Search Vulnerabilities

rubyipmi is vulnerable to OS Command Injection through malicious usernames

Feb 27, 2026

MAL-2026-1002

Malicious code in newrubylogger (RubyGems)

Feb 23, 2026

MAL-2026-996

Malicious code in rubocop-vintedmetrics (RubyGems)

Feb 20, 2026

GHSA-wx95-c6cv-8532

Nokogiri does not check the return value from xmlC14NExecute

Feb 18, 2026

GHSA-whrj-4476-wvmp

CVE-2026-25500

Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

GHSA-mxw3-3hh2-x2mh

CVE-2026-22860

Rack has a Directory Traversal via Rack:Directory

MAL-2026-906

Malicious code in cucumber_json_schema (RubyGems)

Feb 15, 2026

GHSA-q66h-m87m-j2q6

LOW

Bitcoinrb Vulnerable to Command injection via RPC

Feb 10, 2026

GHSA-33mh-2634-fwr2

CVE-2026-25765

Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Feb 9, 2026

GHSA-w67g-2h6v-vjgq

Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values

Feb 6, 2026

GHSA-87fh-rc96-6fr6

CVE-2026-25758

Unauthenticated Spree Commerce users can access all guest addresses

GHSA-p6pv-q7rc-g4h9

CVE-2026-25757

Unauthenticated Spree Commerce users can view completed guest orders by Order ID

GHSA-3cx6-j9j4-54mp

CVE-2025-65017

Decidim's private data exports can lead to data leaks

Feb 3, 2026

GHSA-2qxw-7fmx-gqfm

CVE-2026-1531

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

GHSA-m3hq-3qj8-c5fm

CVE-2026-1530

fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation

GHSA-2762-657x-v979

CVE-2026-23885

AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Jan 21, 2026

GHSA-mpwp-4h2m-765c

Active Job - Object injection security vulnerability

GHSA-5qw5-wf2q-f538

ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection

GHSA-w757-4qv9-mghp

CVE-2025-68271

openc3-api Vulnerable to Unauthenticated Remote Code Execution

Jan 13, 2026

GHSA-3ghg-3787-w2xr

CVE-2026-22589

Spree API has Unauthenticated IDOR - Guest Address

Jan 8, 2026

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

GHSA-hfcp-477w-3wjw

CVE-2026-0980

rubyipmi is vulnerable to OS Command Injection through malicious usernames

Feb 27, 2026

MAL-2026-1002

Malicious code in newrubylogger (RubyGems)

Feb 23, 2026

MAL-2026-996

Malicious code in rubocop-vintedmetrics (RubyGems)

Feb 20, 2026

GHSA-wx95-c6cv-8532

Nokogiri does not check the return value from xmlC14NExecute

Feb 18, 2026

GHSA-whrj-4476-wvmp

CVE-2026-25500

Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

GHSA-mxw3-3hh2-x2mh

CVE-2026-22860

Rack has a Directory Traversal via Rack:Directory

MAL-2026-906

Malicious code in cucumber_json_schema (RubyGems)

Feb 15, 2026

GHSA-q66h-m87m-j2q6

LOW

Bitcoinrb Vulnerable to Command injection via RPC

Feb 10, 2026

GHSA-33mh-2634-fwr2

CVE-2026-25765

Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Feb 9, 2026

GHSA-w67g-2h6v-vjgq

Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values

Feb 6, 2026

GHSA-87fh-rc96-6fr6

CVE-2026-25758

Unauthenticated Spree Commerce users can access all guest addresses

GHSA-p6pv-q7rc-g4h9

CVE-2026-25757

Unauthenticated Spree Commerce users can view completed guest orders by Order ID

GHSA-3cx6-j9j4-54mp

CVE-2025-65017

Decidim's private data exports can lead to data leaks

Feb 3, 2026

GHSA-2qxw-7fmx-gqfm

CVE-2026-1531

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

GHSA-m3hq-3qj8-c5fm

CVE-2026-1530

fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation

GHSA-2762-657x-v979

CVE-2026-23885

AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Jan 21, 2026

GHSA-mpwp-4h2m-765c

Active Job - Object injection security vulnerability

GHSA-5qw5-wf2q-f538

ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection

GHSA-w757-4qv9-mghp

CVE-2025-68271

openc3-api Vulnerable to Unauthenticated Remote Code Execution

Jan 13, 2026

GHSA-3ghg-3787-w2xr

CVE-2026-22589

Spree API has Unauthenticated IDOR - Guest Address