CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

CVE-2025-54887

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

CVE-2025-54887

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

mruby 缓冲区错误漏洞

mruby is a lightweight implementation of the Ruby language. mruby 3.2 previously had a security vulnerability that stemmed from the use of out-of-range pointer offsets. No detailed vulnerability details are currently available...

ActiveScriptRuby 'GRScript18.dll' ActiveX控件DLL装载任意代码执行漏洞

Bugtraq ID: 53011 CVE ID：CVE-2012-1241 ActiveScriptRuby用于把Ruby实现到Windows环境中。 ActiveScriptRuby存在一个安全漏洞，允许恶意用户执行任意代码。 GRScript18.dll存在一个错误，可被利用执行任意Ruby命令，构建恶意WEB页，诱使用户解析可触发此漏洞。 0 ActiveScriptRuby 1.8.7.34 厂商解决方案 用户可联系厂商升级到最新版本： http://www.artonx.org/data/asr/ 或通过执行如下命令注销COM服务： regsvr32 /u...