FLAT-8FLYW (CVE-2026-44837)
Lack of data validation - Path Traversal In ruby-view-component
4.6
Medium
Ecosystem: Debian
Package: ruby-view-component
FLAT-2JZDO (CVE-2026-44836)
Excessive privileges In ruby-view-component
6.3
Medium
Ecosystem: Debian
Package: ruby-view-component
FLAT-6Y7MH (CVE-2026-40295)
Uncontrolled external site redirect In ruby-devise
0.6
Low
Ecosystem: Debian
Package: ruby-devise
FLAT-3SG0P (CVE-2026-33637)
Server-side request forgery (SSRF) In ruby-faraday
6.3
Medium
Ecosystem: Debian
Package: ruby-faraday
FLAT-229QS (CVE-2026-44312)
Insecure service configuration In ruby-css-parser
1.7
Low
Ecosystem: Debian
Package: ruby-css-parser
FLAT-C617D (CVE-2026-42246)
Inappropriate coding practices In ruby3.1
4.9
Medium
Ecosystem: Debian
Package: ruby3.1
FLAT-Z9JFG (CVE-2026-42256)
Asymmetric denial of service In ruby3.1
2.3
Low
Ecosystem: Debian
Package: ruby3.1
FLAT-VENYH (CVE-2026-42257)
Lack of data validation In ruby2.7
1.9
Low
Ecosystem: Debian
Package: ruby2.7
FLAT-JHNXB (CVE-2026-42245)
Improper resource allocation In ruby3.3
0.6
Low
Ecosystem: Debian
Package: ruby3.3
FLAT-DA7Q6 (CVE-2026-42258)
Server side template injection In ruby3.3
1.9
Low
Ecosystem: Debian
Package: ruby3.3
FLAT-KZOFX (CVE-2026-27820)
Improper resource allocation - Buffer overflow In ruby3.3
1.7
Low
Ecosystem: Debian
Package: ruby3.3
FLAT-P0VS5 (CVE-2019-15845)
Lack of data validation - Path Traversal In ruby
2.7
Low
Ecosystem: Alpm
Package: ruby
FLAT-W6U4O (CVE-2019-16201)
Asymmetric denial of service - ReDoS In ruby
6.6
Medium
Ecosystem: Alpm
Package: ruby
FLAT-Z0T71 (CVE-2019-16254)
Lack of data validation In ruby
2.7
Low
Ecosystem: Alpm
Package: ruby
FLAT-JCYYJ (CVE-2019-16255)
Lack of data validation In ruby
7.2
High
Ecosystem: Alpm
Package: ruby
FLAT-XHNDG (CVE-2012-6708)
Reflected cross-site scripting (XSS) In ruby-rdoc
1.3
Low
Ecosystem: Alpm
Package: ruby-rdoc
FLAT-FH67W (CVE-2015-9251)
Reflected cross-site scripting (XSS) In ruby-rdoc
1.3
Low
Ecosystem: Alpm
Package: ruby-rdoc
FLAT-JCZDW (CVE-2021-28834)
Server side template injection In ruby-kramdown
8.1
High
Ecosystem: Alpm
Package: ruby-kramdown
FLAT-XPJFZ (CVE-2021-31799)
Remote command execution In ruby-rdoc
4.4
Medium
Ecosystem: Alpm
Package: ruby-rdoc
FLAT-QPSF7 (CVE-2020-36327)
Dependency Confusion In ruby-bundler
8.1
High
Ecosystem: Alpm
Package: ruby-bundler
FLAT-5TTVJ (CVE-2020-36401)
Inappropriate coding practices In mruby
7.3
High
Ecosystem: Alpm
Package: mruby
FLAT-LK0IL (CVE-2021-32740)
Improper resource allocation In ruby-addressable
6.6
Medium
Ecosystem: Alpm
Package: ruby-addressable
FLAT-3YHWO (CVE-2021-41817)
Asymmetric denial of service - ReDoS In ruby
6.6
Medium
Ecosystem: Alpm
Package: ruby
FLAT-M44LT (CVE-2021-41819)
Insecurely generated cookies In ruby
6.6
Medium
Ecosystem: Alpm
Package: ruby
FLAT-6J725 (CVE-2021-31810)
Enabled default configuration In ruby
2.7
Low
Ecosystem: Alpm
Package: ruby
