| activestorage |
CVE-2026-33195 |
严重 |
7.0.8 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
Rails: Active Storage: Active Storage (Rails): Arbitrary file access via path traversal in blob keys
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33195
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-24 00:16 修改: 2026-06-30 03:18
|
| activestorage |
CVE-2026-33202 |
严重 |
7.0.8 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
rails: Active Storage: Unintended file deletion via crafted blob keys
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33202
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37
|
| concurrent-ruby |
CVE-2026-54906 |
严重 |
1.2.2 |
>= 1.3.7 |
concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Synchronization flaw in ReadWriteLock allows unauthorized lock release and denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54906
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-24 17:17 修改: 2026-06-26 20:00
|
| concurrent-ruby |
CVE-2026-54906 |
严重 |
1.2.3 |
>= 1.3.7 |
concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Synchronization flaw in ReadWriteLock allows unauthorized lock release and denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54906
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-24 17:17 修改: 2026-06-26 20:00
|
| graphql |
CVE-2025-27407 |
严重 |
2.2.5 |
~> 1.11.11, ~> 1.12.25, ~> 1.13.24, ~> 2.0.32, ~> 2.1.15, ~> 2.2.17, ~> 2.3.21, >= 2.4.13 |
graphql-ruby: Remote code execution when loading a crafted GraphQL schema
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27407
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-12 19:15 修改: 2026-06-17 09:03
|
| net-imap |
CVE-2026-42257 |
严重 |
0.2.3 |
~> 0.4.24, ~> 0.5.14, >= 0.6.4 |
net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42257
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-09 20:16 修改: 2026-06-17 10:47
|
| net-imap |
CVE-2026-42257 |
严重 |
0.3.4 |
~> 0.4.24, ~> 0.5.14, >= 0.6.4 |
net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42257
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-09 20:16 修改: 2026-06-17 10:47
|
| nokogiri |
GHSA-353f-x4gh-cqq8 |
严重 |
1.16.0 |
>= 1.18.9 |
Nokogiri patches vendored libxml2 to resolve multiple CVEs
漏洞详情: https://github.com/advisories/GHSA-353f-x4gh-cqq8
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-07-21 19:35 修改: 2025-07-21 19:35
|
| omniauth-saml |
CVE-2024-45409 |
严重 |
2.1.0 |
>= 1.10.5, < 2.0.0, ~> 2.1.2, >= 2.2.1 |
The Ruby SAML library is for implementing the client side of a SAML au ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45409
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-09-10 19:15 修改: 2026-06-17 07:54
|
| omniauth-saml |
GHSA-cvp8-5r8g-fhvq |
严重 |
2.1.0 |
2.1.2, 1.10.5, 2.2.1 |
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
漏洞详情: https://github.com/advisories/GHSA-cvp8-5r8g-fhvq
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-09-11 21:08 修改: 2024-09-19 18:25
|
| omniauth-saml |
GHSA-hw46-3hmr-x9xv |
严重 |
2.1.0 |
~> 1.10.6, ~> 2.1.3, >= 2.2.3 |
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue
漏洞详情: https://github.com/advisories/GHSA-hw46-3hmr-x9xv
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-12 19:42 修改: 2025-05-22 17:13
|
| ruby-saml |
CVE-2024-45409 |
严重 |
1.15.0 |
~> 1.12.3, >= 1.17.0 |
The Ruby SAML library is for implementing the client side of a SAML au ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45409
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-09-10 19:15 修改: 2026-06-17 07:54
|
| ruby-saml |
CVE-2025-25291 |
严重 |
1.15.0 |
~> 1.12.4, >= 1.18.0 |
ruby-saml provides security assertion markup language (SAML) single si ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25291
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-12 21:15 修改: 2026-06-17 09:00
|
| ruby-saml |
CVE-2025-25292 |
严重 |
1.15.0 |
~> 1.12.4, >= 1.18.0 |
ruby-saml provides security assertion markup language (SAML) single si ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25292
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-12 21:15 修改: 2026-06-17 09:00
|
| ruby-saml |
CVE-2025-66567 |
严重 |
1.15.0 |
>= 1.18.0 |
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66567
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-12-09 16:18 修改: 2026-06-17 09:57
|
| ruby-saml |
CVE-2025-66568 |
严重 |
1.15.0 |
>= 1.18.0 |
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66568
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-12-09 16:18 修改: 2026-06-17 09:57
|
| stringio |
CVE-2024-27280 |
严重 |
3.0.1 |
>= 3.0.1.1 |
ruby: Buffer overread vulnerability in StringIO
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27280
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-05-14 15:11 修改: 2026-06-17 07:19
|
| zlib |
CVE-2026-27820 |
严重 |
2.1.1 |
~> 3.0.1, ~> 3.1.2, >= 3.2.3 |
zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27820
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-16 18:16 修改: 2026-06-17 10:27
|
| activesupport |
CVE-2026-33176 |
高危 |
7.0.8 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33176
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37
|
| httparty |
CVE-2025-68696 |
高危 |
0.21.0 |
>= 0.24.0 |
httparty: Httparty: Server-Side Request Forgery (SSRF) allows information disclosure and unauthorized internal access.
