Search Vulnerabilities

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

GHSA-4jvx-93h3-f45h

OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames

GHSA-wgx6-g857-jjf7

OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

GHSA-3jfp-46x4-xgfj

yard: Possible arbitrary path traversal and file access via yard server

Apr 17, 2026

GHSA-g857-hhfv-j68w

CVE-2026-27820

Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

MAL-2026-2815

Malicious code in monolith-twirp-pullsd-authorization (RubyGems)

MAL-2026-2816

Malicious code in monolith-twirp-pullsd-users (RubyGems)

MAL-2026-2814

Malicious code in gitlab-orchestrator (RubyGems)

GHSA-2x79-gwq3-vxxm

Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem

GHSA-w5xj-99cg-rccm

CVE-2026-40869

Decidim amendments can be accepted or rejected by anyone

GHSA-9pm8-vwc5-w2hm

LOW

Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID

GHSA-fc46-r95f-hq7g

CVE-2026-23891

Decidim has a cross-site scripting (XSS) in user name

Apr 13, 2026

GHSA-9hfr-gw99-8rhx

CVE-2026-40069

bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts

GHSA-hc36-c89j-5f4j

CVE-2026-40070

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

GHSA-33qg-7wpp-89cq

CVE-2026-39324

Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

GHSA-h27x-rffw-24p4

CVE-2026-35611

Addressable has a Regular Expression Denial of Service in Addressable templates

GHSA-6r34-94wq-jhrc

CVE-2026-35201

rdiscount has an Out-of-bounds Read

Apr 6, 2026

GHSA-g2pf-xv49-m2h5

CVE-2026-34835

Rack::Request accepts invalid Host characters, enabling host allowlist bypass

GHSA-q2ww-5357-x388

CVE-2026-34831

Rack has Content-Length mismatch in Rack::Files error responses

GHSA-qv7j-4883-hwh7

CVE-2026-34830

Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

GHSA-ffq5-qpvf-xq7x

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

GHSA-4jvx-93h3-f45h

OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames

GHSA-wgx6-g857-jjf7

OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

GHSA-3jfp-46x4-xgfj

yard: Possible arbitrary path traversal and file access via yard server

Apr 17, 2026

GHSA-g857-hhfv-j68w

CVE-2026-27820

Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

MAL-2026-2815

Malicious code in monolith-twirp-pullsd-authorization (RubyGems)

MAL-2026-2816

Malicious code in monolith-twirp-pullsd-users (RubyGems)

MAL-2026-2814

Malicious code in gitlab-orchestrator (RubyGems)

GHSA-2x79-gwq3-vxxm

Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem

GHSA-w5xj-99cg-rccm

CVE-2026-40869

Decidim amendments can be accepted or rejected by anyone

GHSA-9pm8-vwc5-w2hm

LOW

Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID

GHSA-fc46-r95f-hq7g

CVE-2026-23891

Decidim has a cross-site scripting (XSS) in user name

Apr 13, 2026

GHSA-9hfr-gw99-8rhx

CVE-2026-40069

bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts

GHSA-hc36-c89j-5f4j

CVE-2026-40070

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

GHSA-33qg-7wpp-89cq

CVE-2026-39324

Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

GHSA-h27x-rffw-24p4

CVE-2026-35611

Addressable has a Regular Expression Denial of Service in Addressable templates

GHSA-6r34-94wq-jhrc

CVE-2026-35201

rdiscount has an Out-of-bounds Read

Apr 6, 2026

GHSA-g2pf-xv49-m2h5

CVE-2026-34835

Rack::Request accepts invalid Host characters, enabling host allowlist bypass

GHSA-q2ww-5357-x388

CVE-2026-34831

Rack has Content-Length mismatch in Rack::Files error responses

GHSA-qv7j-4883-hwh7

CVE-2026-34830

Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect