerability was addressed with a patch released by the Ruby team...

ruby3.4-rubygem-grpc-1.70.1-1.1 on GA media (moderate)

ruby3.4-rubygem-grpc-1.70.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14821-1 Rating: moderate Cross-References: CVE-2023-0286 CVSS scores: CVE-2023-0286 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability...

GHSA-VVFQ-8HWR-QM4M vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, ruby3.4-rails, ruby3.2-rails, logstash...

SUSE CVE-2023-4785

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

CVE-2024-37031

The Active Admin aka activeadmin framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities to be later edited in forms with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 1.0.0 through versions prior to 9.2.1, which stems from the unrestricted nature of the regular expression matching behavior, and could lead to catastrophic backtracking when processing ad-hoc input,...

OPENSUSE-SU-2025:14811-1 ruby3.4-rubygem-rack-2.2-2.2.11-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.11-1.1 package on the GA media of openSUSE Tumbleweed...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 1.0.0 through versions prior to 6.1.7, which stems from a Regular Expression Denial of Service ReDoS vulnerability in the processing of HTTP request headers, which can be exploited by an attacker to...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 9.0.5 through versions prior to 10.1.3, which stems from a regular expression denial of service ReDoS attack that can be caused by crafting a specific options parameter...

USN-7256-2: Ruby regression

USN-7256-1 fixed vulnerabilities in Ruby. The update introduced a minor regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an...

USN-7256-2 ruby2.7 regression

USN-7256-1 fixed vulnerabilities in Ruby. The update introduced a minor regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an...

Ubuntu 20.04 LTS : Ruby regression (USN-7256-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7256-2 advisory. USN-7256-1 fixed vulnerabilities in Ruby. The update introduced a minor regression. This update fixes the problem. We apologize for the inconvenience. Tenable has...

The vulnerability of the ActionDispatch component in the Ruby on Rails software framework, which allows a hacker to trigger a service failure.

The vulnerability of the ActionDispatch component in the Ruby on Rails software framework is related to insufficient validation of data entered by users. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the ActiveRecord PostgreSQL interpreter for Ruby allows a hacker to cause a service failure.

The vulnerability of the ActiveRecord PostgreSQL interpreter for Ruby is related to insufficient validation of data entered by users. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...