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68696
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-12-23 23:15 修改: 2026-06-17 09:59
|
| jwt |
CVE-2026-45363 |
高危 |
2.5.0 |
~> 2.10.3, >= 3.2.0 |
ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45363
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| activesupport |
CVE-2026-33176 |
高危 |
7.0.8.1 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33176
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37
|
| net-imap |
CVE-2026-42245 |
高危 |
0.2.3 |
~> 0.4.24, ~> 0.5.14, >= 0.6.4 |
ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42245
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-09 20:16 修改: 2026-06-17 10:47
|
| net-imap |
CVE-2026-42246 |
高危 |
0.2.3 |
~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4 |
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42246
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-09 20:16 修改: 2026-07-10 12:16
|
| addressable |
CVE-2026-35611 |
高危 |
2.8.1 |
>= 2.9.0 |
addressable: Addressable: Denial of Service via crafted URI templates
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35611
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-07 17:16 修改: 2026-06-17 10:40
|
| net-imap |
CVE-2026-42245 |
高危 |
0.3.4 |
~> 0.4.24, ~> 0.5.14, >= 0.6.4 |
ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42245
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-09 20:16 修改: 2026-06-17 10:47
|
| net-imap |
CVE-2026-42246 |
高危 |
0.3.4 |
~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4 |
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42246
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-09 20:16 修改: 2026-07-10 12:16
|
| addressable |
CVE-2026-35611 |
高危 |
2.8.6 |
>= 2.9.0 |
addressable: Addressable: Denial of Service via crafted URI templates
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35611
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-07 17:16 修改: 2026-06-17 10:40
|
| nokogiri |
GHSA-c4rq-3m3g-8wgx |
高危 |
1.16.0 |
>= 1.19.3 |
Nokogiri CSS selector tokenizer has regular expression backtracking
漏洞详情: https://github.com/advisories/GHSA-c4rq-3m3g-8wgx
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-06 18:24 修改: 2026-05-06 18:24
|
| nokogiri |
GHSA-mrxw-mxhj-p664 |
高危 |
1.16.0 |
>= 1.18.4 |
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs
漏洞详情: https://github.com/advisories/GHSA-mrxw-mxhj-p664
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-14 18:51 修改: 2025-03-21 15:43
|
| oauth |
GHSA-prq8-7wvh-44qh |
高危 |
0.5.6 |
>= 1.1.6 |
Cross-origin OAuth token-request redirects can expose signed request metadata
漏洞详情: https://github.com/advisories/GHSA-prq8-7wvh-44qh
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| oauth2 |
GHSA-pp92-crg2-gfv9 |
高危 |
2.0.9 |
>= 2.0.22 |
Protocol-relative redirect Location overrides authority in OAuth2::Client#request, leaking bearer Authorization to attacker host
漏洞详情: https://github.com/advisories/GHSA-pp92-crg2-gfv9
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| oj |
CVE-2026-54592 |
高危 |
3.13.23 |
>= 3.17.3 |
oj: Oj: Denial of Service via deeply nested JSON input
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54592
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27
|
| oj |
CVE-2026-54896 |
高危 |
3.13.23 |
>= 3.17.3 |
oj: Oj: Heap buffer overflow in exception serialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54896
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27
|
| oj |
CVE-2026-54897 |
高危 |
3.13.23 |
>= 3.17.3 |
oj: Oj: Use-After-Free in Oj::Doc Iterators via reentrant close
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54897
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27
|
| oj |
CVE-2026-54900 |
高危 |
3.13.23 |
>= 3.17.3 |
oj: Oj: Heap corruption via crafted JSON object key
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54900
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-07-01 00:16 修改: 2026-07-01 17:16
|
| oj |
CVE-2026-54903 |
高危 |
3.13.23 |
>= 3.17.3 |
oj: Oj: Heap corruption and Denial of Service via integer overflow in JSON parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54903
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27
|
| bcrypt |
CVE-2026-33306 |
高危 |
3.1.18 |
>= 3.1.22 |
github.com/bcrypt-ruby/bcrypt-ruby: bcrypt-ruby (JRuby): Weakened password hashing due to integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33306
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-24 01:17 修改: 2026-06-17 10:37
|
| activestorage |
CVE-2025-24293 |
高危 |
7.0.8 |
~> 7.1.5, >= 7.1.5.2, ~> 7.2.2, >= 7.2.2.2, >= 8.0.2.1 |
activestorage: Code injection in Active Storage when used in conjunction with the image_processing gem
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24293
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-01-30 21:15 修改: 2026-06-30 03:16
|
| concurrent-ruby |
CVE-2026-54904 |
高危 |
1.2.2 |
>= 1.3.7 |
concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Denial of Service due to infinite loop in AtomicReference#update
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54904
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-24 17:17 修改: 2026-06-26 19:26
|
| puma |
CVE-2026-47736 |
高危 |
5.6.5 |
~> 7.2.1, >= 8.0.2 |
Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47736
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| puma |
CVE-2026-47737 |
高危 |
5.6.5 |
~> 7.2.1, >= 8.0.2 |
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47737
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| puma |
CVE-2026-47736 |
高危 |
6.4.0 |
~> 7.2.1, >= 8.0.2 |
Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47736
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| puma |
CVE-2026-47737 |
高危 |
6.4.0 |
~> 7.2.1, >= 8.0.2 |
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47737
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| rack |
CVE-2024-26141 |
高危 |
2.2.8 |
~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1 |
rubygem-rack: Possible DoS Vulnerability with Range Header in Rack
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26141
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-02-29 00:15 修改: 2026-06-17 07:17
|
| rack |
CVE-2024-26146 |
高危 |
2.2.8 |
~> 2.0.9, >= 2.0.9.4, ~> 2.1.4, >= 2.1.4.4, ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1 |
rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26146
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-02-29 00:15 修改: 2026-06-17 07:17
|
| rack |
CVE-2025-27111 |
高危 |
2.2.8 |
~> 2.2.12, ~> 3.0.13, >= 3.1.11 |
rack: rubygem-rack: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27111
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-04 16:15 修改: 2026-06-17 09:03
|
| rack |
CVE-2025-27610 |
高危 |
2.2.8 |
~> 2.2.13, ~> 3.0.14, >= 3.1.12 |
rack: rubygem-rack: Local File Inclusion in Rack::Static
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27610
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-10 23:15 修改: 2026-06-17 09:03
|
| rack |
CVE-2025-46727 |
高危 |
2.2.8 |
~> 2.2.14, ~> 3.0.16, >= 3.1.14 |
rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46727
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-05-07 23:15 修改: 2026-06-17 09:26
|
| rack |
CVE-2025-59830 |
高危 |
2.2.8 |
>= 2.2.18 |
