14168 matches found
GHSA-CG4J-Q9V8-6V38 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, cinc-auditor, kube-logging-operator, kube-fluentd-operator...
CVE-2026-33202 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...
GHSA-V55J-83PF-R9CQ vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...
CVE-2026-33170 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, cinc-auditor, kube-logging-operator, kube-fluentd-operator...
CVE-2026-33176 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, cinc-auditor, kube-logging-operator, kube-fluentd-operator...
CVE-2026-33169 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, cinc-auditor, kube-logging-operator, kube-fluentd-operator...
CVE-2026-33168 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...
CVE-2026-33167 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails...
CVE-2026-33195 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, gitlab-rails-ce-fips, ruby3.4-rails, gitlab-rails-ce...
SUSE CVE-2026-33167
Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...
SUSE CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
SUSE CVE-2026-33170
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...
Linux Distros Unpatched Vulnerability : CVE-2026-33169
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based...
MAL-2026-2402 Malicious code in plugin-gem-example (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
CVE-2026-33306
A flaw was found in bcrypt-ruby, a Ruby binding for the OpenBSD bcrypt password hashing algorithm, specifically in its JRuby implementation. When the cost parameter is set to 31, an integer overflow occurs, causing the key-strengthening loop to execute zero iterations. This significantly weakens...
CVE-2026-33176
A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...
GHSA-QMPG-8XG6-PH5Q vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.4-rails, ruby4.0-rails...
GHSA-QMPG-8XG6-PH5Q vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby4.0-rails, ruby3.4-rails, ruby3.3-rails...
GHSA-46FP-8F5P-PF2M vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby4.0-rails, ruby3.4-rails, ruby3.3-rails...
CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...