Whoops, I couldn't find that page - RubySec

You may want to try a search above, or [visit the homepage](/). Also, here are some recent posts:

Dec 18

CVE-2025-14762 (aws-sdk-s3): AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue

posted in •

Dec 16

CVE-2025-68113 (altcha): ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

posted in •

Dec 08

CVE-2025-66568 (ruby-saml): Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

posted in •

Dec 08

CVE-2025-66567 (ruby-saml): Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

posted in •

Nov 13

GHSA-4249-gjr8-jpq3 (prosemirror_to_html): ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

posted in •

Nov 07

GHSA-vfpf-xmwh-8m65 (prosemirror_to_html): ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

posted in •

Nov 06

GHSA-52c5-vh7f-26fx (prosemirror_to_html): Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

posted in •

Nov 06

CVE-2025-64501 (prosemirror_to_html): Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

posted in •

Nov 06

CVE-2025-12790 (mqtt): MQTT does not validate hostnames

posted in •

Oct 10

CVE-2025-61921 (sinatra): Sinatra is vulnerable to ReDoS through ETag header value generation

posted in •