SUSE CVE-2026-35611

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...

EUVD-2026-20994

bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts...

EUVD-2026-20996

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquirecertificate direct and issuance paths...

Improper Check for Unusual or Exceptional Conditions

Overview bsv-sdk is an A Ruby library for interacting with the BSV Blockchain — keys, scripts, transactions, and more. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to improper handling of ARC broadcaster responses i. An attacker can...

CVE-2026-40069

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are...

CVE-2026-40070 bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClientacquirecertificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisitionprotocol: 'direct', the caller supplies all...

CVE-2026-40069 bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are...

CVE-2026-40069

The vulnerability affects the BSV Ruby SDK (gem) prior to version 0.8.2, specifically BSV::Network::ARC failure detection. From 0.1.0 to 0.8.1, ARC only recognizes REJECTED and DOUBLE_SPEND_ATTEMPTED; responses with txStatus values INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containin...

CVE-2026-40069

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are...

CLEANSTART-2026-GE08280 Ruby JSON is a JSON implementation for Ruby

Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...

CLEANSTART-2026-RZ30606 Ruby JSON is a JSON implementation for Ruby

Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...

PT-2026-31672

Name of the Vulnerable Software and Affected Versions BSV Ruby SDK versions 0.3.1 through 0.8.1 BSV Ruby Wallet versions 0.1.2 through 0.3.3 Description The BSV Ruby SDK and Wallet contain a flaw in the acquire certificate function, which does not verify the certifier's signature over the...

PT-2026-31671

Name of the Vulnerable Software and Affected Versions BSV Ruby SDK versions 0.1.0 through 0.8.1 Description The BSV Ruby SDK's ARC broadcaster incorrectly treats certain failure statuses from the ARC endpoint as successful broadcasts. Specifically, responses with txStatus values of INVALID,...

BSV Ruby SDK 代码问题漏洞

BSV Ruby SDK is a Ruby development toolkit developed by Simon Bettison for BSV blockchain. Versions of the BSV Ruby SDK from 0.1.0 to 0.8.2 contained code vulnerabilities. These vulnerabilities stemmed from incomplete failure detection logic, which could allow applications to accept transactions...

BSV Ruby SDK 数据伪造问题漏洞

BSV Ruby SDK is a Ruby development toolkit developed by Simon Bettison for BSV blockchain. Versions of the BSV Ruby SDK from 0.3.1 to 0.8.2 had a data manipulation vulnerability. This vulnerability stemmed from the lack of signature verification when storing certificate records, which could allow...

EUVD-2026-19788

Addressable has a Regular Expression Denial of Service in Addressable templates...

Addressable has a Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...

Linux Distros Unpatched Vulnerability : CVE-2026-35611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI...

OPENSUSE-SU-2026:10508-1 ruby4.0-rubygem-rack-2.2-2.2.23-1.1 on GA media

These are all security issues fixed in the ruby4.0-rubygem-rack-2.2-2.2.23-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-35611

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...