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59830
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-09-25 15:16 修改: 2026-06-17 09:46
|
| rack |
CVE-2025-61770 |
高危 |
2.2.8 |
~> 2.2.19, ~> 3.1.17, >= 3.2.2 |
rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61770
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50
|
| rack |
CVE-2025-61771 |
高危 |
2.2.8 |
~> 2.2.19, ~> 3.1.17, >= 3.2.2 |
rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61771
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50
|
| rack |
CVE-2025-61772 |
高危 |
2.2.8 |
~> 2.2.19, ~> 3.1.17, >= 3.2.2 |
rack: Rack memory exhaustion denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61772
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50
|
| rack |
CVE-2025-61919 |
高危 |
2.2.8 |
~> 2.2.20, ~> 3.1.18, >= 3.2.3 |
rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61919
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-10-10 20:15 修改: 2026-06-17 09:51
|
| rack |
CVE-2026-22860 |
高危 |
2.2.8 |
~> 2.2.22, ~> 3.1.20, >= 3.2.5 |
rubygem-rack: Rack Directory Traversal via Rack:Directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22860
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-02-18 19:21 修改: 2026-06-30 03:17
|
| rack |
CVE-2026-34785 |
高危 |
2.2.8 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
github.com/rack/rack: Rack: Information disclosure via incorrect static file serving prefix check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34785
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-30 03:18
|
| rack |
CVE-2026-34829 |
高危 |
2.2.8 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Denial of Service via unbounded multipart file upload
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34829
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-30 03:18
|
| rack |
CVE-2025-27111 |
高危 |
2.2.9 |
~> 2.2.12, ~> 3.0.13, >= 3.1.11 |
rack: rubygem-rack: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27111
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-04 16:15 修改: 2026-06-17 09:03
|
| rack |
CVE-2025-27610 |
高危 |
2.2.9 |
~> 2.2.13, ~> 3.0.14, >= 3.1.12 |
rack: rubygem-rack: Local File Inclusion in Rack::Static
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27610
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-10 23:15 修改: 2026-06-17 09:03
|
| rack |
CVE-2025-46727 |
高危 |
2.2.9 |
~> 2.2.14, ~> 3.0.16, >= 3.1.14 |
rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46727
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-05-07 23:15 修改: 2026-06-17 09:26
|
| rack |
CVE-2025-59830 |
高危 |
2.2.9 |
>= 2.2.18 |
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59830
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-09-25 15:16 修改: 2026-06-17 09:46
|
| rack |
CVE-2025-61770 |
高危 |
2.2.9 |
~> 2.2.19, ~> 3.1.17, >= 3.2.2 |
rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61770
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50
|
| rack |
CVE-2025-61771 |
高危 |
2.2.9 |
~> 2.2.19, ~> 3.1.17, >= 3.2.2 |
rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61771
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50
|
| rack |
CVE-2025-61772 |
高危 |
2.2.9 |
~> 2.2.19, ~> 3.1.17, >= 3.2.2 |
rack: Rack memory exhaustion denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61772
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50
|
| rack |
CVE-2025-61919 |
高危 |
2.2.9 |
~> 2.2.20, ~> 3.1.18, >= 3.2.3 |
rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61919
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-10-10 20:15 修改: 2026-06-17 09:51
|
| rack |
CVE-2026-22860 |
高危 |
2.2.9 |
~> 2.2.22, ~> 3.1.20, >= 3.2.5 |
rubygem-rack: Rack Directory Traversal via Rack:Directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22860
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-02-18 19:21 修改: 2026-06-30 03:17
|
| rack |
CVE-2026-34785 |
高危 |
2.2.9 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
github.com/rack/rack: Rack: Information disclosure via incorrect static file serving prefix check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34785
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-30 03:18
|
| rack |
CVE-2026-34829 |
高危 |
2.2.9 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Denial of Service via unbounded multipart file upload
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34829
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-30 03:18
|
| resolv |
CVE-2025-24294 |
高危 |
0.2.1 |
~> 0.2.2, ~> 0.3.0, >= 0.6.1 |
resolv: Denial of Service in resolv gem
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24294
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-07-12 04:15 修改: 2026-06-17 08:58
|
| rexml |
CVE-2024-49761 |
高危 |
3.2.5 |
>= 3.3.9 |
rexml: REXML ReDoS vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-10-28 15:15 修改: 2026-06-17 08:00
|
| rexml |
CVE-2024-49761 |
高危 |
3.2.6 |
>= 3.3.9 |
rexml: REXML ReDoS vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-10-28 15:15 修改: 2026-06-17 08:00
|
| activestorage |
CVE-2026-33174 |
高危 |
7.0.8 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
Rails: Active Storage: Rails Active Storage: Denial of Service via unbounded Range header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33174
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37
|
| concurrent-ruby |
CVE-2026-54904 |
高危 |
1.2.3 |
>= 1.3.7 |
concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Denial of Service due to infinite loop in AtomicReference#update
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54904
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-24 17:17 修改: 2026-06-26 19:26
|
| erb |
CVE-2026-41316 |
高危 |
2.2.3 |
~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4 |
erb: ERB: Arbitrary code execution via deserialization bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41316
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-24 03:16 修改: 2026-07-10 12:16
|
| faraday |
CVE-2026-54297 |
高危 |
1.10.0 |
~> 1.10.6, >= 2.14.3 |
faraday: Faraday: Denial of Service via crafted nested query strings
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54297
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-24 17:17 修改: 2026-06-30 03:21
|
| faraday |
CVE-2026-54297 |
高危 |
1.8.0 |
~> 1.10.6, >= 2.14.3 |
faraday: Faraday: Denial of Service via crafted nested query strings
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54297
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-24 17:17 修改: 2026-06-30 03:21
|
| ruby-saml |
CVE-2025-25293 |
高危 |
1.15.0 |
~> 1.12.4, >= 1.18.0 |
ruby-saml provides security assertion markup language (SAML) single si ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25293
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-12 21:15 修改: 2026-06-17 09:00
|
| sinatra |
CVE-2025-61921 |
高危 |
2.2.4 |
>= 4.2.0 |
sinatra: Sinatra has ReDoS vulnerability in ETag header value generation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61921
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-10-10 20:15 修改: 2026-06-17 09:51
|
| faraday |
CVE-2026-54297 |
高危 |
2.8.1 |
~> 1.10.6, >= 2.14.3 |
faraday: Faraday: Denial of Service via crafted nested query strings
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54297
