Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

rack

Ecosystem:
rubygems
Package URL:
pkg:gem/rack
Total PRs:
11,495 Dependabot PRs
Latest PR:
about 1 month ago
Unique Repositories:
4,504 repositories
Unique Repos (30 days):
1 repository
Security Advisories
Rack has a Possible Information Disclosure Vulnerability
GHSA-r657-rxjc-j557 CVE-2025-61780 MODERATE published 8 months ago • updated 7 days ago
## Summary A possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` head...
Rack has possible DoS Vulnerability with Range Header
GHSA-xj5v-6v4g-jfw6 CVE-2024-26141 LOW published over 2 years ago • updated 21 days ago
# Possible DoS Vulnerability with Range Header in Rack There is a possible DoS vulnerability relating to the Range request header in Rack. This v...
Rack arbitrary code execution via timing attack
GHSA-xc85-32mf-xpv8 CVE-2013-0263 MODERATE published about 4 years ago • updated 9 days ago
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote...
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
GHSA-8cgq-6mh2-7j6v CVE-2025-27111 MODERATE published over 1 year ago • updated 3 days ago
## Summary `Rack::Sendfile` can be exploited by crafting input that includes newline characters to manipulate log entries. ## Details The `Rack:...
Rack session gets restored after deletion
GHSA-vpfw-47h7-xj4g CVE-2025-32441 MODERATE published about 1 year ago • updated 8 days ago
### Summary When using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unaut...
View all 50 advisories
Recent PRs
RSS Feed
Bump the bundler group across 9 directories with 6 updates

useplato/gitlabhq #34

2.2.4 → 2.2.23 Patch PR
Closed about 1 month ago 1 comment
useplato
Bump the bundler group across 2 directories with 5 updates

SherfeyInv/devbox #175

3.2.5 → 3.2.6 Patch PR
Open about 1 month ago 1 comment
SherfeyInv
Bump the ruby-dependencies group with 29 updates

dpla/dashboard-analytics #306

2.2.23 → 3.2.6 Major PR
Open about 2 months ago 1 comment
dpla
Bump rack from 3.2.4 to 3.2.6

openaustralia/planningalerts #2039

3.2.4 → 3.2.6 Patch PR
Open about 2 months ago 4 comments
openaustralia
build(deps): bump the bundler-production-dependencies group across 1 directory with 72 updates

owjoel/is469 #150

3.2.5 → 3.2.6 Patch PR
Closed about 2 months ago 1 comment
owjoel
Bump rack from 3.2.5 to 3.2.6

poposann0746/kebab-tokyo #160

3.2.5 → 3.2.6 Patch PR
Closed about 2 months ago 1 comment
poposann0746
Bump rack from 2.2.9 to 2.2.23

assirims/test_gems #991

2.2.9 → 2.2.23 Patch PR
Open about 2 months ago 1 comment
assirims
build(deps): bump the bundler-production-dependencies group across 1 directory with 70 updates

GuanceDemo/OpenTelemetry_Demo #72

3.2.5 → 3.2.6 Patch PR
Closed 2 months ago 1 comment
GuanceDemo
Bump the bundler-production-dependencies group across 1 directory with 71 updates

jlawton-cribl/opentelemetry-demo #123

3.2.5 → 3.2.6 Patch PR
Closed 2 months ago 1 comment
jlawton-cribl
build(deps): bump rack from 3.2.4 to 3.2.6

alphagov/govuk_web_banners #224

3.2.4 → 3.2.6 Patch PR
Closed 2 months ago 1 comment
alphagov
Bump rack from 3.2.5 to 3.2.6

quintel/etlocal #675

3.2.5 → 3.2.6 Patch PR
Open 2 months ago 1 comment
quintel
Bump the bundler group across 1 directory with 6 updates

Lynquatiq/entitlements-github-plugin #4

3.0.16 → 3.1.21 Minor PR
Closed 2 months ago 1 comment
Lynquatiq
Bump the bundler group across 1 directory with 3 updates

onetimesecret/onetimesecret #2934

3.2.5 → 3.2.6 Patch PR
Closed 2 months ago 2 comments
onetimesecret
build(deps): bump the bundler group across 2 directories with 5 updates

burhanuddin-anw/opentelemetry-demo #248

3.1.15 → 3.2.6 Minor PR
Open 2 months ago 1 comment
burhanuddin-anw
Bump the bundler group across 1 directory with 2 updates

seahal/umaxica-apps-jit #666

3.2.5 → 3.2.6 Patch PR
Closed 2 months ago 2 comments
seahal
Bump the bundler group across 1 directory with 2 updates

onetimesecret/onetimesecret #2931

3.2.5 → 3.2.6 Patch PR
Open 2 months ago 1 comment
onetimesecret
Bump the bundler group across 4 directories with 8 updates

waveaccounting/activeadmin #18

2.2.9 → 3.2.6 Major PR
Closed 2 months ago 1 comment
waveaccounting
Bump rack from 3.2.5 to 3.2.6 in the bundler group across 1 directory

onetimesecret/onetimesecret #2908

3.2.5 → 3.2.6 Patch PR
Open 2 months ago 1 comment
onetimesecret
build(deps): Bump the non-major-updates group across 1 directory with 2 updates

jesse-c/Brewfile #239

3.2.5 → 3.2.6 Patch PR
Closed 3 months ago 2 comments
jesse-c
Bump the bundler group across 1 directory with 8 updates

