Whoops, I couldn't find that page - RubySec

You may want to try a search above, or [visit the homepage](/). Also, here are some recent posts:

Mar 28

CVE-2024-39311 (publify_core): Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

posted in •

Mar 27

CVE-2025-30221 (pitchfork): Pitchfork HTTP Request/Response Splitting vulnerability

posted in •

Mar 14

GHSA-mrxw-mxhj-p664 (nokogiri): Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs

posted in •

Mar 14

CVE-2025-2304 (camaleon_cms): Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

posted in •

Mar 12

CVE-2025-27788 (json): Out-of-bounds Read in Ruby JSON Parser

posted in •

Mar 12

CVE-2025-27407 (graphql): graphql allows remote code execution when loading a crafted GraphQL schema

posted in •

Mar 12

CVE-2025-25293 (ruby-saml): Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses

posted in •

Mar 12

CVE-2025-25292 (ruby-saml): Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

posted in •

Mar 12

CVE-2025-25291 (ruby-saml): Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)

posted in •

Mar 10

CVE-2025-27610 (rack): Local File Inclusion in Rack::Static

posted in •