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-24 17:17 修改: 2026-06-30 03:21
|
| uri |
CVE-2025-61594 |
高危 |
0.12.1 |
~> 0.12.5, ~> 0.13.3, >= 1.0.4 |
uri: URI module: Credential exposure via URI + operator
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61594
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-12-30 21:15 修改: 2026-06-17 09:50
|
| uri |
CVE-2025-61594 |
高危 |
0.13.0 |
~> 0.12.5, ~> 0.13.3, >= 1.0.4 |
uri: URI module: Credential exposure via URI + operator
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61594
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-12-30 21:15 修改: 2026-06-17 09:50
|
| webrick |
CVE-2024-47220 |
高危 |
1.8.1 |
1.8.2 |
WEBrick: HTTP request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47220
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-09-22 01:15 修改: 2026-06-17 07:56
|
| google-protobuf |
CVE-2024-7254 |
高危 |
3.25.2 |
~> 3.25.5, ~> 4.27.5, >= 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| oj |
CVE-2026-54500 |
中危 |
3.13.23 |
>= 3.17.3 |
oj: Oj: Information disclosure via uninitialized stack memory read
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54500
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27
|
| oj |
CVE-2026-54502 |
中危 |
3.13.23 |
>= 3.17.3 |
Oj: Stack Buffer Overflow in Oj.dump via Large Indent
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54502
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-07-01 00:16 修改: 2026-07-01 17:16
|
| oj |
CVE-2026-54898 |
中危 |
3.13.23 |
>= 3.17.3 |
oj: Oj: Denial of Service via input string mutation during JSON parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54898
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27
|
| oj |
CVE-2026-54899 |
中危 |
3.13.23 |
>= 3.17.3 |
oj: Oj: Use-After-Free in parser symbol key cache toggle
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54899
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27
|
| oj |
CVE-2026-54901 |
中危 |
3.13.23 |
>= 3.17.3 |
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54901
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27
|
| oj |
CVE-2026-54902 |
中危 |
3.13.23 |
>= 3.17.3 |
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54902
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27
|
| devise-two-factor |
CVE-2024-8796 |
中危 |
4.1.1 |
>= 6.0.0 |
Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8796
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-09-17 18:15 修改: 2026-06-17 08:23
|
| activesupport |
CVE-2026-33169 |
中危 |
7.0.8 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
rails: rails-activesupport: Active Support: Denial of Service via crafted long digit strings
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33169
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37
|
| excon |
CVE-2026-54171 |
中危 |
0.99.0 |
>= 1.5.0 |
redact additional sensitive/risky headers when following redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54171
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| activesupport |
CVE-2026-33170 |
中危 |
7.0.8 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
Rails: Active Support: Active Support: Cross-Site Scripting (XSS) due to improper HTML safety flag propagation in SafeBuffer#%
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33170
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37
|
| faraday |
CVE-2026-25765 |
中危 |
1.10.0 |
~> 1.10.5, >= 2.14.1 |
Faraday: Faraday: Server-Side Request Forgery via protocol-relative URLs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25765
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-02-09 21:15 修改: 2026-06-17 10:25
|
| puma |
CVE-2023-40175 |
中危 |
5.6.5 |
~> 5.6.7, >= 6.3.1 |
rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40175
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2023-08-18 22:15 修改: 2026-06-17 06:16
|
| puma |
CVE-2024-21647 |
中危 |
5.6.5 |
~> 5.6.8, >= 6.4.2 |
rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21647
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-01-08 14:15 修改: 2026-06-17 07:09
|
| puma |
CVE-2024-45614 |
中危 |
5.6.5 |
~> 5.6.9, >= 6.4.3 |
rubygem-puma: Header normalization allows for client to clobber proxy set headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45614
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-09-19 23:15 修改: 2026-06-17 07:54
|
| actionpack |
CVE-2024-26143 |
中危 |
7.0.8 |
~> 7.0.8, >= 7.0.8.1, >= 7.1.3.1 |
rubygem-actionpack: Possible XSS on translation helpers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26143
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-02-27 16:15 修改: 2026-06-17 07:17
|
| faraday |
CVE-2026-25765 |
中危 |
1.8.0 |
~> 1.10.5, >= 2.14.1 |
Faraday: Faraday: Server-Side Request Forgery via protocol-relative URLs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25765
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-02-09 21:15 修改: 2026-06-17 10:25
|
| puma |
CVE-2024-21647 |
中危 |
6.4.0 |
~> 5.6.8, >= 6.4.2 |
rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21647
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-01-08 14:15 修改: 2026-06-17 07:09
|
| puma |
CVE-2024-45614 |
中危 |
6.4.0 |
~> 5.6.9, >= 6.4.3 |
rubygem-puma: Header normalization allows for client to clobber proxy set headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45614
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-09-19 23:15 修改: 2026-06-17 07:54
|
| activesupport |
CVE-2026-33169 |
中危 |
7.0.8.1 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
rails: rails-activesupport: Active Support: Denial of Service via crafted long digit strings
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33169
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37
|
| faraday |
CVE-2026-25765 |
中危 |
2.8.1 |
~> 1.10.5, >= 2.14.1 |
Faraday: Faraday: Server-Side Request Forgery via protocol-relative URLs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25765
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-02-09 21:15 修改: 2026-06-17 10:25
|
| faraday |
CVE-2026-33637 |
中危 |
2.8.1 |
>= 2.14.2 |
faraday: rubygem-faraday: Faraday: Off-host request forgery due to protocol-relative host override
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33637
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-19 19:16 修改: 2026-06-17 10:37
|
| fugit |
CVE-2024-43380 |
中危 |
1.8.1 |
>= 1.11.1 |
fugit: Improper input validation in "natural" parser may lead to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43380
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-08-19 15:15 修改: 2026-06-17 07:50
|
| activesupport |
CVE-2026-33170 |
中危 |
7.0.8.1 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
Rails: Active Support: Active Support: Cross-Site Scripting (XSS) due to improper HTML safety flag propagation in SafeBuffer#%
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33170
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37
|
| actionpack |
CVE-2024-28103 |
中危 |
7.0.8 |
~> 6.1.7, >= 6.1.7.8, ~> 7.0.8, >= 7.0.8.4, ~> 7.1.3, >= 7.1.3.4, >= 7.2.0.beta2 |
rubygem-actionpack: Missing security headers in Action Pack on non-HTML responses
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28103
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-06-04 20:15 修改: 2026-06-17 07:20
