MEDIUM 6.1 RubyGems
GHSA-228g-948r-83gx · CVE-2022-23515 Improper neutralization of data URIs may allow XSS in Loofah
Modified: 11/4/2025
package
RubyGems / loofah
pkg:rubygems/loofah
LOW RubyGems
GHSA-2j22-pr5w-6gq8 Loofah has improper detection of disallowed URIs via `allowed_uri?`
Modified: 4/8/2026
HIGH 7.5 RubyGems
GHSA-3x8r-x6xp-q4vm · CVE-2022-23516 Uncontrolled Recursion in Loofah
Modified: 11/4/2025
LOW RubyGems
GHSA-46fp-8f5p-pf2m Improper detection of disallowed URIs by Loofah `allowed_uri?`
Modified: 3/23/2026
HIGH 7.5 RubyGems
GHSA-486f-hjj9-9vhh · CVE-2022-23514 Inefficient Regular Expression Complexity in Loofah
Modified: 11/4/2025
MEDIUM 5.4 RubyGems
GHSA-c3gv-9cxf-6f57 · CVE-2019-15587 Loofah Allows Cross-site Scripting
Modified: 2/16/2024
MEDIUM 5.4 RubyGems
GHSA-g4xq-jx4w-4cjv · CVE-2018-16468 Loofah Cross-site Scripting vulnerability
Modified: 11/8/2023
MEDIUM 6.1 RubyGems
GHSA-x7rv-cr6v-4vm4 · CVE-2018-8048 Cross-site Scripting in loofah
Modified: 2/22/2024