rack vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-34835Mediumrack: Rack::Request accepts invalid Host characters, enabling host allowlist bypassCVE-2026-34831Mediumrack: Rack has Content-Length mismatch in Rack::Files error responsesCVE-2026-34830Mediumrack: Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-RedirectCVE-2026-34829Highrack: Rack's multipart parsing without Content-Length header allows unbounded chunked file uploadsCVE-2026-34763Mediumrack: Rack has a root directory disclosure via unescaped regex interpolation in Rack::DirectoryCVE-2026-34230Highrack: Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding…CVE-2026-32762Mediumrack: Rack: Forwarded Header semicolon injection enables Host and Scheme spoofingCVE-2026-26962Mediumrack: Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter valuesCVE-2026-26961Mediumrack: Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.CVE-2026-34827Highrack: Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parametersCVE-2026-34826Mediumrack: Rack's multipart byte range processing allows denial of service via excessive overlapping rangesCVE-2026-34786Mediumrack: Rack:: Static header_rules bypass via URL-encoded pathsCVE-2026-34785Highrack: Rack::Static prefix matching can expose unintended files under the static rootCVE-2026-25500Mediumrack: Stored XSS in Rack::Directory via javascript: filenames rendered into anchor hrefCVE-2026-22860Highrack: Rack has a Directory Traversal via Rack:DirectoryCVE-2025-61919Highrack: Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsingCVE-2025-61780Mediumrack: Rack has a Possible Information Disclosure VulnerabilityCVE-2025-61772Highrack: Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)CVE-2025-61771Highrack: Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory…CVE-2025-61770Highrack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)CVE-2025-59830Highrack: Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated…CVE-2025-49007Mediumrack: ReDoS Vulnerability in Rack::Multipart handle_mime_headCVE-2025-46727Highrack: Rack has an Unbounded-Parameter DoS in Rack::QueryParserCVE-2025-32441Mediumrack: Rack session gets restored after deletionCVE-2025-27610Highrack: Local File Inclusion in Rack::Static

Stop the waste.
Protect your environment with Kodem.