MAL-2026-2261 Malicious code in monolith-twirp-pullsd-repositories (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1c34eecc811d04d6583504ad631024a727df5e2107a1025a2786bf8a56a59d3a The OpenSSF Package Analysis project identified 'monolith-twirp-pullsd-repositories' @ 1.0.10 rubygems as malicious. It is considered malicious...

Malicious code in monolith-twirp-pullsd-repositories (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1c34eecc811d04d6583504ad631024a727df5e2107a1025a2786bf8a56a59d3a The OpenSSF Package Analysis project identified 'monolith-twirp-pullsd-repositories' @ 1.0.10 rubygems as malicious. It is considered malicious...

MAL-2026-2260 Malicious code in monolith-twirp-pullsd-pullrequestinfo (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a6f4e556f55b516ccdd02700729877fa73287ece3920dfc7288d673ed337d5e6 The OpenSSF Package Analysis project identified 'monolith-twirp-pullsd-pullrequestinfo' @ 1.0.1 rubygems as malicious. It is considered maliciou...

Malicious code in monolith-twirp-pullsd-pullrequestinfo (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a6f4e556f55b516ccdd02700729877fa73287ece3920dfc7288d673ed337d5e6 The OpenSSF Package Analysis project identified 'monolith-twirp-pullsd-pullrequestinfo' @ 1.0.1 rubygems as malicious. It is considered maliciou...

MAL-2026-2264 Malicious code in monolith-twirp-scribe-scribe (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b03619db6c705a6825d54849e5322d125ae380dbb1f7e404b46718868185faeb The OpenSSF Package Analysis project identified 'monolith-twirp-scribe-scribe' @ 1.0.6 rubygems as malicious. It is considered malicious because...

Malicious code in monolith-twirp-scribe-scribe (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b03619db6c705a6825d54849e5322d125ae380dbb1f7e404b46718868185faeb The OpenSSF Package Analysis project identified 'monolith-twirp-scribe-scribe' @ 1.0.6 rubygems as malicious. It is considered malicious because...

[SECURITY] Fedora 43 Update: rubygem-json-2.13.2-2.fc43

This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...

Debian: Security Advisory (DSA-6180-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2026:1066-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1066-1 advisory. - CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. - CVE-2025-58767: denial of service...

Ruby LSP has arbitrary code execution through branch setting

Summary The rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/settings.json. Other editors that support workspace setting that get automatically...

PT-2026-28576

Name of the Vulnerable Software and Affected Versions MCP Ruby SDK versions prior to 0.9.2 Description The Ruby SDK for Model Context Protocol servers and clients contains a session hijacking issue in its streamable http transport.rb implementation. An attacker obtaining a valid session ID can...

MCP Ruby SDK 安全漏洞

MCP Ruby SDK is an open-source development toolkit for building and interacting with Model Context Protocol clients. Versions of the MCP Ruby SDK prior to 0.9.2 contained security vulnerabilities. These vulnerabilities stemmed from issues with the streamablehttptransport.rb implementation, which...

PT-2026-28598

Name of the Vulnerable Software and Affected Versions ruby-lsp versions prior to 0.10.2 ruby-lsp gem versions prior to 0.26.9 Description The rubyLsp.branch VS Code workspace setting was used in generating a Gemfile without proper sanitization, potentially allowing arbitrary Ruby code execution...

MCP Ruby SDK - Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay

Summary The Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events SSE stream and intercept all real-time data. Details Root Cause The StreamableHTTPTransport...

[SECURITY] [DSA 6180-1] ruby-rack security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6180-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 26, 2026 https://www.debian.org/security/faq -...

CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

DEBIAN-CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

UBUNTU-CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...