FLAT-GDAKD (CVE-2021-32066)
Use of insecure channel - Source code In ruby
6.9
Medium
Ecosystem: Alpm
Package: ruby
FLAT-UF3O8 (CVE-2022-28738)
Inappropriate coding practices In ruby
8.1
High
Ecosystem: Alpm
Package: ruby
FLAT-04XKP (CVE-2022-28739)
Inappropriate coding practices In ruby
6.6
Medium
Ecosystem: Alpm
Package: ruby
FLAT-1N3YN (CVE-2021-28965)
XML injection (XXE) In ruby-rexml
6.6
Medium
Ecosystem: Alpm
Package: ruby-rexml
FLAT-T749U (CVE-2021-43809)
Insecure functionality In ruby-bundler
2.0
Low
Ecosystem: Alpm
Package: ruby-bundler
FLAT-1R8P1 (CVE-2021-4110)
Inappropriate coding practices In mruby
6.6
Medium
Ecosystem: Alpm
Package: mruby
FLAT-B4U4L (CVE-2026-34060)
Remote command execution In ruby-ruby-lsp
4.0
Medium
Ecosystem: Debian
Package: ruby-ruby-lsp
FLAT-UM0HM (CVE-2026-33635)
Lack of data validation In ruby-icalendar
1.3
Low
Ecosystem: Debian
Package: ruby-icalendar
FLAT-SO89D (DSA-6180-1)
Insecure HTTP methods enabled In ruby-rack
1.3
Low
Ecosystem: Debian
Package: ruby-rack
FLAT-SUUAO (CVE-2026-33306)
Out-of-bounds read In ruby-bcrypt
4.5
Medium
Ecosystem: Debian
Package: ruby-bcrypt
FLAT-CSN0U (DLA-4505-1)
Insecure HTTP methods enabled In ruby-rack
0.6
Low
Ecosystem: Debian
Package: ruby-rack
FLAT-XD6IH (CVE-2026-33210)
Lack of data validation In ruby-json
4.8
Medium
Ecosystem: Debian
Package: ruby-json
FLAT-KCXQY (CVE-2026-32700)
Race condition In ruby-devise
2.3
Low
Ecosystem: Debian
Package: ruby-devise
FLAT-CHHO0 (MAL-2026-1922)
Use of software with malware In rubylogger
5.2
Medium
Ecosystem: RubyGems
Package: rubylogger
FLAT-F3O1F (MAL-2026-1916)
Use of software with malware In freshworks-ruby
5.2
Medium
Ecosystem: RubyGems
Package: freshworks-ruby
FLAT-8UC65 (CVE-2026-0980)
OS Command Injection In rubyipmi
7.7
High
Ecosystem: RubyGems
Package: rubyipmi
FLAT-GJQAW (MAL-2026-1002)
Use of software with malware In newrubylogger
5.2
Medium
Ecosystem: RubyGems
Package: newrubylogger
FLAT-CUOSJ (CVE-2026-25500)
Server side cross-site scripting In ruby-rack
0.1
Low
Ecosystem: Debian
Package: ruby-rack
FLAT-EHLW5 (CVE-2026-22860)
Lack of data validation - Path Traversal In ruby-rack
4.6
Medium
Ecosystem: Debian
Package: ruby-rack
FLAT-K2OJP (CVE-2026-25765)
Server-side request forgery (SSRF) In ruby-faraday
1.7
Low
Ecosystem: Debian
Package: ruby-faraday
FLAT-FV8VE (CVE-2026-1979)
Race condition In mruby
1.1
Low
Ecosystem: Debian
Package: mruby
FLAT-O54LI (DLA-4433-1)
Missing subresource integrity check In ruby-rmagick
0.5
Low
Ecosystem: Debian
Package: ruby-rmagick
FLAT-BTVP9 (CVE-2025-61594)
Insecurely deleted files In rubygems
2.7
Low
Ecosystem: Debian
Package: rubygems
FLAT-9T0S2 (CVE-2025-68696)
Server-side request forgery (SSRF) In ruby-httparty
6.7
Medium
Ecosystem: Debian
Package: ruby-httparty
FLAT-P5JPZ (MAL-2025-192912)
Use of software with malware In prometheus_client_ruby
5.2
Medium
Ecosystem: RubyGems
Package: prometheus_client_ruby
FLAT-6RDGY (MAL-2025-192584)
