GHSA-6WX8-W4F5-WWCR vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, ruby3.2-rails, ruby4.0-rails, ruby3.4-rails, kube-fluentd-operator...

GHSA-CG4J-Q9V8-6V38 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, kube-logging-operator, ruby3.2-rails, cinc-auditor, ruby3.4-rails, kube-fluentd-operator, gitlab-rails-ce...

GHSA-89VF-4333-QX8V vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, kube-logging-operator, ruby3.2-rails, cinc-auditor, ruby3.4-rails, kube-fluentd-operator, gitlab-rails-ce...

GHSA-V55J-83PF-R9CQ vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, gitlab-rails-ce, gitlab-rails-ce-fips, ruby3.2-rails...

GHSA-2J26-FRM8-CMJ9 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, kube-logging-operator, ruby3.2-rails, cinc-auditor, kube-fluentd-operator...

CVE-2026-33202 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.2-rails...

GHSA-V55J-83PF-R9CQ vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.2-rails...

CVE-2026-33167 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails...

GHSA-WX95-C6CV-8532 vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, ruby3.2-rails, ruby3.4-rails, ruby4.0-rails...

GHSA-W9PC-FMGC-VXVW vulnerabilities

Vulnerabilities for packages: logstash, ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, ruby4.0-rack, ruby3.4-rack, gitlab-cng, ruby3.3-rack, ruby3.2-rack...

Low: ruby3.2

Issue Overview: REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches t...

Medium: ruby3.2

Issue Overview: Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific...

OESA-2025-1686 rubygem-rack security update

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

DEBIAN-CVE-2024-47889

Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. Carefully crafted text can cause the blockformat helper to...

UBUNTU-CVE-2024-47888

Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. Carefully crafted text can cause the...

UBUNTU-CVE-2024-41128

Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when using HTTP Token authentication via the method authenticateorrequestwithhttptoken or a similar method. By sending specially crafted headers, an attacker can cause the application to consum...

PT-2024-2479 · Ruby +7 · Rdoc +7

Name of the Vulnerable Software and Affected Versions: RDoc versions 6.3.3 through 6.6.2 Description: The issue is related to the restoration of untrusted data in memory by the RDoc documentation generator for the Ruby programming language. This can be exploited to execute arbitrary code using...