MAL-2025-6386 Malicious code in icaret (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b2390fae7771a778a8bf020a3313113b56c56383c2178d916748a8d959678c9e The OpenSSF Package Analysis project identified 'icaret' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The package...

MAL-2025-6348 Malicious code in resource_registry (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97ad7e4a2d8c7feaee7f61db0f1f57c90f92b4f92d6ca258fef4bc5f5107666d The OpenSSF Package Analysis project identified 'resourceregistry' @ 1.0.22 rubygems as malicious. It is considered malicious because: - The...

Malicious code in resource_registry (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97ad7e4a2d8c7feaee7f61db0f1f57c90f92b4f92d6ca258fef4bc5f5107666d The OpenSSF Package Analysis project identified 'resourceregistry' @ 1.0.22 rubygems as malicious. It is considered malicious because: - The...

MAL-2025-6265 Malicious code in message_gateway (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2781d258b292d5959839a52e0e940040defaae1ecbb1293c0d149dc5f6faf110 The OpenSSF Package Analysis project identified 'messagegateway' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The packag...

MAL-2025-5147 Malicious code in xxxxxxxx (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in xxxxxxxx (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-5146 Malicious code in teaspoon-devkit (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in teaspoon-devkit (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-5145 Malicious code in jdbc-zzz (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2023-28102

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...

CVE-2019-13354

The strongpassword gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6...

CVE-2019-17268

The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected...

Debian dla-4163 : bundler - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4163 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4163-1 [email protected]...

Debian: Security Advisory (DLA-4163-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4163-1] rubygems security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4163-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 12, 2025 https://wiki.debian.org/LTS -...

DLA-4163-1 rubygems - security update

Bulletin has no description...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

MAL-2025-3295 Malicious code in bvr-api (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed2a0f9c584ecfcffc1c76619a1637559d1d8771f78e1d3655f819f7fff67962 The OpenSSF Package Analysis project identified 'bvr-api' @ 0.3.12 rubygems as malicious. It is considered malicious because: - The package...

RubyGems: `/names.nsf` and all `/names*` files route to public API on rubygems.org

During the security assessment of the application hosted at https://rubygems.org/names.nsf, it was discovered that a sensitive file "names.nsf", is publicly accessible without proper authentication and it is supposed to be protected by authentication mechanisms to ensure that unauthorized users d...

rack: rubygem-rack: Local File Inclusion in Rack::Static

A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...