← All images

rails

12 open findings · 12 with upstream fix available

Image: ghcr.io/rtvkiz/minimal-rails:latest  ·  Size: 118 MB  ·  Last rebuilt: 0d ago  ·  Updated: 2026-06-17 21:45 UTC

PackageVersionSeverityCVEFixDescriptionVEX
json2.18.0HIGHGHSA-3m6g-2423-7cp32.19.2Ruby JSON has a format string injection vulnerability
net-imap0.6.2HIGHGHSA-vcgp-9326-pqcp0.6.4net-imap vulnerable to STARTTLS stripping via invalid response timing
net-imap0.6.2MEDIUMGHSA-75xq-5h9v-w6px0.6.4net-imap vulnerable to command Injection via unvalidated Symbol inputs
net-imap0.6.2MEDIUMGHSA-hm49-wcqc-g2xg0.6.4net-imap vulnerable to command Injection via "raw" arguments to multiple commands
net-imap0.6.2MEDIUMGHSA-87pf-fpwv-p7m70.6.4net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication
net-imap0.6.2MEDIUMGHSA-46q3-7gv7-qmgg0.6.4.1Net::IMAP: Command Injection via ID command argument
net-imap0.6.2MEDIUMGHSA-8p34-64r3-mwg80.6.4.1Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument
net-imap0.6.4MEDIUMGHSA-46q3-7gv7-qmgg0.6.4.1Net::IMAP: Command Injection via ID command argument
net-imap0.6.4MEDIUMGHSA-8p34-64r3-mwg80.6.4.1Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument
net-imap0.6.2LOWGHSA-q2mw-fvj9-vvcw0.6.4net-imap has quadratic complexity when reading response literals
net-imap0.6.2LOWGHSA-c4fp-cxrr-mj660.6.4.1Net::IMAP: Denial of Service via incomplete raw argument validation
net-imap0.6.4LOWGHSA-c4fp-cxrr-mj660.6.4.1Net::IMAP: Denial of Service via incomplete raw argument validation