Sinatra

This hub aggregates every CVE we track for Sinatra, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 8 most recently published vulnerabilities affecting Sinatra.

• CVE-2025-61921Sinatra has ReDoS vulnerability in ETag header value generation7.5Oct 10, 2025
• CVE-2024-21510Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redire...5.4Nov 1, 2024
• CVE-2024-37116WordPress Sinatra theme <= 1.3 - Cross Site Scripting (XSS) vulnerability6.5Jul 22, 2024
• CVE-2022-45442Sinatra vulnerable to Reflected File Download attack8.8Nov 28, 2022
• CVE-2022-29970Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.7.5May 2, 2022
• CVE-2018-11627Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.6.1May 31, 2018
• CVE-2018-1000119Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear t...5.9Mar 7, 2018
• CVE-2018-7212An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.5.3Feb 18, 2018