Use of software with malware In jsondatatoruby
5.2
Medium
Ecosystem: Npm
Package: jsondatatoruby
FLAT-T3V2W (DLA-4407-1)
Server-side request forgery (SSRF) In ruby-sidekiq
7.9
High
Ecosystem: Debian
Package: ruby-sidekiq
FLAT-09VR5 (DLA-4406-1)
Sensitive information in source code In ruby-git
1.7
Low
Ecosystem: Debian
Package: ruby-git
FLAT-U9HOC (CVE-2025-66568)
Insufficient data authenticity validation In ruby-saml
8.0
High
Ecosystem: RubyGems
Package: ruby-saml
FLAT-HDO5N (CVE-2025-66567)
Insufficient data authenticity validation In ruby-saml
8.0
High
Ecosystem: RubyGems
Package: ruby-saml
FLAT-AFEDP (CVE-2025-13120)
Out-of-bounds read In mruby
0.4
Low
Ecosystem: Debian
Package: mruby
FLAT-OF4WZ (DSA-6048-1)
Insecure HTTP methods enabled In ruby-rack
0.6
Low
Ecosystem: Debian
Package: ruby-rack
FLAT-AZL0D (DLA-4357-1)
Insecure HTTP methods enabled In ruby-rack
0.6
Low
Ecosystem: Debian
Package: ruby-rack
FLAT-31O68 (MAL-2025-48935)
Use of software with malware In shopify-ruby
5.2
Medium
Ecosystem: Npm
Package: shopify-ruby
FLAT-DGMH7 (CVE-2025-61919)
Improper resource allocation In ruby-rack
6.6
Medium
Ecosystem: Debian
Package: ruby-rack
FLAT-WMBEN (MAL-2025-48026)
Use of software with malware In concurrent-ruby
5.2
Medium
Ecosystem: Npm
Package: concurrent-ruby
FLAT-4AVNW (DLA-4288-1)
Server-side request forgery (SSRF) In ruby-saml
7.9
High
Ecosystem: Debian
Package: ruby-saml
FLAT-KTNE8 (MAL-2025-41757)
Use of software with malware In rubyreq
5.2
Medium
Ecosystem: PyPI
Package: rubyreq
FLAT-RFO99 (MAL-2025-32541)
Use of software with malware In rubytask
5.2
Medium
Ecosystem: Npm
Package: rubytask
FLAT-RSSQ0 (MAL-2025-32538)
Use of software with malware In rubyheap
5.2
Medium
Ecosystem: Npm
Package: rubyheap
FLAT-3ZREZ (MAL-2025-16864)
Use of software with malware In chatruby
5.2
Medium
Ecosystem: Npm
Package: chatruby
FLAT-SDL2L (MAL-2025-32536)
Use of software with malware In rubygrep
5.2
Medium
Ecosystem: Npm
Package: rubygrep
FLAT-NJEHF (MAL-2025-32509)
Use of software with malware In rssruby
5.2
Medium
Ecosystem: Npm
Package: rssruby
FLAT-J3GUG (MAL-2025-32531)
Use of software with malware In ruby-kafka-oauth-client
5.2
Medium
Ecosystem: Npm
Package: ruby-kafka-oauth-client
FLAT-93407 (MAL-2025-32535)
Use of software with malware In rubyfile
5.2
Medium
Ecosystem: Npm
Package: rubyfile
FLAT-0878D (MAL-2025-26829)
Use of software with malware In mruby_engine
5.2
Medium
Ecosystem: Npm
Package: mruby_engine
FLAT-XMJQO (MAL-2025-32542)
Use of software with malware In rubytest
5.2
Medium
Ecosystem: Npm
Package: rubytest
FLAT-VQZSP (MAL-2025-32532)
Use of software with malware In ruby-limiter
5.2
Medium
Ecosystem: Npm
Package: ruby-limiter
FLAT-NV3Z3 (MAL-2025-34365)
Use of software with malware In tableau_ruby
5.2
Medium
Ecosystem: Npm
Package: tableau_ruby
FLAT-6NUN0 (MAL-2025-31447)
Use of software with malware In quota_tracker_ruby
5.2
Medium
Ecosystem: Npm
Package: quota_tracker_ruby
