RHCOS 2 : rubygems (RHSA-2014:0207)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0207 advisory. - rubygems: version regex algorithmic complexity vulnerability CVE-2013-4287 Note that Nessus has not tested for this issue but has instead...

RHCOS 1 : rubygems (RHSA-2013:1203)

The remote Red Hat Enterprise Linux CoreOS 1 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:1203 advisory. - rubygems: Two security fixes in v1.8.23 CVE-2012-2125, CVE-2012-2126 Note that Nessus has not tested for these issues but has...

MAL-2026-1921 Malicious code in resolvrtest (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-1918 Malicious code in newlogger (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-1916 Malicious code in freshworks-ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MiracleLinux 7 : ruby-2.0.0.648-35.0.1.el7.AXS7 (AXSA:2019-3890:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3890:02 advisory. rubygems: Installing a malicious gem may lead to arbitrary code execution CVE-2019-8324 rubygems: Escape sequence injection vulnerability in gem own...

MAL-2025-192923 Malicious code in test_gem_978483406ebb19126a2e8c001649a4eb (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

EUVD-2022-4029

Malicious code in bioql PyPI...

EUVD-2022-33576

Malicious code in bioql PyPI...

Ubuntu: Security Advisory (USN-7735-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users and likely resell them on dark web forums like Russian Market...

MAL-2025-6627 Malicious code in maventa_common (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6385 Malicious code in icare (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5ef3fd9f7c979ad17316b55bd4b33311a8afc4966f82955133c709fef2b53e84 The OpenSSF Package Analysis project identified 'icare' @ 1.0.0 rubygems as malicious. It is considered malicious because: - The package...

MAL-2025-6386 Malicious code in icaret (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b2390fae7771a778a8bf020a3313113b56c56383c2178d916748a8d959678c9e The OpenSSF Package Analysis project identified 'icaret' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The package...

MAL-2025-6348 Malicious code in resource_registry (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97ad7e4a2d8c7feaee7f61db0f1f57c90f92b4f92d6ca258fef4bc5f5107666d The OpenSSF Package Analysis project identified 'resourceregistry' @ 1.0.22 rubygems as malicious. It is considered malicious because: - The...

Malicious code in resource_registry (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97ad7e4a2d8c7feaee7f61db0f1f57c90f92b4f92d6ca258fef4bc5f5107666d The OpenSSF Package Analysis project identified 'resourceregistry' @ 1.0.22 rubygems as malicious. It is considered malicious because: - The...

MAL-2025-6265 Malicious code in message_gateway (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2781d258b292d5959839a52e0e940040defaae1ecbb1293c0d149dc5f6faf110 The OpenSSF Package Analysis project identified 'messagegateway' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The packag...

Malicious code in xxxxxxxx (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2019-17268

The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected...

MAL-2025-3295 Malicious code in bvr-api (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed2a0f9c584ecfcffc1c76619a1637559d1d8771f78e1d3655f819f7fff67962 The OpenSSF Package Analysis project identified 'bvr-api' @ 0.3.12 rubygems as malicious. It is considered malicious because: - The package...