Aug 29 CVE-2025-58067 (google_sign_in): Google Sign-In for Rails allowed redirect to protocol-relative URI posted in •
Aug 27 CVE-2025-57821 (google_sign_in): Google Sign-In for Rails allowed redirects to malformed URLs posted in •
Aug 14 CVE-2025-24293 (activestorage): Active Storage allowed transformation methods that were potentially unsafe posted in •
Aug 13 CVE-2025-55193 (activerecord): Active Record logging vulnerable to ANSI escape injection posted in •
Aug 07 CVE-2025-54887 (jwe): JWE is missing AES-GCM authentication tag validation in encrypted JWE posted in •
Jul 21 GHSA-353f-x4gh-cqq8 (nokogiri): Nokogiri patches vendored libxml2 to resolve multiple CVEs posted in •
Jul 20 CVE-2025-54314 (thor): Thor can construct an unsafe shell command from library input. posted in •
Jul 15 GHSA-29g5-m8v7-v564 (measured): Measured is vulnerable to Path Traversal attacks during class initialization posted in •
Jul 14 CVE-2025-53623 (job-iteration): Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class posted in •