Malicious code in newrubylogger (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d10fd2e8adb621ac6bb3b4cd31357213d90dd17f27cd1f01d5e8e7138686d7c2 The OpenSSF Package Analysis project identified 'newrubylogger' @ 99.9.1 rubygems as malicious. It is considered malicious because: - The packag...

Malicious code in rubocop-vintedmetrics (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c8e90dd88f71e05719940997342cf6a367387fc68045f091a864d8f8e7e62be8 The OpenSSF Package Analysis project identified 'rubocop-vintedmetrics' @ 9.9.12 rubygems as malicious. It is considered malicious because: - Th...

MAL-2026-996 Malicious code in rubocop-vintedmetrics (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c8e90dd88f71e05719940997342cf6a367387fc68045f091a864d8f8e7e62be8 The OpenSSF Package Analysis project identified 'rubocop-vintedmetrics' @ 9.9.12 rubygems as malicious. It is considered malicious because: - Th...

SUSE CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory's path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

ROS-20260216-73-0002

Vulnerability in rubygem-activesupport related to incorrect assignment of permissions for a critical resource. Exploitation of the vulnerability could allow an attacker to escalate privileges...

MAL-2026-906 Malicious code in cucumber_json_schema (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f6511110b5695ace5b67288aeb0800934628b5a510045ccf1f62c84011e73951 The OpenSSF Package Analysis project identified 'cucumberjsonschema' @ 90002.0 rubygems as malicious. It is considered malicious because: - The...

Malicious code in cucumber_json_schema (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f6511110b5695ace5b67288aeb0800934628b5a510045ccf1f62c84011e73951 The OpenSSF Package Analysis project identified 'cucumberjsonschema' @ 90002.0 rubygems as malicious. It is considered malicious because: - The...

Linux Distros Unpatched Vulnerability : CVE-2026-2302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

[SECURITY] Fedora 42 Update: rust-rbspy-0.34.1-4.fc42

Sampling CPU profiler for Ruby...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: rubygem-rack (UTSA-2026-005348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005348 advisory. Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via the Mongoid::Criteria.fromhash function. An attacker can execute arbitrary Ruby code by supplying a specially crafted Hash value. Remediation Upgrade mongoid to version 7.6.1, 8.0.12, 8.1.12, 9.0.10 or highe...

CVE-2026-2302

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

UBUNTU-CVE-2026-2302

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

CVE-2026-2302

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

[SECURITY] Fedora 43 Update: rust-rbspy-0.34.1-4.fc43

Sampling CPU profiler for Ruby...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005310 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005311 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name...

MongoDB Ruby Driver 安全漏洞

The MongoDB Ruby Driver is an open-source Ruby library developed by MongoDB. There is a security vulnerability in the MongoDB Ruby Driver, which may allow arbitrary Ruby code to be executed when processing specially crafted Hash r types...