Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: ruby Clear
ID Title
CVE-2026-38969 Vulnerability in CVE-2026-38969 (CVE-2026-38969)
vulnerability in CVE-2026-38969 (CVE-2026-38969). Data can be tampered with by attackers.
CVE-2026-54696 Vulnerability in dos (CVE-2026-54696)
vulnerability in dos (CVE-2026-54696). Risk of unauthorized operations or information disclosure.
CVE-2026-52783 Vulnerability in rails (CVE-2026-52783)
vulnerability in rails (CVE-2026-52783). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-46386 Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
CVE-2026-57438 Use-After-Free in nokogiri (CVE-2026-57438)
vulnerability in nokogiri (CVE-2026-57438). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-57437 Use-After-Free in nokogiri (CVE-2026-57437)
vulnerability in nokogiri (CVE-2026-57437). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-57436 Use-After-Free in nokogiri (CVE-2026-57436)
vulnerability in nokogiri (CVE-2026-57436). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-57435 Use-After-Free in nokogiri (CVE-2026-57435)
vulnerability in nokogiri (CVE-2026-57435). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-57434 Vulnerability in c (CVE-2026-57434)
vulnerability in c (CVE-2026-57434). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-57236 Use-After-Free in nokogiri (CVE-2026-57236)
vulnerability in nokogiri (CVE-2026-57236). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-57235 Out-of-Bounds Read in nokogiri (CVE-2026-57235)
vulnerability in nokogiri (CVE-2026-57235). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-57234 Vulnerability in ssrf (CVE-2026-57234)
vulnerability in ssrf (CVE-2026-57234). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-47389 Vulnerability in c (CVE-2026-47389)
vulnerability in c (CVE-2026-47389). Confidential information can be exposed externally. Mitigation: upgrade to `4.5.10` or later.
CVE-2026-54906 Vulnerability in concurrent-ruby (CVE-2026-54906)
vulnerability in concurrent-ruby (CVE-2026-54906). Successful exploitation can lead to full system takeover. Exploitable via ``release_write_lock``. Mitigation: upgrade to `1.3.7` or later.
CVE-2026-54905 Vulnerability in concurrent-ruby (CVE-2026-54905)
vulnerability in concurrent-ruby (CVE-2026-54905). Confidential information can be exposed externally. Exploitable via ``WRITE_LOCK_HELD``. Mitigation: upgrade to `1.3.7` or later.
CVE-2026-54904 Vulnerability in concurrent-ruby (CVE-2026-54904)
vulnerability in concurrent-ruby (CVE-2026-54904). Risk of unauthorized operations or information disclosure. Exploitable via ``compare_and_set``. Mitigation: upgrade to `1.3.7` or later.
CVE-2026-54903 Vulnerability in oj (CVE-2026-54903)
vulnerability in oj (CVE-2026-54903). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.load``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54902 Use-After-Free in oj (CVE-2026-54902)
vulnerability in oj (CVE-2026-54902). Risk of unauthorized operations or information disclosure. Exploitable via ``hash_end``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54901 Use-After-Free in oj (CVE-2026-54901)
vulnerability in oj (CVE-2026-54901). Risk of unauthorized operations or information disclosure. Exploitable via ``array_class``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54900 Vulnerability in oj (CVE-2026-54900)
vulnerability in oj (CVE-2026-54900). Risk of unauthorized operations or information disclosure. Exploitable via ``create_id``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-49342 Path Traversal in yard (CVE-2026-49342)
path traversal in yard (CVE-2026-49342). Risk of unauthorized operations or information disclosure. Exploitable via ``adapter.document_root``. Mitigation: upgrade to `0.9.44` or later.
CVE-2026-54898 Use-After-Free in oj (CVE-2026-54898)
vulnerability in oj (CVE-2026-54898). Risk of unauthorized operations or information disclosure. Exploitable via ``hash_start``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54897 Use-After-Free in oj (CVE-2026-54897)
vulnerability in oj (CVE-2026-54897). Risk of unauthorized operations or information disclosure. Exploitable via ``each_value``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54896 Vulnerability in oj (CVE-2026-54896)
vulnerability in oj (CVE-2026-54896). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.dump``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54592 Out-of-Bounds Read in oj (CVE-2026-54592)
vulnerability in oj (CVE-2026-54592). Risk of unauthorized operations or information disclosure. Exploitable via ``doc_each_child``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54500 Out-of-Bounds Read in oj (CVE-2026-54500)
vulnerability in oj (CVE-2026-54500). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.load``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54297 Vulnerability in faraday (CVE-2026-54297)
vulnerability in faraday (CVE-2026-54297). Risk of unauthorized operations or information disclosure. Exploitable via ``Hash``. Mitigation: upgrade to `1.10.6` or later.
