2021/02/08
CVE-2021-21305 / carrierwave / Code Injection vulnerability in CarrierWave::RMagick
https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4
2021/03/03
active_attr / ReDoS vulnerability in ActiveAttr::Typecasting::BooleanTypecaster#call
cgriego/active_attr#184
2021/03/28
CVE-2021-31866 / redmine / timing attack
https://nvd.nist.gov/vuln/detail/CVE-2021-31866
2021/05/06
[CVE-2021-22904] Possible DoS Vulnerability in Action Controller Token Authentication
https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
2022/11/16
rubyzip / Path Traversal
rubyzip/rubyzip#540
2023/01/18
[CVE-2023-22797] Possible Open Redirect Vulnerability in Action Pack
https://discuss.rubyonrails.org/t/cve-2023-22797-possible-open-redirect-vulnerability-in-action-pack/82120
[CVE-2023-22795] Possible ReDoS based DoS vulnerability in Action Dispatch
https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118