EUVD-2019-4737

Malware in sbrugna...

EUVD-2019-4738

Malware in sbrugna...

EUVD-2022-4596

Malicious code in bioql PyPI...

CVE-2025-58767 REXML has a DoS condition when parsing malformed XML file

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

CLSA-2025-1758022908 ruby: Fix of 2 CVEs

CVE-2024-39908: fix performance issue caused by using repeated characters to avoid DoS vulnerabilities when it parses an XML - CVE-2024-43398: improve namespace conflicted attribute check to avoid DoS vulnerability when it parses an XML...

Linux Distros Unpatched Vulnerability : CVE-2021-21289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command...

Linux Distros Unpatched Vulnerability : CVE-2025-45765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is keysize is not something that is enforced by this library...

CLSA-2025-1755617966 ruby: Fix of CVE-2023-36617

CVE-2023-36617: fix mishandling invalid URLs that have specific characters in URI parser to prevent ReDoS issue...

Denial Of Service (DoS)

ruby-saml is vulnerable to Denial Of Service DoS. The vulnerability is due to improper order of validation checks due to the SAML response being validated for Base64 format before checking the configured message size, allowing potential resource exhaustion...

CVE-2025-54887

CVE-2025-54887 affects the Ruby library jwe (Ruby implementation of RFC 7516) in versions 1.1.0 and earlier. The auth tag of encrypted JWEs can be brute-forced, enabling modification of JWEs to yield arbitrary plaintext and potentially revealing the GHASH key, which requires rotating keys after u...

CVE-2025-54887 jwe: Missing AES-GCM authentication tag validation in encrypted JWEs

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

JWE 安全漏洞

JWE is a Ruby-based JSON Web encryption library from JSON Web Token open source. A security vulnerability exists in JWE 1.1.0 and earlier versions, which stems from the fact that the authentication tag that encrypts JWE can be brute-force broken, potentially resulting in a loss of confidentiality...

Improper Validation of Integrity Check Value

Overview jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due to missing authentication tag validation in the AES-GCM process. An attacker can gain access to confidential...

CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

jwt 安全漏洞

jwt is a Ruby library for JSON Web Token open source. A security vulnerability exists in jwt version v3.0.0.beta1, which stems from the presence of a weak cryptographic implementation...

CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

Jwt 安全漏洞

jwt is a Ruby library for JSON Web Token open source. A security vulnerability exists in Jwt version v5.4.3, which stems from weak encryption...

CVE-2025-54572

CVE-2025-54572 is a DoS in the Ruby SAML library used for SAML client-side assertions. The initial description states affected versions are ≤1.18.0 with a fix in 1.18.1. A Debian LTS advisory confirms a patch and provides a Debian-specific fix version (1.11.0-1+deb11u3) and recommends upgrading t...

PT-2025-31391

Name of the Vulnerable Software and Affected Versions: ruby-saml versions 1.18.0 and below Description: The Ruby SAML library, used for implementing the client side of a SAML authorization, contains a denial-of-service vulnerability. The message max bytesize setting, intended to prevent resource...

Ruby RACK 3.1.x < 3.1.16 DoS

The version of the RACK Ruby library installed on the remote host is 3.1.x prior to 3.1.16 . It is, therefore, affected by a DoS vulnerability where an attacker can create a crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting...