Know every threat before it ships
200K+ vulnerabilities, malicious packages, and supply chain threats enriched with Corgea's research.
HIGH 7.5
CVE-2026-47737
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
HIGH 7.5
CVE-2026-47736
Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
HIGH 8.1
CVE-2026-41316
ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
HIGH 7.5
CVE-2019-13118
libxslt Type Confusion vulnerability that affects Nokogiri
HIGH 7.5
CVE-2019-18197
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
HIGH 8.8
CVE-2026-42205
Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources
HIGH 8.2
CVE-2025-68696
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
HIGH 7.4
CVE-2026-45363
ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351
HIGH 7.5
CVE-2026-40869
Decidim amendments can be accepted or rejected by anyone
HIGH 7.4
CVE-2026-44511
katalyst-koi: Session cookies can be replayed after user logout
HIGH 8.1
CVE-2026-42084
OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence
HIGH 7.5
CVE-2025-61594
URI Credential Leakage Bypass over CVE-2025-27221
HIGH 8.8
CVE-2024-22051
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
HIGH 7.5
CVE-2026-40069
bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts
HIGH 8.1
CVE-2026-40070
bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)
HIGH 8.7
CVE-2026-23891
Decidim has a cross-site scripting (XSS) in user name
HIGH 7.5
CVE-2026-34230
Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header
HIGH 7.5
CVE-2026-35611
Addressable has a Regular Expression Denial of Service in Addressable templates
HIGH 7.5
CVE-2026-34829
Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads
HIGH 7.5
CVE-2026-34827
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters
HIGH 7.5
CVE-2026-34785
Rack::Static prefix matching can expose unintended files under the static root
HIGH 7.5
GHSA-c4rq-3m3g-8wgx
Nokogiri CSS selector tokenizer has regular expression backtracking
HIGH 7.5
CVE-2021-32740
Regular Expression Denial of Service in Addressable templates
HIGH 7.5
CVE-2025-59830
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
HIGH 8.1
CVE-2026-1531
foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set
HIGH 8.3
CVE-2026-0980
rubyipmi is vulnerable to OS Command Injection through malicious usernames
HIGH 8.1
CVE-2026-1530
fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation
HIGH 7.5
CVE-2026-31830
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest
HIGH 7.5
CVE-2019-1020001
Path Traversal vulnerability that affects yard
HIGH 8.5
CVE-2020-11020
Authentication and extension bypass in Faye
HIGH 8.2
CVE-2020-7663
Regular Expression Denial of Service in websocket-extensions (RubyGem)
HIGH 8.0
CVE-2020-15134
Missing TLS certificate verification
HIGH 7.4
CVE-2021-21305
Code Injection vulnerability in CarrierWave::RMagick
HIGH 7.5
CVE-2020-10187
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper
HIGH 7.3
CVE-2020-4054
Cross-site Scripting in Sanitize
HIGH 7.2
CVE-2024-37031
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
HIGH 7.7
CVE-2020-26254
omniauth-apple allows attacker to fake their email address during authentication
HIGH 8.4
CVE-2023-50448
Potential CSV export data leak
HIGH 7.5
CVE-2021-41098
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
HIGH 7.7
CVE-2020-5257
Sort order SQL injection in Administrate
HIGH 7.5
CVE-2020-7659
HTTP Request Smuggling in reel
HIGH 7.5
CVE-2020-7671
HTTP Request Smuggling in goliath
HIGH 7.4
CVE-2020-15269
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
HIGH 8.7
CVE-2020-26222
Remote code execution in dependabot-core branch names when cloning
HIGH 7.4
CVE-2021-21289
Command Injection Vulnerability in Mechanize
HIGH 7.4
CVE-2020-15240
Regression in JWT Signature Validation
HIGH 7.7
CVE-2020-26223
Authorization bypass in Spree
HIGH 7.5
CVE-2020-11076
HTTP Smuggling via Transfer-Encoding Header in Puma
HIGH 7.7
CVE-2020-5241
XSS/Script injection vulnerability in matestack
HIGH 7.5
CVE-2021-43805
ReDos vulnerability on guest checkout email validation
HIGH 8.3
CVE-2020-11052
Improper Restriction of Excessive Authentication Attempts in Sorcery
HIGH 8.1
CVE-2021-29435
Cross-Site Request Forgery (CSRF) in trestle-auth
HIGH 7.5
CVE-2021-29509
Puma's Keepalive Connections Causing Denial Of Service
HIGH 8.0
CVE-2020-15133
Missing TLS certificate verification in faye-websocket
HIGH 8.1
CVE-2022-24440
Command injection in cocoapods-downloader
HIGH 8.1
CVE-2022-21223
Command injection in cocoapods-downloader
HIGH 7.6
CVE-2021-23435
Clearance Gem Open Redirect Vulnerability
HIGH 7.5
CVE-2026-22860
Rack has a Directory Traversal via Rack:Directory
HIGH 7.1
GHSA-w67g-2h6v-vjgq
Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values
HIGH 8.0
CVE-2022-23634
Puma used with Rails may lead to Information Exposure
Ready to move
Start Securing
Free, no credit card | First findings in minutes