See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Cross-site Scripting (XSS)CVE-2023-30614
Affects pay | Versions <6.3.2
Has fix
RubyGemsPublished 21 Apr 2023
- M
Cross-site Scripting (XSS)CVE-2024-22048
Affects govuk_tech_docs | Versions >=2.0.2, <3.3.1
Has fix
RubyGemsPublished 12 Apr 2023
- H
Cross-site Scripting (XSS)CVE-2023-1892
Affects sidekiq | Versions >=7.0.4, <7.0.8
Has fix
RubyGemsPublished 6 Apr 2023
- M
Insecure DefaultsCVE-2020-21514
Affects fluentd-ui | Versions >=0.0.0
Has fix
RubyGemsPublished 5 Apr 2023
- M
Denial of Service (DoS)CVE-2023-26485
Affects commonmarker | Versions <0.23.9
Has fix
RubyGemsPublished 2 Apr 2023
- M
Denial of Service (DoS)CVE-2023-24824
Affects commonmarker | Versions <0.23.9
Has fix
RubyGemsPublished 2 Apr 2023
- M
Regular Expression Denial of Service (ReDoS)CVE-2023-28756
Affects time | Versions <0.1.1>=0.2.0, <0.2.2
Has fix
RubyGemsPublished 31 Mar 2023
- M
Denial of Service (DoS)CVE-2023-28846
Affects unpoly-rails | Versions <2.7.2.2
Has fix
RubyGemsPublished 31 Mar 2023
- M
Cross-site Scripting (XSS)CVE-2023-23913
Affects rails | Versions >=5.1.0, <6.1.7.3>=7.0.0, <7.0.4.3
Has fix
RubyGemsPublished 28 Mar 2023
- H
Command InjectionCVE-2023-28102
Affects discordrb | Versions <3.5.0
Has fix
RubyGemsPublished 28 Mar 2023
- M
Regular Expression Denial of Service (ReDoS)CVE-2023-28755
Affects uri | Versions <0.10.0.1>=0.10.1, <0.10.2>=0.11.0, <0.11.1>=0.12.0, <0.12.1
Has fix
RubyGemsPublished 28 Mar 2023
- H
Arbitrary Command InjectionCVE-2014-10075
Affects karo | Versions >=2.3.8
Has fix
RubyGemsPublished 27 Mar 2023
- H
Denial of Service (DoS)CVE-2021-39880
Affects apollo_upload_server | Versions <2.1.0
Has fix
RubyGemsPublished 19 Mar 2023
- M
Cross-site Scripting (XSS)CVE-2023-28120
Affects activesupport | Versions <6.1.7.3>=7.0.0.alpha1, <7.0.4.3
Has fix
RubyGemsPublished 15 Mar 2023
- M
Regular Expression Denial of Service (ReDoS)CVE-2023-27539
Affects rack | Versions >=2.0.0.alpha, <2.2.6.4>=3.0.0.beta1, <3.0.6.1
Has fix
RubyGemsPublished 15 Mar 2023
- C
Deserialization of Untrusted DataCVE-2017-0903
Affects rubygems-update | Versions >=2.0.0, <2.6.14
Has fix
RubyGemsPublished 9 Mar 2023
- H
Denial of Service (DoS)CVE-2007-0469
Affects rubygems-update | Versions <0.9.1
Has fix
RubyGemsPublished 9 Mar 2023
- M
Access Control BypassCVE-2019-11068
Affects nokogiri | Versions <1.10.3
Has fix
RubyGemsPublished 9 Mar 2023
- H
Denial of Service (DoS)CVE-2023-27530
Affects rack | Versions <2.0.9.3>=2.1.0, <2.1.4.3>=2.2.0, <2.2.6.3>=3.0.0.beta1, <3.0.4.2
Has fix
RubyGemsPublished 8 Mar 2023
- H
Improper Input ValidationCVE-2019-7615
Affects elastic-apm | Versions <2.9.0
Has fix
RubyGemsPublished 5 Mar 2023
- H
Arbitrary Code InjectionCVE-2022-36231
Affects pdf_info | Versions >=0.0.0
Has fix
RubyGemsPublished 24 Feb 2023
- M
Cross-site Request Forgery (CSRF)CVE-2023-25015
Affects clockwork_web | Versions <0.1.2
Has fix
RubyGemsPublished 2 Feb 2023
- M
Information ExposureCVE-2018-14623
Affects katello | Versions <3.1.0.rc1
Has fix
RubyGemsPublished 31 Jan 2023
- H
Weak Password RequirementsCVE-2023-0569
Affects publify_core | Versions <9.2.10
Has fix
RubyGemsPublished 30 Jan 2023
- M
Cross-site Scripting (XSS)CVE-2023-23627
Affects sanitize | Versions >=5.0.0, <6.0.1
Has fix
RubyGemsPublished 29 Jan 2023
- M
Improper Privilege ManagementCVE-2017-2662
Affects katello | Versions <3.17.0.rc1
Has fix
RubyGemsPublished 27 Jan 2023
- M
Cross-site Scripting (XSS)CVE-2018-16887
Affects katello | Versions <3.9.0.rc1
Has fix
RubyGemsPublished 27 Jan 2023
- M
Denial of Service (DoS)CVE-2017-15364
Affects ccsv | Versions >=0.0.0
Has fix
RubyGemsPublished 27 Jan 2023
- H
Directory TraversalCVE-2017-1000026
Affects mixlib-archive | Versions <0.4.0
Has fix
RubyGemsPublished 27 Jan 2023