Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

28 advisories

Loading
fluent-plugin-opentelemetry Has Denial of Service (DoS) via Large Payloads and Decompression Bombs in `in_opentelemetry` Moderate
CVE-2026-44163 was published for fluent-plugin-opentelemetry (RubyGems) Jun 26, 2026
fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in `in_s3` Low
CVE-2026-44162 was published for fluent-plugin-s3 (RubyGems) Jun 26, 2026
net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication Moderate
CVE-2026-42256 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads High
CVE-2026-34829 was published for rack (RubyGems) Apr 2, 2026
th4s1s Credited to th4s1s, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters High
CVE-2026-34827 was published for rack (RubyGems) Apr 2, 2026
TaiPhung217 Credited to TaiPhung217, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rails Active Support has a possible DoS vulnerability in its number helpers Moderate
CVE-2026-33176 was published for activesupport (RubyGems) Mar 23, 2026
Rack's multipart byte range processing allows denial of service via excessive overlapping ranges Moderate
CVE-2026-34826 was published for rack (RubyGems) Apr 2, 2026
orenyomtov Credited to orenyomtov, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests Low
CVE-2026-33658 was published for activestorage (RubyGems) Mar 25, 2026
GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens Moderate
GHSA-3h96-34p3-xm76 was published for graphql (RubyGems) May 5, 2026
d0cs1s-bzhunt Credited to d0cs1s-bzhunt and rmosolgo rmosolgo rmosolgo
net-imap rubygem vulnerable to possible DoS by memory exhaustion Moderate
CVE-2025-43857 was published for net-imap (RubyGems) Apr 28, 2025
Masamuneee Credited to Masamuneee and nevans nevans nevans
CGI has Denial of Service (DoS) potential in Cookie.parse Moderate
CVE-2025-27219 was published for cgi (RubyGems) Mar 3, 2025
REXML DoS vulnerability Moderate
CVE-2024-41946 was published for rexml (RubyGems) Aug 2, 2024
naitoh Credited to naitoh
REXML DoS vulnerability Moderate
CVE-2024-41123 was published for rexml (RubyGems) Aug 1, 2024
Ruby SAML DOS vulnerability with large SAML response Moderate
CVE-2025-54572 was published for ruby-saml (RubyGems) Jul 30, 2025
Yuuki77 Credited to Yuuki77 and dblessing dblessing dblessing
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p- Credited to p-
kwkr Credited to kwkr, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Prototype Pollution in lodash High
CVE-2020-8203 was published for lodash (RubyGems) Jul 15, 2020
mitchell-codecov Credited to mitchell-codecov, jkmartindale, bengry, greengeko, tompazourek, and G-Rath jkmartindale jkmartindale
bengry bengry greengeko greengeko tompazourek tompazourek G-Rath G-Rath
ReDoS Vulnerability in Rack::Multipart handle_mime_head Moderate
CVE-2025-49007 was published for rack (RubyGems) Jun 5, 2025
Possible DoS by memory exhaustion in net-imap Moderate
CVE-2025-25186 was published for net-imap (RubyGems) Feb 10, 2025
manunio Credited to manunio and nevans nevans nevans
Rack has possible DoS Vulnerability in Multipart MIME parsing High
CVE-2023-27530 was published for rack (RubyGems) Mar 8, 2023
Password Pusher rate limiter can be bypassed by forging proxy headers Low
CVE-2024-52796 was published for pwpush (RubyGems) Nov 20, 2024
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch Moderate
CVE-2024-41128 was published for actionpack (RubyGems) Oct 15, 2024
Excessive Iteration in gRPC High
CVE-2023-33953 was published for grpc (RubyGems) Aug 9, 2023
levpachmanov Credited to levpachmanov
Sim4n6 Credited to Sim4n6 and ioquatix ioquatix ioquatix
Denial of Service Vulnerability in Action View High
CVE-2019-5419 was published for actionview (RubyGems) Mar 13, 2019
ProTip! Advisories are also available from the GraphQL API