Whoops, I couldn't find that page - RubySec

You may want to try a search above, or [visit the homepage](/). Also, here are some recent posts:

Jan 08

GHSA-96qw-h329-v5rg (shakapacker): Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles

posted in •

Jan 08

CVE-2026-22589 (spree_core): Spree API has Unauthenticated IDOR - Guest Address

posted in •

Jan 08

CVE-2026-22588 (spree_api): Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification

posted in •

Dec 31

GHSA-g9jg-w8vm-g96v (action_text-trix): Trix has a stored XSS vulnerability through its attachment attribute

posted in •

Dec 23

CVE-2025-68696 (httparty): httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

posted in •

Dec 18

CVE-2025-14762 (aws-sdk-s3): AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue

posted in •

Dec 16

CVE-2025-68113 (altcha): ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

posted in •

Dec 08

CVE-2025-66568 (ruby-saml): Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

posted in •

Dec 08

CVE-2025-66567 (ruby-saml): Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

posted in •

Nov 13

GHSA-4249-gjr8-jpq3 (prosemirror_to_html): ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

posted in •