|
| actiontext |
CVE-2024-34341 |
中危 |
7.0.8 |
~> 7.0.8, >= 7.0.8.3, >= 7.1.3.3 |
Arbitrary Code Execution Vulnerability in Trix Editor included in ActionText
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34341
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-05-07 16:15 修改: 2026-06-17 07:33
|
| icalendar |
CVE-2026-33635 |
中危 |
2.8.0 |
>= 2.12.2 |
iCalendar is a Ruby library for dealing with iCalendar files in the iC ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33635
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:37
|
| json-jwt |
CVE-2023-51774 |
中危 |
1.15.3 |
~> 1.15.3, >= 1.15.3.1, >= 1.16.6 |
json-jwt: bypass of identity checks via a sign/encryption confusion attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51774
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-02-29 01:42 修改: 2026-06-17 06:41
|
| aws-sdk-s3 |
CVE-2025-14762 |
中危 |
1.143.0 |
>= 1.208.0 |
aws-sdk-ruby: AWS SDK for Ruby: Data integrity compromise via missing cryptographic key commitment
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14762
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-12-17 21:15 修改: 2026-06-17 08:36
|
| aws-sdk-s3 |
CVE-2025-14762 |
中危 |
1.146.0 |
>= 1.208.0 |
aws-sdk-ruby: AWS SDK for Ruby: Data integrity compromise via missing cryptographic key commitment
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14762
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-12-17 21:15 修改: 2026-06-17 08:36
|
| actionview |
CVE-2026-33168 |
中危 |
7.0.8 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
actionview: Action View: Cross-Site Scripting (XSS) via blank HTML attribute names
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33168
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-23 23:17 修改: 2026-06-17 10:37
|
| carrierwave |
CVE-2023-49090 |
中危 |
1.3.4 |
~> 2.2.5, >= 3.0.5 |
CarrierWave is a solution for file uploads for Rails, Sinatra and othe ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49090
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2023-11-29 15:15 修改: 2026-06-17 06:35
|
| rack |
CVE-2024-25126 |
中危 |
2.2.8 |
~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1 |
rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25126
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-02-29 00:15 修改: 2026-06-17 07:15
|
| rack |
CVE-2025-25184 |
中危 |
2.2.8 |
~> 2.2.11, ~> 3.0.12, >= 3.1.10 |
rubygem-rack: Possible Log Injection in Rack::CommonLogger
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25184
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-02-12 17:15 修改: 2026-06-17 09:00
|
| rack |
CVE-2025-32441 |
中危 |
2.2.8 |
>= 2.2.14 |
rack: Rack Session Reuse Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32441
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-05-07 23:15 修改: 2026-06-17 09:11
|
| rack |
CVE-2025-61780 |
中危 |
2.2.8 |
~> 2.2.20, ~> 3.1.18, >= 3.2.3 |
rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61780
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-10-10 17:15 修改: 2026-06-17 09:50
|
| rack |
CVE-2026-25500 |
中危 |
2.2.8 |
~> 2.2.22, ~> 3.1.20, >= 3.2.5 |
rubygem-rack: Rack stored XSS in Rack::Directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25500
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-02-18 20:18 修改: 2026-06-17 10:24
|
| rack |
CVE-2026-34230 |
中危 |
2.2.8 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Denial of Service via crafted Accept-Encoding header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34230
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:38
|
| rack |
CVE-2026-34763 |
中危 |
2.2.8 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Information disclosure via regular expression metacharacters in root path
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34763
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39
|
| rack |
CVE-2026-34786 |
中危 |
2.2.8 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Security header bypass via URL-encoded static path requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34786
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39
|
| rack |
CVE-2026-34826 |
中危 |
2.2.8 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Denial of Service via malicious HTTP Range header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34826
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39
|
| rack |
CVE-2026-34830 |
中危 |
2.2.8 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Information disclosure via regular expression injection in X-Accel-Mapping header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34830
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39
|
| rack |
CVE-2026-34831 |
中危 |
2.2.8 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: HTTP response desynchronization via incorrect Content-Length calculation with UTF-8 characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34831
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39
|
| net-imap |
CVE-2025-43857 |
中危 |
0.2.3 |
~> 0.2.5, ~> 0.3.9, ~> 0.4.20, >= 0.5.7 |
net-imap: net-imap rubygem vulnerable to possible DoS by memory exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-43857
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-04-28 16:15 修改: 2026-06-17 09:24
|
| net-imap |
CVE-2026-42258 |
中危 |
0.2.3 |
~> 0.4.24, ~> 0.5.14, >= 0.6.4 |
ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42258
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-09 20:16 修改: 2026-07-10 12:16
|
| net-imap |
CVE-2026-47240 |
中危 |
0.2.3 |
~> 0.5.15, >= 0.6.4.1 |
net-imap: Net::IMAP: Command injection via non-synchronizing literals
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47240
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-22 21:16 修改: 2026-06-23 16:16
|
| net-imap |
CVE-2026-47242 |
中危 |
0.2.3 |
~> 0.5.15, >= 0.6.4.1 |
Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47242
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-22 21:16 修改: 2026-06-23 15:03
|
| carrierwave |
CVE-2024-29034 |
中危 |
1.3.4 |
~> 2.2.6, >= 3.0.7 |
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29034
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-03-24 20:15 修改: 2026-06-17 07:22
|
| carrierwave |
CVE-2026-44587 |
中危 |
1.3.4 |
~> 2.2.7, >= 3.1.3 |
CarrierWave is a framework to upload files from Ruby applications. In ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44587
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-17 13:20 修改: 2026-06-18 15:24
|
| cgi |
CVE-2025-27219 |
中危 |
0.3.6 |
~> 0.3.5.1, ~> 0.3.7, >= 0.4.2 |
CGI: Denial of Service in CGI::Cookie.parse
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27219
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-04 00:15 修改: 2026-06-17 09:03
|
| net-imap |
CVE-2025-25186 |
中危 |
0.3.4 |
~> 0.3.8, ~> 0.4.19, >= 0.5.6 |
net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25186
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-02-10 16:15 修改: 2026-06-17 09:00
|
| net-imap |
CVE-2025-43857 |
中危 |
0.3.4 |
~> 0.2.5, ~> 0.3.9, ~> 0.4.20, >= 0.5.7 |
net-imap: net-imap rubygem vulnerable to possible DoS by memory exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-43857
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-04-28 16:15 修改: 2026-06-17 09:24
