13977 matches found
GHSA-P543-XPFM-54CP vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.4-rails, gitlab-cng, logstash, ruby3.3-rack...
CVE-2025-61771 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.4-rails, gitlab-cng, logstash, ruby3.3-rack...
CVE-2025-61770 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.4-rails, gitlab-cng, logstash, ruby3.3-rack...
Fedora 44 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2025-6e5c27d218)
The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-6e5c27d218 advisory. Update to Ruby on Rails 8.0.3 Fix CVE-2025-24293: Active Storage allowed transformation methods potentially unsafe Fix CVE-2025-55193: ANSI escape...
OPENSUSE-SU-2025:15621-1 ruby3.4-rubygem-rack-2.2-2.2.19-1.1 on GA media
These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.19-1.1 package on the GA media of openSUSE Tumbleweed...
libruby3_4-3_4-3.4.7-1.1 on GA media (moderate)
libruby34-34-3.4.7-1.1 on GA media Announcement ID: openSUSE-SU-2025:15614-1 Rating: moderate Cross-References: CVE-2025-61594 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14. Vulnerability Details CVEID:CVE-2025-55193 DESCRIPTION: Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may ...
rexml: REXML ReDoS vulnerability
A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
rexml: REXML: Denial of Service via inefficient regex parsing
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...
rexml: REXML: Denial of Service via inefficient regex parsing
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...
Malicious Package
Overview concurrent-ruby is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in concurrent-ruby (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a9a44087853b6fa03aa9a4f09e51ff827a6d90b6fe4da7c38cc6ef2764ad99d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48026 Malicious code in concurrent-ruby (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a9a44087853b6fa03aa9a4f09e51ff827a6d90b6fe4da7c38cc6ef2764ad99d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-32980
Malicious code in concurrent-ruby npm...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-puma (SUSE-SU-2025:03467-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03467-1 advisory. Update to version 5.6.9. - CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the use of the + operator when combining URIs. An attacker can obtain sensitive user credentials by crafting a URI that, when merged with another, results in the...
Security update for rubygem-puma
This update for rubygem-puma fixes the following issues: Update to version 5.6.9. CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to information leaks bsc1230848, fixed in an earlier update. CVE-2024-21647: unbounded resource consumpti...
EUVD-2020-1461
Malware in sbrugna...
EUVD-2018-0152
Malware in sbrugna...
EUVD-2017-0161
Malware in sbrugna...