Whoops, I couldn't find that page - RubySec

You may want to try a search above, or [visit the homepage](/). Also, here are some recent posts:

Mar 27

CVE-2026-34060 (ruby-lsp): Ruby LSP has arbitrary code execution through branch setting

posted in •

Mar 27

CVE-2026-33946 (mcp): MCP Ruby SDK - Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay

posted in •

Mar 25

CVE-2026-33658 (activestorage): Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

posted in •

Mar 24

CVE-2026-33635 (icalendar): iCalendar has ICS injection via unsanitized URI property values

posted in •

Mar 20

CVE-2026-33286 (graphiti): Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

posted in •

Mar 19

CVE-2026-33306 (bcrypt): bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

posted in •

Mar 19

CVE-2026-33210 (json): Ruby JSON has a format string injection vulnerability

posted in •

Mar 18

GHSA-46fp-8f5p-pf2m (loofah): Improper detection of disallowed URIs by Loofah `allowed_uri?`

posted in •

Mar 18

CVE-2026-33209 (avo): Avo has a XSS vulnerability on `return_to` param

posted in •

Mar 17

CVE-2026-4324 (katello): Katello - Denial of Service and potential information disclosure via SQL injection'

posted in •