Search Vulnerabilities

Decidim's private data exports can lead to data leaks

Feb 3, 2026

GHSA-2qxw-7fmx-gqfm

CVE-2026-1531

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

GHSA-m3hq-3qj8-c5fm

CVE-2026-1530

fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation

GHSA-2762-657x-v979

CVE-2026-23885

AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Jan 21, 2026

GHSA-mpwp-4h2m-765c

Active Job - Object injection security vulnerability

GHSA-5qw5-wf2q-f538

ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection

GHSA-w757-4qv9-mghp

CVE-2025-68271

openc3-api Vulnerable to Unauthenticated Remote Code Execution

Jan 13, 2026

GHSA-3ghg-3787-w2xr

CVE-2026-22589

Spree API has Unauthenticated IDOR - Guest Address

GHSA-g268-72p7-9j6j

CVE-2026-22588

Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification

GHSA-96qw-h329-v5rg

Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles

GHSA-g9jg-w8vm-g96v

Trix has a stored XSS vulnerability through its attachment attribute

Dec 31, 2025

GHSA-j4pr-3wm6-xx2r

CVE-2025-61594

LOW

URI Credential Leakage Bypass over CVE-2025-27221

Dec 30, 2025

GHSA-hm5p-x4rq-38w4

CVE-2025-68696

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

MAL-2025-192925

Malicious code in verificator (RubyGems)

MAL-2025-192924

Malicious code in u2f_client (RubyGems)

MAL-2025-192922

Malicious code in stripe-server (RubyGems)

MAL-2025-192923

Malicious code in test_gem_978483406ebb19126a2e8c001649a4eb (RubyGems)

MAL-2025-192921

Malicious code in stripe-rubocop (RubyGems)

MAL-2025-192919

Malicious code in sq-samsa (RubyGems)

MAL-2025-192920

Malicious code in stripe-backup (RubyGems)

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

GHSA-3cx6-j9j4-54mp

CVE-2025-65017

Decidim's private data exports can lead to data leaks

Feb 3, 2026

GHSA-2qxw-7fmx-gqfm

CVE-2026-1531

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

GHSA-m3hq-3qj8-c5fm

CVE-2026-1530

fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation

GHSA-2762-657x-v979

CVE-2026-23885

AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Jan 21, 2026

GHSA-mpwp-4h2m-765c

Active Job - Object injection security vulnerability

GHSA-5qw5-wf2q-f538

ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection

GHSA-w757-4qv9-mghp

CVE-2025-68271

openc3-api Vulnerable to Unauthenticated Remote Code Execution

Jan 13, 2026

GHSA-3ghg-3787-w2xr

CVE-2026-22589

Spree API has Unauthenticated IDOR - Guest Address

GHSA-g268-72p7-9j6j

CVE-2026-22588

Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification

GHSA-96qw-h329-v5rg

Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles

GHSA-g9jg-w8vm-g96v

Trix has a stored XSS vulnerability through its attachment attribute

Dec 31, 2025

GHSA-j4pr-3wm6-xx2r

CVE-2025-61594

LOW

URI Credential Leakage Bypass over CVE-2025-27221

Dec 30, 2025

GHSA-hm5p-x4rq-38w4

CVE-2025-68696

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

MAL-2025-192925

Malicious code in verificator (RubyGems)

MAL-2025-192924

Malicious code in u2f_client (RubyGems)

MAL-2025-192922

Malicious code in stripe-server (RubyGems)

MAL-2025-192923

Malicious code in test_gem_978483406ebb19126a2e8c001649a4eb (RubyGems)

MAL-2025-192921

Malicious code in stripe-rubocop (RubyGems)

MAL-2025-192919

Malicious code in sq-samsa (RubyGems)

MAL-2025-192920

Malicious code in stripe-backup (RubyGems)