CVE-2026-54502 Vulnerability in oj (CVE-2026-54502)
vulnerability in oj (CVE-2026-54502). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.dump``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54899 Use-After-Free in oj (CVE-2026-54899)
vulnerability in oj (CVE-2026-54899). Risk of unauthorized operations or information disclosure. Exploitable via ``symbol_keys``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-47167 Code Injection in vim (CVE-2026-47167)
code injection in vim (CVE-2026-47167). Risk of unauthorized operations or information disclosure.
CVE-2026-47242 Command Injection in net-imap (CVE-2026-47242)
command injection in net-imap (CVE-2026-47242). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.5.15` or later.
CVE-2026-47241 Vulnerability in net-imap (CVE-2026-47241)
vulnerability in net-imap (CVE-2026-47241). Risk of unauthorized operations or information disclosure. Exploitable via ``criteria``. Mitigation: upgrade to `0.5.15` or later.
CVE-2026-47240 Command Injection in net-imap (CVE-2026-47240)
command injection in net-imap (CVE-2026-47240). Risk of unauthorized operations or information disclosure. Exploitable via ``IMAP4rev2``. Mitigation: upgrade to `0.5.15` or later.
CVE-2026-44587 Cross-Site Scripting (XSS) in carrierwave (CVE-2026-44587)
cross-site scripting in carrierwave (CVE-2026-44587). Risk of unauthorized operations or information disclosure. Exploitable via ``Regexp.quote``. Mitigation: upgrade to `2.2.7` or later.
CVE-2026-46727 Vulnerability in ruby (CVE-2026-46727)
vulnerability in ruby (CVE-2026-46727). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.5` or later.
CVE-2026-44511 Vulnerability in katalyst-koi (CVE-2026-44511)
vulnerability in katalyst-koi (CVE-2026-44511). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.0` or later.
CVE-2026-42245 Vulnerability in net-imap (CVE-2026-42245)
vulnerability in net-imap (CVE-2026-42245). Risk of unauthorized operations or information disclosure. Exploitable via ``ResponseReader``. Mitigation: upgrade to `0.4.24` or later.
CVE-2026-42246 Vulnerability in net-imap (CVE-2026-42246)
vulnerability in net-imap (CVE-2026-42246). Confidential information can be exposed externally. Exploitable via ``STARTTLS``. Mitigation: upgrade to `0.3.10` or later.
CVE-2026-42256 Vulnerability in net-imap (CVE-2026-42256)
vulnerability in net-imap (CVE-2026-42256). Risk of unauthorized operations or information disclosure. Exploitable via ``Timeout``. Mitigation: upgrade to `0.4.24` or later.
CVE-2026-42257 Command Injection in net-imap (CVE-2026-42257)
command injection in net-imap (CVE-2026-42257). Successful exploitation can lead to full system takeover. Exploitable via ``CRLF``. Mitigation: upgrade to `0.4.24` or later.
CVE-2026-42258 Command Injection in net-imap (CVE-2026-42258)
command injection in net-imap (CVE-2026-42258). Data can be tampered with by attackers. Exploitable via ``flag``. Mitigation: upgrade to `0.4.24` or later.
CVE-2026-44837 Vulnerability in view_component (CVE-2026-44837)
vulnerability in view_component (CVE-2026-44837). Confidential information can be exposed externally. Exploitable via `GET /_system_test_entrypoint`. Mitigation: upgrade to `4.9.0` or later.
CVE-2026-44836 Vulnerability in view_component (CVE-2026-44836)
vulnerability in view_component (CVE-2026-44836). Confidential information can be exposed externally. Exploitable via `GET /rails/view_components/my_component/render_with_template`. Mitigation: upgrade to `4.9.0` or later.
CVE-2026-42205 Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
CVE-2026-40295 Open Redirect in devise (CVE-2026-40295)
vulnerability in devise (CVE-2026-40295). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `5.0.4` or later.
CVE-2026-41512 Code Injection in gem (CVE-2026-41512)
code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.
CVE-2026-41493 Path Traversal in yard (CVE-2026-41493)
path traversal in yard (CVE-2026-41493). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.42` or later.
CVE-2026-44312 Vulnerability in css_parser (CVE-2026-44312)
vulnerability in css_parser (CVE-2026-44312). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.22.0` or later.
CVE-2026-42088 Vulnerability in openc3 (CVE-2026-42088)
vulnerability in openc3 (CVE-2026-42088). Confidential information can be exposed externally.
CVE-2026-42087 SQL Injection in sqli (CVE-2026-42087)
SQL injection in sqli (CVE-2026-42087). Confidential information can be exposed externally. Exploitable via ``tsdb_lookup``.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →