Whoops, I couldn't find that page - RubySec

You may want to try a search above, or [visit the homepage](/). Also, here are some recent posts:

Mar 05

CVE-2026-27820 (zlib): Buffer overflow vulnerability in Zlib::GzipReader

posted in •

Feb 27

CVE-2026-0980 (rubyipmi): rubyipmi is vulnerable to OS Command Injection through malicious usernames

posted in •

Feb 18

GHSA-wx95-c6cv-8532 (nokogiri): Nokogiri does not check the return value from xmlC14NExecute

posted in •

Feb 17

CVE-2026-25500 (rack): Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

posted in •

Feb 17

CVE-2026-22860 (rack): Rack has a Directory Traversal via Rack:Directory

posted in •

Feb 10

GHSA-q66h-m87m-j2q6 (bitcoinrb): Bitcoinrb Vulnerable to Command injection via RPC

posted in •

Feb 09

CVE-2026-25765 (faraday): Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

posted in •

Feb 06

GHSA-w67g-2h6v-vjgq (phlex): Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values

posted in •

Feb 05

GHSA-p6pv-q7rc-g4h9 (spree_storefront): Unauthenticated Spree Commerce users can view completed guest orders by Order ID

posted in •

Feb 05

GHSA-87fh-rc96-6fr6 (spree_api): Unauthenticated Spree Commerce users can access all guest addresses

posted in •