CVE-2026-33635

The CVE-2026-33635 entry concerns the iCalendar Ruby library. Affected versions are 2.0.0 up to, but not including, 2.12.2, where ICS serialization fails to sanitize URI property values in calendar data. Specifically, Icalendar::Values::Uri falls back to the raw input when URI.parse fails and the...

Important: Red Hat Security Advisory: Satellite 6.17.7 Async Update

A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs...

CVE-2026-33209

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is execute...

CVE-2026-31830

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. CVE-2025-58767: denial of service when parsing XML containing multiple XML declarations bsc1250016. CVE-2026-27820: insufficient checks in zstreambufferungets can lead to a...

SUSE-SU-2026:1066-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. - CVE-2025-58767: denial of service when parsing XML containing multiple XML declarations bsc1250016. - CVE-2026-27820: insufficient checks in zstreambufferungets can lead...

DSA-6180-1 ruby-rack - security update

Bulletin has no description...

iCalendar 注入漏洞

iCalendar is an open-source Ruby library for processing iCalendar format files. Versions 2.0.0 to 2.12.2 of iCalendar contain a vulnerability due to improper cleanup of URI attribute values during .ics serialization, which may lead to ICS injection attacks...

Debian dsa-6180 : ruby-rack - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6180 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6180-1 [email protected]...

CVE-2026-33170 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, ruby3.4-rails, cinc-auditor, kube-logging-operator, gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.2-rails...

GHSA-R46P-8F7G-VVVG vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.2-rails, ruby3.4-rails...

GHSA-89VF-4333-QX8V vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, ruby3.4-rails, cinc-auditor, kube-logging-operator, gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.2-rails...

GHSA-73F9-JHHH-HR5M vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.2-rails, ruby3.4-rails...

CVE-2026-33169 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, ruby3.4-rails, cinc-auditor, kube-logging-operator, gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.2-rails...

GHSA-V55J-83PF-R9CQ vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.2-rails, ruby3.4-rails...

GHSA-CG4J-Q9V8-6V38 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, ruby3.4-rails, cinc-auditor, kube-logging-operator, gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.2-rails...

GHSA-2J26-FRM8-CMJ9 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, ruby3.4-rails, cinc-auditor, kube-logging-operator, gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.2-rails...

CVE-2026-33173 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.2-rails, ruby3.4-rails...

CVE-2026-33168 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.2-rails, ruby3.4-rails...

GHSA-2J26-FRM8-CMJ9 vulnerabilities

Vulnerabilities for packages: kube-logging-operator, ruby3.2-rails, kube-fluentd-operator, cinc-auditor, ruby3.4-rails...