Name: nokogiri
Version: 1.18.10
GHSA: GHSA-wx95-c6cv-8532
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
Title: Nokogiri does not check the return value from xmlC14NExecute
Solution: update to '>= 1.19.1'

Name: rack
Version: 3.2.4
CVE: CVE-2026-22860
GHSA: GHSA-mxw3-3hh2-x2mh
Criticality: High
URL: https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
Title: Rack has a Directory Traversal via Rack:Directory
Solution: update to '~> 2.2.22', '~> 3.1.20', '>= 3.2.5'

Name: rack
Version: 3.2.4
CVE: CVE-2026-25500
GHSA: GHSA-whrj-4476-wvmp
Criticality: Medium
URL: https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp
Title: Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
Solution: update to '~> 2.2.22', '~> 3.1.20', '>= 3.2.5'

Vulnerabilities found!