Whoops, I couldn't find that page - RubySec

You may want to try a search above, or [visit the homepage](/). Also, here are some recent posts:

Aug 29

CVE-2025-58067 (google_sign_in): Google Sign-In for Rails allowed redirect to protocol-relative URI

posted in •

Aug 27

CVE-2025-57821 (google_sign_in): Google Sign-In for Rails allowed redirects to malformed URLs

posted in •

Aug 14

CVE-2025-24293 (activestorage): Active Storage allowed transformation methods that were potentially unsafe

posted in •

Aug 13

CVE-2025-55193 (activerecord): Active Record logging vulnerable to ANSI escape injection

posted in •

Aug 07

CVE-2025-54887 (jwe): JWE is missing AES-GCM authentication tag validation in encrypted JWE

posted in •

Jul 30

CVE-2025-54572 (ruby-saml): Ruby SAML DOS vulnerability with large SAML response

posted in •

Jul 21

GHSA-353f-x4gh-cqq8 (nokogiri): Nokogiri patches vendored libxml2 to resolve multiple CVEs

posted in •

Jul 20

CVE-2025-54314 (thor): Thor can construct an unsafe shell command from library input.

posted in •

Jul 15

GHSA-29g5-m8v7-v564 (measured): Measured is vulnerable to Path Traversal attacks during class initialization

posted in •

Jul 14

CVE-2025-53623 (job-iteration): Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class

posted in •