|
| net-imap |
CVE-2026-42258 |
中危 |
0.3.4 |
~> 0.4.24, ~> 0.5.14, >= 0.6.4 |
ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42258
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-09 20:16 修改: 2026-07-10 12:16
|
| net-imap |
CVE-2026-47240 |
中危 |
0.3.4 |
~> 0.5.15, >= 0.6.4.1 |
net-imap: Net::IMAP: Command injection via non-synchronizing literals
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47240
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-22 21:16 修改: 2026-06-23 16:16
|
| rack |
CVE-2025-25184 |
中危 |
2.2.9 |
~> 2.2.11, ~> 3.0.12, >= 3.1.10 |
rubygem-rack: Possible Log Injection in Rack::CommonLogger
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25184
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-02-12 17:15 修改: 2026-06-17 09:00
|
| rack |
CVE-2025-32441 |
中危 |
2.2.9 |
>= 2.2.14 |
rack: Rack Session Reuse Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32441
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-05-07 23:15 修改: 2026-06-17 09:11
|
| rack |
CVE-2025-61780 |
中危 |
2.2.9 |
~> 2.2.20, ~> 3.1.18, >= 3.2.3 |
rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61780
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-10-10 17:15 修改: 2026-06-17 09:50
|
| rack |
CVE-2026-25500 |
中危 |
2.2.9 |
~> 2.2.22, ~> 3.1.20, >= 3.2.5 |
rubygem-rack: Rack stored XSS in Rack::Directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25500
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-02-18 20:18 修改: 2026-06-17 10:24
|
| rack |
CVE-2026-34230 |
中危 |
2.2.9 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Denial of Service via crafted Accept-Encoding header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34230
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:38
|
| rack |
CVE-2026-34763 |
中危 |
2.2.9 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Information disclosure via regular expression metacharacters in root path
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34763
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39
|
| rack |
CVE-2026-34786 |
中危 |
2.2.9 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Security header bypass via URL-encoded static path requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34786
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39
|
| rack |
CVE-2026-34826 |
中危 |
2.2.9 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Denial of Service via malicious HTTP Range header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34826
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39
|
| rack |
CVE-2026-34830 |
中危 |
2.2.9 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: Information disclosure via regular expression injection in X-Accel-Mapping header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34830
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39
|
| rack |
CVE-2026-34831 |
中危 |
2.2.9 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
rack: Rack: HTTP response desynchronization via incorrect Content-Length calculation with UTF-8 characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34831
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39
|
| rack-cors |
CVE-2024-27456 |
中危 |
2.0.1 |
>= 2.0.2 |
rack-cors: Insecure File Permissions in rack-cors
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27456
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-02-26 16:28 修改: 2026-06-17 07:19
|
| rails |
CVE-2024-26143 |
中危 |
7.0.8 |
7.0.8.1, 7.1.3.1 |
rubygem-actionpack: Possible XSS on translation helpers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26143
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-02-27 16:15 修改: 2026-06-17 07:17
|
| rails-html-sanitizer |
CVE-2024-53985 |
中危 |
1.6.0 |
>= 1.6.1 |
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53985
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-12-02 22:15 修改: 2026-06-17 08:09
|
| rails-html-sanitizer |
CVE-2024-53986 |
中危 |
1.6.0 |
>= 1.6.1 |
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53986
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-12-02 22:15 修改: 2026-06-17 08:09
|
| rails-html-sanitizer |
CVE-2024-53987 |
中危 |
1.6.0 |
>= 1.6.1 |
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53987
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-12-02 22:15 修改: 2026-06-17 08:09
|
| rails-html-sanitizer |
CVE-2024-53988 |
中危 |
1.6.0 |
>= 1.6.1 |
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53988
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-12-02 22:15 修改: 2026-06-17 08:09
|
| rails-html-sanitizer |
CVE-2024-53989 |
中危 |
1.6.0 |
>= 1.6.1 |
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53989
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-12-02 21:15 修改: 2026-06-17 08:09
|
| rdoc |
CVE-2024-27281 |
中危 |
6.4.0 |
~> 6.3.4, >= 6.3.4.1, ~> 6.4.1, >= 6.4.1.1, >= 6.5.1.1 |
ruby: RCE vulnerability with .rdoc_options in RDoc
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27281
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-05-14 15:11 修改: 2026-06-17 07:19
|
| net-imap |
CVE-2026-47242 |
中危 |
0.3.4 |
~> 0.5.15, >= 0.6.4.1 |
Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47242
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-22 21:16 修改: 2026-06-23 15:03
|
| cgi |
CVE-2025-27220 |
中危 |
0.3.6 |
~> 0.3.5.1, ~> 0.3.7, >= 0.4.2 |
CGI: ReDoS in CGI::Util#escapeElement
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27220
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-04 00:15 修改: 2026-06-17 09:03
|
| rexml |
CVE-2024-35176 |
中危 |
3.2.5 |
>= 3.2.7 |
REXML: DoS parsing an XML with many `<`s in an attribute value
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-05-16 16:15 修改: 2026-06-17 07:34
|
| rexml |
CVE-2024-39908 |
中危 |
3.2.5 |
>= 3.3.2 |
rexml: DoS vulnerability in REXML
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-07-16 18:15 修改: 2026-06-17 07:43
|
| rexml |
CVE-2024-41123 |
中危 |
3.2.5 |
>= 3.3.3 |
rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-08-01 15:15 修改: 2026-06-17 07:47
|
| rexml |
CVE-2024-41946 |
中危 |
3.2.5 |
>= 3.3.3 |
rexml: DoS vulnerability in REXML
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-08-01 15:15 修改: 2026-06-17 07:48
|
| rexml |
CVE-2024-43398 |
中危 |
3.2.5 |
>= 3.3.6 |
rexml: DoS vulnerability in REXML
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-08-22 15:15 修改: 2026-06-17 07:50
|
| activestorage |
CVE-2024-26144 |
中危 |
7.0.8 |
~> 6.1.7, >= 6.1.7.7, >= 7.0.8.1 |
rubygem-activestorage: Possible Sensitive Session Information Leak in Active Storage
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26144
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-02-27 16:15 修改: 2026-06-17 07:17
|
| rexml |
CVE-2024-35176 |
中危 |
3.2.6 |
>= 3.2.7 |
REXML: DoS parsing an XML with many `<`s in an attribute value
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-05-16 16:15 修改: 2026-06-17 07:34
|
| rexml |
CVE-2024-39908 |
中危 |
3.2.6 |
>= 3.3.2 |
rexml: DoS vulnerability in REXML
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-07-16 18:15 修改: 2026-06-17 07:43
|
| rexml |
CVE-2024-41123 |
中危 |
3.2.6 |
>= 3.3.3 |
rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-08-01 15:15 修改: 2026-06-17 07:47
|
| rexml |
