rubygems

965 tracked vulnerabilities.

CVE-2026-1530 HIGH
fog-kubevirt < 1.5.1 - Man-in-the-Middle via Disabled Certificate Validation
Feb 02, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-23885 MEDIUM
Alchemy <7.4.12,8.0.3 - Code Injection
Jan 19, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-22589 HIGH
Spree < 4.10.2 - Unauthenticated Insecure Direct Object Reference
Jan 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22588 MEDIUM
Spree < 4.10.2 - Authenticated Insecure Direct Object Reference via Order Address Manipulation
Jan 08, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-67202 MEDIUM
sidekiq-cron < 2.4.0 - Cross-Site Scripting via cron.erb URL Rendering
May 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-65017 MEDIUM
Decidim 0.30.0-0.30.3 and 0.31.0.rc1 - Unauthorized Data Exposure via UUID Collision
Feb 03, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-24293 HIGH
Rubygems Activestorage < 8.0.2.1 - Command Injection
Jan 30, 2026
CVSS 8.1
EPSS 0.02
CVE-2025-68271 CRITICAL
OpenC3 COSMOS 5.0.0-6.10.1 - Unauthenticated Remote Code Execution via JSON-RPC API String Parameter
Jan 13, 2026
CVSS 10.0
EPSS 0.01
CVE-2025-61594 HIGH
URI < 0.12.5, 0.13.0-0.13.2, 1.0.0-1.0.3 - Exposure of Sensitive Information via URI Combination Operator
Dec 30, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-68696 HIGH
httparty < 0.24.0 - Server-Side Request Forgery
Dec 23, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-14762 MEDIUM
AWS SDK for Ruby < 1.208.0 - Use of a Broken or Risky Cryptographic Algorithm
Dec 17, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-68113 MEDIUM
ALTCHA Libraries - Cryptographic Semantic Binding Flaw via HMAC Signature Reinterpretation
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66568 CRITICAL
ruby-saml < 1.18.0 - Authentication Bypass via Signature Wrapping Attack
Dec 09, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-66567 CRITICAL
ruby-saml < 1.18.0 - Authentication Bypass via Signature Wrapping Attack
Dec 09, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-64501 HIGH
prosemirror_to_html < 0.2.1 - Cross-Site Scripting via HTML Attribute Values
Nov 10, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-12790 HIGH
Rubygem MQTT < 0.7.0 - Man-in-the-Middle via Missing Hostname Validation
Nov 06, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-61921 HIGH
Sinatra < 4.2.0 - Denial of Service via If-Match and If-None-Match Header Parsing
Oct 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61919 HIGH
Rack < 2.2.20 - Denial of Service via Unbounded Form Parameter Memory Consumption
Oct 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-61780 MEDIUM
Rack < 2.2.20 - Proxy Request Redirection via Untrusted x-sendfile Headers
Oct 10, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-61772 HIGH
Rack < 2.2.19 - Denial of Service via Unbounded Multipart Header Parsing
Oct 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-61771 HIGH
Rack < 2.2.19 - Uncontrolled Resource Consumption via Multipart Form Non-File Fields
Oct 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-61770 HIGH
Rack < 2.2.19 - Uncontrolled Resource Consumption via Multipart Preamble Buffering
Oct 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-59830 HIGH
Rack < 2.2.18 - Denial of Service via Query Parameter Separator Bypass
Sep 25, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-58767 MEDIUM
REXML 3.3.3-3.4.1 - Denial of Service via Multiple XML Declarations
Sep 17, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-58067 MEDIUM
google_sign_in < 1.3.1 - Open Redirect via Session Store 'proceed_to' Parameter
Aug 29, 2025
CVSS 4.2
EPSS 0.00