917 matches found
Malicious code in chalk-henson (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in chalk-cli (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-192896 Malicious code in chalk-cli (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in activestorage-redundancy (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-192894 Malicious code in activestorage-redundancy (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
EUVD-2025-200264
Malicious code in pgresultinit RubyGems...
Malicious code in pg_result_init (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 007d07edb120233aab0539e4646e8b634d2a95e2df9e6179bb9b2b6eb90f5a97 The OpenSSF Package Analysis project identified 'pgresultinit' @ 2.0.9 rubygems as malicious. It is considered malicious because: - The package...
MAL-2025-191667 Malicious code in pg_result_init (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 007d07edb120233aab0539e4646e8b634d2a95e2df9e6179bb9b2b6eb90f5a97 The OpenSSF Package Analysis project identified 'pgresultinit' @ 2.0.9 rubygems as malicious. It is considered malicious because: - The package...
rack: Rack memory exhaustion denial of service
A denial of service flaw has been found in the rubygems rack package. Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing...
geminabox
It is an offensive tool for RubyGem hosting. The repository contains a simple RubyGem hosting system called Gem in a Box. It allows users to host their own RubyGems, and it includes features such as user authentication, gem versioning, and a web interface for browsing and downloading gems. The to...
USN-7747-1: RubyGems vulnerability
It was discovered that RubyGems incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause RubyGems to consume resources, leading to a regular expression denial of service ReDoS...
ruby-advisory-db
This is a database of security advisories for Ruby libraries, maintained by the ruby-advisory-db project. The database contains a list of directories that match the names of Ruby libraries on rubygems.org, with each directory containing one or more advisory files for the library. Each advisory fi...
USN-7735-1 rubygems vulnerabilities
It was discovered that RubyGems incorrectly handled certain regular expressions. An attacker could use this issue to cause RubyGems to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2023-28755 It was discovered that RubyGems incorrectly handled decompresse...
USN-7735-1: RubyGems vulnerabilities
It was discovered that RubyGems incorrectly handled certain regular expressions. An attacker could use this issue to cause RubyGems to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2023-28755 It was discovered that RubyGems incorrectly handled decompresse...
Malicious code in authzd-client (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 45ba3e72eb15bda66737b4c0b7addefe2fa72e79d4a38a82e9dd53722cc04f7b The OpenSSF Package Analysis project identified 'authzd-client' @ 0.11.10.r813fef313 rubygems as malicious. It is considered malicious because: ...
MAL-2025-46925 Malicious code in authzd-client (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 45ba3e72eb15bda66737b4c0b7addefe2fa72e79d4a38a82e9dd53722cc04f7b The OpenSSF Package Analysis project identified 'authzd-client' @ 0.11.10.r813fef313 rubygems as malicious. It is considered malicious because: ...
Malicious code in advisory_db_toolkit (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f9757e1ad29ad430d32886a0fcfa47e48a29e5e4af901f48e305216133028e6 The OpenSSF Package Analysis project identified 'advisorydbtoolkit' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The...
MAL-2025-46924 Malicious code in advisory_db_toolkit (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f9757e1ad29ad430d32886a0fcfa47e48a29e5e4af901f48e305216133028e6 The OpenSSF Package Analysis project identified 'advisorydbtoolkit' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The...
Malicious code in github_chatops_extensions (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6269b59c516350c690f7fdf09dff674c52173f38074e8ac6f7b012352851797b The OpenSSF Package Analysis project identified 'githubchatopsextensions' @ 0.5.2.96.g33cefed rubygems as malicious. It is considered malicious...
MAL-2025-46926 Malicious code in github_chatops_extensions (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6269b59c516350c690f7fdf09dff674c52173f38074e8ac6f7b012352851797b The OpenSSF Package Analysis project identified 'githubchatopsextensions' @ 0.5.2.96.g33cefed rubygems as malicious. It is considered malicious...