Know every threat before it ships
200K+ vulnerabilities, malicious packages, and supply chain threats enriched with Corgea's research.
UNKNOWN
CVE-2026-47241
Net::IMAP: Denial of Service via incomplete raw argument validation
UNKNOWN
CVE-2026-47242
Net::IMAP: Command Injection via ID command argument
UNKNOWN
CVE-2026-47240
Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument
CRITICAL 9.8
CVE-2026-27820
Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
MEDIUM 5.3
CVE-2019-13117
Uninitialized read in Nokogiri gem
HIGH 7.5
CVE-2026-47737
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
HIGH 7.5
CVE-2026-47736
Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
UNKNOWN
CVE-2026-44476
Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret
CRITICAL 9.8
CVE-2011-10019
Spree has Remote Command Execution vulnerability in search functionality
UNKNOWN
CVE-2026-41493
yard: Possible arbitrary path traversal and file access via yard server
MEDIUM 4.7
CVE-2026-44587
CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters
HIGH 8.1
CVE-2026-41316
ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
CRITICAL 9.8
CVE-2019-11068
Nokogiri vulnerable to libxslt protection mechanism bypass
HIGH 7.5
CVE-2019-13118
libxslt Type Confusion vulnerability that affects Nokogiri
HIGH 7.5
CVE-2019-18197
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
MEDIUM 6.1
CVE-2024-26143
Rails has possible XSS Vulnerability in Action Controller
MEDIUM 6.5
CVE-2026-44836
view_component: Preview Route Can Dispatch Inherited Helper Methods
MEDIUM 5.9
CVE-2026-44837
view_component: System Test Entry Point Path Check Allows Sibling Directory Escape
MEDIUM 6.1
CVE-2018-14042
Bootstrap Cross-site Scripting vulnerability
MEDIUM 5.5
CVE-2024-32887
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
MEDIUM 5.8
CVE-2026-44312
CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content
HIGH 8.8
CVE-2026-42205
Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources
UNKNOWN
CVE-2026-41146
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem
HIGH 8.2
CVE-2025-68696
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
CRITICAL 10.0
CVE-2024-45409
SAML authentication bypass via Incorrect XPath selector
MEDIUM 4.5
CVE-2024-27281
RDoc RCE vulnerability with .rdoc_options
MEDIUM 5.3
CVE-2023-5349
memory leak flaw was found in ruby-magick
NONE 0.0
CVE-2026-33637
Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping
UNKNOWN
GHSA-xf4v-w5x5-pv79
Spree: CSV Formula Injection in Customer Export
HIGH 7.4
CVE-2026-45363
ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351
MEDIUM 6.1
CVE-2019-8331
Bootstrap Vulnerable to Cross-Site Scripting
MEDIUM 5.4
CVE-2026-4324
Katello: Denial of Service and potential information disclosure via SQL injection
MEDIUM 6.1
CVE-2025-67202
Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL
HIGH 7.5
CVE-2026-40869
Decidim amendments can be accepted or rejected by anyone
MEDIUM 6.1
CVE-2026-40295
Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler
CRITICAL 9.6
CVE-2026-42087
OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database
MEDIUM 4.6
CVE-2026-42086
OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender
HIGH 7.4
CVE-2026-44511
katalyst-koi: Session cookies can be replayed after user logout
HIGH 8.1
CVE-2026-42084
OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence
MEDIUM 4.3
CVE-2026-42085
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames
HIGH 7.5
CVE-2025-61594
URI Credential Leakage Bypass over CVE-2025-27221
UNKNOWN
CVE-2026-42246
net-imap vulnerable to STARTTLS stripping via invalid response timing
UNKNOWN
CVE-2026-42258
net-imap vulnerable to command Injection via unvalidated Symbol inputs
HIGH 8.8
CVE-2024-22051
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
UNKNOWN
CVE-2026-42256
net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication
UNKNOWN
CVE-2026-42245
net-imap has quadratic complexity when reading response literals
MEDIUM 4.8
CVE-2026-32762
Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing
UNKNOWN
CVE-2026-33169
Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
MEDIUM 4.8
CVE-2026-34835
Rack::Request accepts invalid Host characters, enabling host allowlist bypass
MEDIUM 4.8
CVE-2026-34831
Rack has Content-Length mismatch in Rack::Files error responses
HIGH 7.5
CVE-2026-40069
bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts
HIGH 8.1
CVE-2026-40070
bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)
MEDIUM 4.8
CVE-2026-26962
Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values
HIGH 8.7
CVE-2026-23891
Decidim has a cross-site scripting (XSS) in user name
MEDIUM 5.9
CVE-2026-34830
Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect
HIGH 7.5
CVE-2026-34230
Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
HIGH 7.5
CVE-2026-35611
Addressable has a Regular Expression Denial of Service in Addressable templates
HIGH 7.5
CVE-2026-34829
Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads
MEDIUM 5.3
CVE-2026-26961
Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.
UNKNOWN
CVE-2026-33170
Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
Ready to move
Start Securing
Free, no credit card | First findings in minutes