Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-44772

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00137EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/02/05 11:55 p.m.7 views

CVE-2022-29218

RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...

7.7CVSS6.9AI score0.00486EPSS
Exploits1References1
Prion
Prionadded 2023/08/17 6:15 p.m.12 views

Input validation

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

5CVSS7.3AI score0.00137EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2023/08/17 5:6 p.m.2477 views

CVE-2023-40165

The CVE-2023-40165 entry concerns RubyGems.org, the Ruby community gem hosting service. The vulnerability arose from insufficient input validation that allowed replacement of uploaded gems whose platform, version, or gem name matched “/-\d/,” enabling a malicious upload to temporarily override a ...

7.5CVSS7.3AI score0.00137EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2023/08/17 5:6 p.m.9 views

CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

7.4CVSS7.5AI score0.00137EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/08/17 5:6 p.m.15 views

CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

7.4CVSS6.5AI score0.00137EPSS
Exploits0References2
Prion
Prionadded 2022/05/05 10:15 p.m.9 views

Design/Logic Flaw

Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes i...

6CVSS7.5AI score0.00572EPSS
Exploits0References3
CVE
CVEadded 2022/05/05 10:5 p.m.76 views

CVE-2022-29176

CVE-2022-29176 affects RubyGems.org via a yank-action bug that allowed an authorized-appearing gem name (containing a dash) to be removed or replaced with a rogue file when the gem was created within 30 days or had no updates for over 100 days. Multiple trusted sources (NVD, Red Hat, CVE list, an...

9.9CVSS7.7AI score0.00572EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder