rubygems

Top products

The 15 most recently published vulnerabilities affecting rubygems.

• CVE-2026-31830sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest7.5Mar 10, 2026
• CVE-2026-1776Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read6.5Mar 9, 2026
• CVE-2026-0980Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username8.3Feb 27, 2026
• CVE-2026-25500Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href5.4Feb 18, 2026
• CVE-2026-22860Rack has a Directory Traversal via Rack:Directory7.5Feb 18, 2026
• CVE-2026-25765Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url5.8Feb 9, 2026
• CVE-2026-25757Unauthenticated Spree Commerce users can view completed guest orders by Order ID5.3Feb 6, 2026
• CVE-2026-25758Spree allows unauthenticated users can access all guest addresses7.5Feb 6, 2026
• CVE-2025-65017Decidim's private data exports can lead to data leaks6.5Feb 3, 2026
• CVE-2026-1530Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation8.1Feb 2, 2026
• CVE-2026-1531Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification8.1Feb 2, 2026
• CVE-2026-23885AlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper6.4Jan 19, 2026
• CVE-2025-68271Unauthenticated Remote Code Execution in openc3-api10.0Jan 13, 2026
• CVE-2026-22589Spree API has Unauthenticated IDOR - Guest Address7.5Jan 10, 2026
• CVE-2026-22588Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification6.5Jan 8, 2026