Jul 10 CVE-2024-27095 (decidim-admin): Decidim cross-site scripting (XSS) in the admin panel posted in •
Jul 10 CVE-2024-27090 (decidim): Decidim vulnerable to data disclosure through the embed feature posted in •
Jul 08 CVE-2024-39308 (rails_admin): RailsAdmin Cross-site Scripting vulnerability in the list view posted in •
Jun 04 CVE-2024-32464 (actiontext): ActionText ContentAttachment can Contain Unsanitized HTML posted in •
Jun 04 CVE-2024-28103 (actionpack): Missing security headers in Action Pack on non-HTML responses posted in •
Jun 02 CVE-2024-37031 (activeadmin): activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends posted in •
May 27 CVE-2024-35231 (rack-contrib): Denial of Service in rack-contrib via "profiler_runs" parameter posted in •