SUSE-SU-2026:1355-1 Security update for rubygem-bundler

This update for rubygem-bundler fixes the following issues: Updated to version 2.2.34. - CVE-2020-36327: Bundler chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen bsc1185842 - CVE-2021-43809: rubygem-bundler:...

RLSA-2023:7025 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...

ruby:2.5 security update

An update is available for rubygem-bson, module.rubygem-bundler, rubygem-bundler, rubygem-abrt, module.rubygem-mongo, module.rubygem-pg, rubygem-mysql2, module.rubygem-mysql2, ruby, module.rubygem-abrt, module.rubygem-bson, rubygem-pg, module.ruby, rubygem-mongo. This update affects Rocky Linux 8...

CVE-2026-40069

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are...

RockyLinux 8 : ruby:2.5 (RLSA-2023:7025)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7025 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby: ReDoS vulnerability i...

CVE-2026-40070

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClientacquirecertificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisitionprotocol: 'direct', the caller supplies all...

Decidim 跨站脚本漏洞

Decidim is an open-source participatory democracy framework developed using Ruby on Rails. Versions of Decidim prior to 0.30.5, as well as versions 0.31.0.rc1 to 0.31.0, contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based code execution issue in the use...

GHSA-VGPV-F759-9WX3 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...

GHSA-V6X5-CG8R-VV6X vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...

GHSA-V569-HP3G-36WR vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...

GHSA-RX22-G9MX-QRHV vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...

CVE-2026-34830 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...

GHSA-Q4QF-9J86-F5MH vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...

GHSA-Q2WW-5357-X388 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...

CVE-2026-34786 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...

GHSA-8VQR-QJWX-82MW vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...

CVE-2026-26961 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...

CVE-2026-34785 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...

CVE-2026-34827 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...

CVE-2026-34835 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, logstash...