Whoops, I couldn't find that page - RubySec

You may want to try a search above, or [visit the homepage](/). Also, here are some recent posts:

May 06

GHSA-v2fc-qm4h-8hqv (nokogiri): Nokogiri XSLT transform has a memory leak

posted in •

May 06

GHSA-c4rq-3m3g-8wgx (nokogiri): Nokogiri CSS selector tokenizer has regular expression backtracking

posted in •

Apr 17

GHSA-3jfp-46x4-xgfj (yard): yard - Possible arbitrary path traversal and file access via yard server

posted in •

Apr 14

GHSA-w5xj-99cg-rccm (decidim-core): Decidim amendments can be accepted or rejected by anyone

posted in •

Apr 14

GHSA-ghmh-q25g-gxxx (decidim-comments): Decidim's comments API allows access to all commentable resources

posted in •

Apr 14

GHSA-9pm8-vwc5-w2hm (fat_free_crm): Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID

posted in •

Apr 14

GHSA-2x79-gwq3-vxxm (iodine): Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem

posted in •

Apr 13

CVE-2026-23891 (decidim-core): Decidim has a cross-site scripting (XSS) in user name

posted in •

Apr 09

CVE-2026-40070 (bsv-wallet): bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

posted in •

Apr 09

CVE-2026-40069 (bsv-sdk): bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts

posted in •