CVE-2024-41946 |
中危 |
3.2.6 |
>= 3.3.3 |
rexml: DoS vulnerability in REXML
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-08-01 15:15 修改: 2026-06-17 07:48
|
| rexml |
CVE-2024-43398 |
中危 |
3.2.6 |
>= 3.3.6 |
rexml: DoS vulnerability in REXML
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-08-22 15:15 修改: 2026-06-17 07:50
|
| activestorage |
CVE-2026-33173 |
中危 |
7.0.8 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
Rails: Active Storage: Rails Active Storage: Content type bypass via arbitrary metadata in direct uploads
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33173
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37
|
| nokogiri |
GHSA-5prr-v3j2-97mh |
中危 |
1.16.0 |
>= 1.19.4 |
Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`
漏洞详情: https://github.com/advisories/GHSA-5prr-v3j2-97mh
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-19 16:36 修改: 2026-06-19 16:36
|
| nokogiri |
GHSA-v2fc-qm4h-8hqv |
中危 |
1.16.0 |
>= 1.19.3 |
Nokogiri XSLT transform has a memory leak
漏洞详情: https://github.com/advisories/GHSA-v2fc-qm4h-8hqv
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-06 18:27 修改: 2026-05-06 18:27
|
| nokogiri |
GHSA-wx95-c6cv-8532 |
中危 |
1.16.0 |
>= 1.19.1 |
Nokogiri does not check the return value from xmlC14NExecute
漏洞详情: https://github.com/advisories/GHSA-wx95-c6cv-8532
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-02-18 21:57 修改: 2026-02-18 21:57
|
| nokogiri |
GHSA-xc9x-jj77-9p9j |
中危 |
1.16.0 |
~> 1.15.6, >= 1.16.2 |
Use-after-free in libxml2 via Nokogiri::XML::Reader
漏洞详情: https://github.com/advisories/GHSA-xc9x-jj77-9p9j
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-02-05 20:22 修改: 2025-05-23 19:16
|
| concurrent-ruby |
CVE-2026-54905 |
中危 |
1.2.2 |
>= 1.3.7 |
concurrent-ruby: Concurrent-ruby: Incorrect write lock granting leading to broken mutual exclusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54905
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-24 17:17 修改: 2026-06-26 20:01
|
| ruby-saml |
CVE-2025-54572 |
中危 |
1.15.0 |
>= 1.18.1 |
The Ruby SAML library is for implementing the client side of a SAML au ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54572
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-07-30 14:15 修改: 2026-06-17 09:40
|
| sidekiq |
CVE-2023-26141 |
中危 |
6.4.0 |
~> 6.5.10, >= 7.1.3 |
sidekiq: DoS in dashboard-charts
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26141
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2023-09-14 05:15 修改: 2026-06-17 05:42
|
| sidekiq-cron |
CVE-2025-67202 |
中危 |
1.12.0 |
>= 2.4.0 |
sidekiq-cron: Sidekiq-cron: Cross-site scripting vulnerability via crafted URL
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67202
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-07 15:16 修改: 2026-06-17 09:57
|
| activestorage |
CVE-2026-33658 |
中危 |
7.0.8 |
~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 |
rails: activestorage: Active Storage: Denial of Service via HTTP Range header processing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33658
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37
|
| sinatra |
CVE-2024-21510 |
中危 |
2.2.4 |
>= 4.1.0 |
sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21510
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-11-01 05:15 修改: 2026-06-17 07:09
|
| activerecord |
CVE-2025-55193 |
中危 |
7.0.8 |
~> 7.1.5, >= 7.1.5.2, ~> 7.2.2, >= 7.2.2.2, >= 8.0.2.1 |
activerecord: Active Record ANSI Injection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55193
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-08-13 23:15 修改: 2026-06-17 09:41
|
| concurrent-ruby |
CVE-2026-54905 |
中危 |
1.2.3 |
>= 1.3.7 |
concurrent-ruby: Concurrent-ruby: Incorrect write lock granting leading to broken mutual exclusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54905
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-24 17:17 修改: 2026-06-26 20:01
|
| uri |
CVE-2023-36617 |
中危 |
0.12.1 |
~> 0.10.0.3, ~> 0.10.3, ~> 0.11.2, >= 0.12.2 |
rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36617
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2023-06-29 13:15 修改: 2026-06-17 06:06
|
| uri |
CVE-2025-27221 |
中危 |
0.12.1 |
~> 0.11.3, ~> 0.12.4, ~> 0.13.2, >= 1.0.3 |
uri: userinfo leakage in URI#join, URI#merge and URI#+
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27221
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-04 00:15 修改: 2026-06-17 09:03
|
| css_parser |
CVE-2026-44312 |
中危 |
1.14.0 |
~> 1.22.0, >= 2.1.0 |
css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Pa ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44312
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-14 17:16 修改: 2026-06-17 10:50
|
| uri |
CVE-2025-27221 |
中危 |
0.13.0 |
~> 0.11.3, ~> 0.12.4, ~> 0.13.2, >= 1.0.3 |
uri: userinfo leakage in URI#join, URI#merge and URI#+
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27221
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-03-04 00:15 修改: 2026-06-17 09:03
|
| view_component |
CVE-2024-21636 |
中危 |
3.8.0 |
~> 2.83.0, >= 3.9.0 |
view_component Cross-site Scripting vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21636
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-01-04 20:15 修改: 2026-06-17 07:09
|
| view_component |
CVE-2026-44836 |
中危 |
3.8.0 |
>= 4.9.0, >= 3.25.0, < 4.0.0 |
view_component is a framework for building reusable, testable, and enc ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44836
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-26 21:16 修改: 2026-06-17 10:51
|
| view_component |
CVE-2026-44837 |
中危 |
3.8.0 |
>= 4.9.0, >= 3.25.0, < 4.0.0 |
view_component is a framework for building reusable, testable, and enc ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44837
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-26 21:16 修改: 2026-06-17 10:51
|
| devise |
CVE-2026-32700 |
中危 |
4.9.3 |
>= 5.0.3 |
devise: Devise: Unauthorized email confirmation due to a race condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32700
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-03-18 21:16 修改: 2026-06-17 10:36
|
| webrick |
CVE-2025-6442 |
中危 |
1.8.1 |
>= 1.8.2 |
webrick: Ruby WEBrick Request Smuggling Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6442
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-06-25 17:15 修改: 2026-06-17 10:01
|
| devise |
CVE-2026-40295 |
中危 |
4.9.3 |
>= 5.0.4 |
Devise is an authentication solution for Rails based on Warden. In ver ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40295
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:44
|
| nokogiri |
GHSA-5v8h-3h3q-446p |
低危 |
1.16.0 |
>= 1.19.4 |
Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception
漏洞详情: https://github.com/advisories/GHSA-5v8h-3h3q-446p
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-19 16:35 修改: 2026-06-19 16:35
|
| nokogiri |
GHSA-5w6v-399v-w3cc |
低危 |
1.16.0 |
>= 1.18.8 |
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
漏洞详情: https://github.com/advisories/GHSA-5w6v-399v-w3cc
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-04-21 21:55 修改: 2025-04-21 21:55
|
| nokogiri |
GHSA-8678-w3jw-xfc2 |
低危 |
1.16.0 |
>= 1.19.4 |
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
漏洞详情: https://github.com/advisories/GHSA-8678-w3jw-xfc2
