GHSA-QCFX-2MFW-W4CG vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...

CVE-2026-33173 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...

GHSA-CG4J-Q9V8-6V38 vulnerabilities

Vulnerabilities for packages: kube-logging-operator, ruby3.2-rails, kube-fluentd-operator, cinc-auditor, ruby3.4-rails...

GHSA-PGM4-439C-5JP6 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails...

CVE-2026-33174 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...

GHSA-V55J-83PF-R9CQ vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...

CVE-2026-33202 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...

CVE-2026-33170 vulnerabilities

Vulnerabilities for packages: kube-logging-operator, ruby3.2-rails, kube-fluentd-operator, cinc-auditor, ruby3.4-rails...

CVE-2026-33176 vulnerabilities

Vulnerabilities for packages: kube-logging-operator, ruby3.2-rails, kube-fluentd-operator, cinc-auditor, ruby3.4-rails...

CVE-2026-33169 vulnerabilities

Vulnerabilities for packages: kube-logging-operator, ruby3.2-rails, kube-fluentd-operator, cinc-auditor, ruby3.4-rails...

CVE-2026-33168 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...

CVE-2026-33167 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails...

CVE-2026-33195 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.2-rails, ruby3.4-rails...

SUSE CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

SUSE CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

SUSE CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

Linux Distros Unpatched Vulnerability : CVE-2026-33169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based...

MAL-2026-2402 Malicious code in plugin-gem-example (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2026-33306

A flaw was found in bcrypt-ruby, a Ruby binding for the OpenBSD bcrypt password hashing algorithm, specifically in its JRuby implementation. When the cost parameter is set to 31, an integer overflow occurs, causing the key-strengthening loop to execute zero iterations. This significantly weakens...

CVE-2026-33176

A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...