Whoops, I couldn't find that page - RubySec

You may want to try a search above, or [visit the homepage](/). Also, here are some recent posts:

May 27

CVE-2026-44587 (carrierwave): CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters

posted in •

May 18

CVE-2026-45363 (jwt): ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

posted in •

May 18

CVE-2026-33637 (faraday): Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2 - protocol-relative URI objects still bypass host scoping

posted in •

May 08

CVE-2026-44837 (view_component): view_component - System Test Entry Point Path Check Allows Sibling Directory Escape

posted in •

May 08

CVE-2026-44836 (view_component): view_component - Preview Route Can Dispatch Inherited Helper Methods'

posted in •

May 08

CVE-2026-40295 (devise): Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

posted in •

May 07

CVE-2026-44511 (katalyst-koi): Session cookies can be replayed after user logout

posted in •

May 07

CVE-2026-44312 (css_parser): Improper Certificate Validation allows MITM injection of remote CSS content

posted in •

May 07

CVE-2025-67202 (sidekiq-cron): Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL

posted in •

May 06

GHSA-v2fc-qm4h-8hqv (nokogiri): Nokogiri XSLT transform has a memory leak

posted in •