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-19 16:36 修改: 2026-06-19 16:36
|
| nokogiri |
GHSA-9cv2-cfxc-v4v2 |
低危 |
1.16.0 |
>= 1.19.4 |
Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes
漏洞详情: https://github.com/advisories/GHSA-9cv2-cfxc-v4v2
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-19 16:36 修改: 2026-06-19 16:36
|
| nokogiri |
GHSA-p67v-3w7g-wjg7 |
低危 |
1.16.0 |
>= 1.19.4 |
Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime
漏洞详情: https://github.com/advisories/GHSA-p67v-3w7g-wjg7
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-19 16:37 修改: 2026-06-19 16:37
|
| nokogiri |
GHSA-phwj-rprq-35pp |
低危 |
1.16.0 |
>= 1.19.4 |
Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`
漏洞详情: https://github.com/advisories/GHSA-phwj-rprq-35pp
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-19 16:37 修改: 2026-06-19 16:37
|
| nokogiri |
GHSA-r95h-9x8f-r3f7 |
低危 |
1.16.0 |
>= 1.16.5 |
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
漏洞详情: https://github.com/advisories/GHSA-r95h-9x8f-r3f7
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-05-13 16:05 修改: 2024-05-15 19:27
|
| nokogiri |
GHSA-vvfq-8hwr-qm4m |
低危 |
1.16.0 |
>= 1.18.3 |
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
漏洞详情: https://github.com/advisories/GHSA-vvfq-8hwr-qm4m
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-02-18 22:36 修改: 2025-03-10 22:36
|
| thor |
CVE-2025-54314 |
低危 |
1.2.2 |
>= 1.4.0 |
thor: Thor Command Injection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54314
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-07-20 03:15 修改: 2026-06-17 09:39
|
| thor |
CVE-2025-54314 |
低危 |
1.3.0 |
>= 1.4.0 |
thor: Thor Command Injection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54314
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2025-07-20 03:15 修改: 2026-06-17 09:39
|
| rack |
CVE-2026-26961 |
低危 |
2.2.8 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
github.com/rack/rack: Rack: Content smuggling via multipart boundary parsing mismatch
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26961
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:26
|
| nokogiri |
GHSA-wfpw-mmfh-qq69 |
低危 |
1.16.0 |
>= 1.19.4 |
Nokogiri: Possible Use-After-Free in XInclude Processing
漏洞详情: https://github.com/advisories/GHSA-wfpw-mmfh-qq69
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-19 16:37 修改: 2026-06-19 16:37
|
| nokogiri |
GHSA-wjv4-x9w8-wm3h |
低危 |
1.16.0 |
>= 1.19.4 |
Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type
漏洞详情: https://github.com/advisories/GHSA-wjv4-x9w8-wm3h
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-19 16:36 修改: 2026-06-19 16:36
|
| actionpack |
CVE-2024-41128 |
低危 |
7.0.8 |
~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1 |
rubygem-actionpack: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41128
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-10-16 18:15 修改: 2026-06-17 07:47
|
| rack |
CVE-2026-26961 |
低危 |
2.2.9 |
~> 2.2.23, ~> 3.1.21, >= 3.2.6 |
github.com/rack/rack: Rack: Content smuggling via multipart boundary parsing mismatch
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26961
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:26
|
| actionpack |
CVE-2024-47887 |
低危 |
7.0.8 |
~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1 |
rubygem-actionpack: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47887
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-10-16 20:15 修改: 2026-06-17 07:57
|
| actionpack |
CVE-2024-54133 |
低危 |
7.0.8 |
~> 7.0.8, >= 7.0.8.7, ~> 7.1.5, >= 7.1.5.1, ~> 7.2.2, >= 7.2.2.1, >= 8.0.0.1 |
actionpack: Possible Content Security Policy bypass in Action Dispatch
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-54133
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-12-10 23:15 修改: 2026-06-17 08:09
|
| net-imap |
CVE-2026-47241 |
低危 |
0.2.3 |
~> 0.5.15, >= 0.6.4.1 |
net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47241
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-22 21:16 修改: 2026-06-23 15:16
|
| actionmailer |
CVE-2024-47889 |
低危 |
7.0.8 |
~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1 |
rubygem-actionmailer: Possible ReDoS vulnerability in block_format in Action Mailer
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47889
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-10-16 21:15 修改: 2026-06-17 07:57
|
| actiontext |
CVE-2024-47888 |
低危 |
7.0.8 |
~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1 |
rubygem-actiontext: Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47888
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2024-10-16 21:15 修改: 2026-06-17 07:57
|
| net-imap |
CVE-2026-47241 |
低危 |
0.3.4 |
~> 0.5.15, >= 0.6.4.1 |
net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47241
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 2026-06-22 21:16 修改: 2026-06-23 15:16
|
| crass |
GHSA-wwpr-jff3-395c |
未知 |
1.0.6 |
>= 1.0.7 |
A large number of adjacent CSS comments can trigger a SystemStackError
漏洞详情: https://github.com/advisories/GHSA-wwpr-jff3-395c
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| nokogiri |
GHSA-g9g8-vgvw-g3vf |
未知 |
1.16.0 |
>= 1.19.4 |
Possible invalid memory read when calling `Nokogiri::XML::Node#initialize_copy_with_args` with incorrect argument type
漏洞详情: https://github.com/advisories/GHSA-g9g8-vgvw-g3vf
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| msgpack |
CVE-2026-54522 |
未知 |
1.5.4 |
>= 1.8.2 |
DFVULN-839 - Use-After-Free in MessagePack::Buffer#clear Enables Cross-Buffer Disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54522
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| crass |
GHSA-6jxj-px6v-747w |
未知 |
1.0.6 |
>= 1.0.7 |
Deeply nested CSS blocks and functions can trigger a SystemStackError or excessive memory usage
漏洞详情: https://github.com/advisories/GHSA-6jxj-px6v-747w
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| crass |
GHSA-6wmf-3r64-vcwv |
未知 |
1.0.6 |
>= 1.0.7 |
Large numeric exponents cause CPU and memory denial of service
漏洞详情: https://github.com/advisories/GHSA-6wmf-3r64-vcwv
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| websocket-driver |
CVE-2026-54463 |
未知 |
0.7.6 |
>= 0.8.1 |
Memory exhaustion via abuse of protocol length headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54463
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| websocket-driver |
CVE-2026-54464 |
未知 |
0.7.6 |
>= 0.8.1 |
Resource limit bypass via message compression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54464
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| websocket-driver |
CVE-2026-54465 |
未知 |
0.7.6 |
>= 0.8.1 |
Memory exhaustion in HTTP header parser
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54465
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| websocket-driver |
GHSA-2x63-gw47-w4mm |
未知 |
0.7.6 |
>= 0.8.2 |
Denial of service via malformed Host header
漏洞详情: https://github.com/advisories/GHSA-2x63-gw47-w4mm
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| crass |
GHSA-8vfg-2r28-hvhj |
未知 |
1.0.6 |
>= 1.0.7 |
Non-ASCII characters cause superlinear CPU consumption
漏洞详情: https://github.com/advisories/GHSA-8vfg-2r28-hvhj
镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|