Search for packages
| purl | pkg:gem/mail@2.5.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1svp-fwt6-pbey | SMTP Injection via to/from addresses The mail package does not disallow CRLF in email addresses; an attacker can inject SMTP commands in specially crafted email addresses passed to `RCPT TO` and `MAIL FROM`. |
CVE-2015-9097
GHSA-q86f-fmqf-qrf6 OSV-131677 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T01:19:15.650928+00:00 | GHSA Importer | Fixing | VCID-1svp-fwt6-pbey | https://github.com/advisories/GHSA-q86f-fmqf-qrf6 | 38.4.0 |
| 2026-04-11T12:47:22.050222+00:00 | GHSA Importer | Fixing | VCID-1svp-fwt6-pbey | https://github.com/advisories/GHSA-q86f-fmqf-qrf6 | 38.3.0 |
| 2026-04-02T13:42:42.331538+00:00 | GHSA Importer | Fixing | VCID-1svp-fwt6-pbey | https://github.com/advisories/GHSA-q86f-fmqf-qrf6 | 38.1.0 |
| 2026-04-01T15:56:14.346710+00:00 | GHSA Importer | Fixing | VCID-1svp-fwt6-pbey | https://github.com/advisories/GHSA-q86f-fmqf-qrf6 | 38.0.0 |
| 2026-04-01T12:54:22.973610+00:00 | GithubOSV Importer | Fixing | VCID-1svp-fwt6-pbey | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-q86f-fmqf-qrf6/GHSA-q86f-fmqf-qrf6.json | 38.0.0 |