GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Rack has a Directory Traversal via Rack:Directory
High
CVE-2026-22860
was published
for
rack
(RubyGems)
Feb 17, 2026
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
High
CVE-2025-61919
was published
for
rack
(RubyGems)
Oct 10, 2025
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
High
CVE-2025-61772
was published
for
rack
(RubyGems)
Oct 7, 2025
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
High
CVE-2025-61771
was published
for
rack
(RubyGems)
Oct 7, 2025
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
High
CVE-2025-61770
was published
for
rack
(RubyGems)
Oct 7, 2025
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
High
CVE-2025-59830
was published
for
rack
(RubyGems)
Sep 25, 2025
Rack has an Unbounded-Parameter DoS in Rack::QueryParser
High
CVE-2025-46727
was published
for
rack
(RubyGems)
May 8, 2025
Local File Inclusion in Rack::Static
High
CVE-2025-27610
was published
for
rack
(RubyGems)
Mar 10, 2025
ProTip!
Advisories are also available from the
GraphQL API