FLAT-1EMHB (MAL-2025-32540)
Use of software with malware In rubyore
5.2
Medium
Ecosystem: Npm
Package: rubyore
FLAT-5ZIZV (MAL-2025-32534)
Use of software with malware In rubyduino
5.2
Medium
Ecosystem: Npm
Package: rubyduino
FLAT-KRICU (MAL-2025-29262)
Use of software with malware In ping-api-ruby
5.2
Medium
Ecosystem: Npm
Package: ping-api-ruby
FLAT-AFCXC (MAL-2025-24158)
Use of software with malware In kafka-client-ruby
5.2
Medium
Ecosystem: Npm
Package: kafka-client-ruby
FLAT-GHQUC (MAL-2025-29331)
Use of software with malware In pitchruby
5.2
Medium
Ecosystem: Npm
Package: pitchruby
FLAT-O2Y2X (MAL-2025-25428)
Use of software with malware In liruby
5.2
Medium
Ecosystem: Npm
Package: liruby
FLAT-Z3EN1 (MAL-2025-32537)
Use of software with malware In rubyhead
5.2
Medium
Ecosystem: Npm
Package: rubyhead
FLAT-BKRR4 (MAL-2025-17180)
Use of software with malware In cloudflare_ruby
5.2
Medium
Ecosystem: Npm
Package: cloudflare_ruby
FLAT-HFG0C (MAL-2025-24366)
Use of software with malware In kcruby
5.2
Medium
Ecosystem: Npm
Package: kcruby
FLAT-DQMW6 (MAL-2025-20430)
Use of software with malware In ffiruby
5.2
Medium
Ecosystem: Npm
Package: ffiruby
FLAT-SRFJD (MAL-2025-32539)
Use of software with malware In rubymdp
5.2
Medium
Ecosystem: Npm
Package: rubymdp
FLAT-W21B3 (MAL-2025-32533)
Use of software with malware In rubycoin
5.2
Medium
Ecosystem: Npm
Package: rubycoin
FLAT-FV1IK (CVE-2025-45765)
Insecure encryption algorithm In ruby-jwt
0.6
Low
Ecosystem: Debian
Package: ruby-jwt
FLAT-UGKTN (DLA-4263-1)
Server-side request forgery (SSRF) In ruby-graphql
6.8
Medium
Ecosystem: Debian
Package: ruby-graphql
FLAT-FVFBW (CVE-2025-54572)
Asymmetric denial of service In ruby-saml
2.7
Low
Ecosystem: Debian
Package: ruby-saml
FLAT-5XJRA (CVE-2025-7207)
Out-of-bounds read In mruby
2.2
Low
Ecosystem: Debian
Package: mruby
FLAT-VR4FM (MAL-2025-3928)
Use of software with malware In xero_ruby_oauth2_app
5.2
Medium
Ecosystem: Npm
Package: xero_ruby_oauth2_app
FLAT-CQEVB (DLA-4163-1)
Use of software with malware In rubygems
6.1
Medium
Ecosystem: Debian
Package: rubygems
FLAT-O4TC3 (CVE-2025-46336)
Session Fixation In ruby-rack-session
0.6
Low
Ecosystem: Debian
Package: ruby-rack-session
FLAT-LS3DD (CVE-2025-46551)
Insecure digital certificates In org.jruby:jruby
4.9
Medium
Ecosystem: Maven
Package: org.jruby:jruby
FLAT-FM3L8 (CVE-2025-43857)
Asymmetric denial of service In ruby3.1
6.6
Medium
Ecosystem: Debian
Package: ruby3.1
FLAT-XS18E (DLA-4115-1)
Improper authorization control for web services In ruby-saml
2.7
Low
Ecosystem: Debian
Package: ruby-saml
FLAT-SJZCL (DSA-5886-1)
Improper resource allocation In ruby-rack
4.9
Medium
Ecosystem: Debian
Package: ruby-rack
FLAT-597HX (DLA-4090-1)
Improper resource allocation In ruby-rack
2.7
Low
Ecosystem: Debian
Package: ruby-rack
FLAT-WL2IF (CVE-2025-25292)
Insufficient data authenticity validation In ruby-saml
1.3
Low
Ecosystem: Debian
Package: ruby-saml