Vulnerability DB

VULNERABILITY	AFFECTS	TYPE	PUBLISHED
H Cross-site Scripting (XSS)	phlex<1.0.1>=1.1.0, <1.1.1>=1.2.0, <1.2.2>=1.3.0, <1.3.3>=1.4.0, <1.4.1>=1.5.0, <1.5.2>=1.6.0, <1.6.2>=1.7.0, <1.7.1>=1.8.0, <1.8.2>=1.9.0, <1.9.1	RubyGems	13 Mar 2024
H Unsafe Reflection	stimulus_reflex<3.4.2>=3.5.0-pre0, <3.5.0-rc4	RubyGems	13 Mar 2024
M Cross-site Scripting (XSS)	yard<0.9.35	RubyGems	29 Feb 2024
M Exposure of Data Element to Wrong Session	actionpack>=5.2.0, <6.1.7.7>=7.0.0, <7.0.8.1	RubyGems	25 Feb 2024
M Regular Expression Denial of Service (ReDoS)	actionpack>=7.1.0, <7.1.3.1	RubyGems	25 Feb 2024
M Cross-site Scripting (XSS)	actionpack>=7.0.0, <7.0.8.1>=7.1.0, <7.1.3.1	RubyGems	25 Feb 2024
H Denial of Service (DoS)	rack>=1.3.0, <2.2.8.1>=3.0.0, <3.0.9.1	RubyGems	25 Feb 2024
M Regular Expression Denial of Service (ReDoS)	rack>=0.4.0, <2.2.8.1>=3.0.0, <3.0.9.1	RubyGems	25 Feb 2024
M Regular Expression Denial of Service (ReDoS)	rack<2.0.9.4>=2.1.0, <2.1.4.4>=2.2.0, <2.2.8.1>=3.0.0, <3.0.9.1	RubyGems	25 Feb 2024
M Cross-site Scripting (XSS)	decidim>=0.27.0, <0.27.5	RubyGems	22 Feb 2024
M Cross-site Scripting (XSS)	decidim-core>=0.27.0, <0.27.5	RubyGems	22 Feb 2024
L Race Condition	decidim>=0.10.0, <0.26.9>=0.27.0, <0.27.5	RubyGems	21 Feb 2024
M Server-Side Request Forgery (SSRF)	decidim-templates>=0.23.0, <0.27.5	RubyGems	21 Feb 2024
M Operation on a Resource after Expiration or Release	decidim-system>=0.0.1, <0.26.9>=0.27.0, <0.27.5	RubyGems	21 Feb 2024
M Operation on a Resource after Expiration or Release	decidim-admin>=0.0.1, <0.26.9>=0.27.0, <0.27.5	RubyGems	21 Feb 2024
M Operation on a Resource after Expiration or Release	devise_invitable>=0.4.0, <2.0.9	RubyGems	21 Feb 2024
H Cross-site Scripting (XSS)	sidekiq-unique-jobs<7.1.33>=8.0.0, <8.0.7	RubyGems	14 Feb 2024
M Use After Free	nokogiri<1.15.6>=1.16.0, <1.16.2	RubyGems	5 Feb 2024
M Cross-site Scripting (XSS)	avo<3.0.2	RubyGems	18 Jan 2024
M Cross-site Scripting (XSS)	avo<2.47.0>=3.0.0.beta1, <3.3.0	RubyGems	18 Jan 2024
M HTTP Request Smuggling	puma<5.6.8>=6.0.0, <6.4.2	RubyGems	9 Jan 2024
H Uncontrolled Resource Consumption ('Resource Exhaustion')	encoded_id<1.0.0.rc3	RubyGems	5 Jan 2024
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	view_component<2.83.0>=3.0.0, <3.9.0	RubyGems	5 Jan 2024
H Improper Authentication	omniauth-microsoft_graph<2.0.0	RubyGems	3 Jan 2024
H Improper Verification of Cryptographic Signature	json-jwt<1.15.3.1>=1.16.0, <1.16.6	RubyGems	27 Dec 2023
C Improper Neutralization of Formula Elements in a CSV File	activeadmin<3.2.0	RubyGems	24 Dec 2023
M Cross-site Scripting (XSS)	resque-scheduler<4.10.2	RubyGems	20 Dec 2023
M Cross-site Scripting (XSS)	resque<2.2.1	RubyGems	19 Dec 2023
M Cross-site Scripting (XSS)	resque<2.6.0	RubyGems	19 Dec 2023
M Cross-site Scripting (XSS)	resque<2.1.0	RubyGems	19 Dec 2023

APPLICATION

OPERATING SYSTEM