AKJUS/octopress #1

1.4.1 → 3.2.6 Major PR
Open 3 months ago 1 comment
AKJUS
build(deps): bump rack from 3.2.5 to 3.2.6

idylle-cynique/sample_app #23

3.2.5 → 3.2.6 Patch PR
Open 3 months ago 2 comments
idylle-cynique
Bump the bundler group across 2 directories with 2 updates

sumonst21/ort #29

2.2.3 → 2.2.23 Patch PR
Closed 3 months ago 1 comment
sumonst21
Bump the bundler group across 15 directories with 1 update

vitolothomas1986/gitlabhq #18

3.1.8 → 3.1.21 Patch PR
Closed 3 months ago 1 comment
vitolothomas1986
build(deps): bump rack from 2.2.8 to 2.2.23 in /src/email

apache/doris-opentelemetry-demo #312

2.2.8 → 2.2.23 Patch PR
Closed 3 months ago 3 comments
apache
Bump the bundler group across 6 directories with 1 update

cezary13k/ruby-example-applications #5

2.2.3.1 → 2.2.23 Patch PR
Closed 3 months ago 1 comment
cezary13k
Bump rack from 2.2.4 to 2.2.23

dragonchaser/maptool #64

2.2.4 → 2.2.23 Patch PR
Closed 3 months ago 1 comment
dragonchaser
Bump rack from 3.2.5 to 3.2.6 in /bullet_train-roles

bullet-train-co/bullet_train-core #1407

3.2.5 → 3.2.6 Patch PR
Closed 3 months ago 1 comment
bullet-train-co
Bump rack from 3.2.5 to 3.2.6 in /bullet_train-has_uuid

bullet-train-co/bullet_train-core #1405

3.2.5 → 3.2.6 Patch PR
Closed 3 months ago 1 comment
bullet-train-co
Bump rack from 3.2.5 to 3.2.6 in /bullet_train-outgoing_webhooks

bullet-train-co/bullet_train-core #1402

3.2.5 → 3.2.6 Patch PR
Closed 3 months ago 1 comment
bullet-train-co
Bump rack from 2.2.3 to 2.2.23 in /3.0/test/rack-test-app

sclorg/s2i-ruby-container #638

2.2.3 → 2.2.23 Patch PR
Open 3 months ago 1 comment
sclorg
Bump rack from 2.2.21 to 2.2.23 in /docker/template

decko-commons/decko #1275

2.2.21 → 2.2.23 Patch PR
Open 3 months ago 1 comment
decko-commons
chore: Bump rack from 2.2.22 to 2.2.23

ComPlat/chemotion_ELN #3086

2.2.22 → 2.2.23 Patch PR
Closed 3 months ago 1 comment
ComPlat
Bump rack from 2.2.22 to 2.2.23

DEFRA/pafs-admin #927

2.2.22 → 2.2.23 Patch PR
Closed 3 months ago 1 comment
DEFRA
Bump rack from 2.2.22 to 2.2.23

swobspace/adwhois #63

2.2.22 → 2.2.23 Patch PR
Closed 3 months ago 1 comment
swobspace
Bump rack from 2.2.22 to 2.2.23

alphagov/guide-to-wcag #191

2.2.22 → 2.2.23 Patch PR
Closed 3 months ago 1 comment
alphagov
DEPS: Bump rack from 2.2.22 to 2.2.23

discourse/discourse #39086

2.2.22 → 2.2.23 Patch PR
Open 3 months ago 1 comment
discourse
Bump rack from 2.2.22 to 2.2.23

zooniverse/talk-api #463

2.2.22 → 2.2.23 Patch PR
Closed 3 months ago 1 comment
zooniverse
Bump rack from 2.2.22 to 2.2.23

theos/theos.dev #95

2.2.22 → 2.2.23 Patch PR
Open 3 months ago 1 comment
theos
Bump rack from 2.2.20 to 2.2.23

jidetechconaorg/apppublic #7

2.2.20 → 2.2.23 Patch PR
Open 3 months ago 1 comment
jidetechconaorg
Bump rack from 2.2.20 to 2.2.23

davidlowjw/davidlowjw.github.io #20

2.2.20 → 2.2.23 Patch PR
Closed 3 months ago 2 comments
davidlowjw
build(deps-dev): bump rack from 2.2.14 to 2.2.23

GNOME/devdocsgjs #51

2.2.14 → 2.2.23 Patch PR
Closed 3 months ago 2 comments
GNOME
build(deps): bump the bundler group across 10 directories with 10 updates

danwdart/nixpkgs #27

2.0.7 → 2.2.23 Minor PR
Closed 3 months ago 1 comment
danwdart
chore(deps): bump rack from 3.1.8 to 3.1.21

deepgram-starters/ruby-live-transcription #3

3.1.8 → 3.1.21 Patch PR
Closed 3 months ago 1 comment
deepgram-starters
Bump rack from 3.2.5 to 3.2.6 in the bundler group across 1 directory

18488292860-coder/community #10

3.2.5 → 3.2.6 Patch PR
Closed 3 months ago 2 comments
18488292860-coder
Bump rack from 3.1.20 to 3.1.21

mgriffin/photos #72

3.1.20 → 3.1.21 Patch PR
Closed 3 months ago 2 comments
mgriffin
build(deps): bump rack from 3.1.20 to 3.1.21

dirtyhenry/deadrooster.org #232

3.1.20 → 3.1.21 Patch PR
Open 3 months ago 1 comment
dirtyhenry
Bump rack from 3.1.20 to 3.1.21

substancelab/substancelab-website #540

3.1.20 → 3.1.21 Patch PR
Open 3 months ago 1 comment
substancelab
Bump rack from 3.1.20 to 3.1.21

ParthKolekar/parthkolekar.me #52

3.1.20 → 3.1.21 Patch PR
Open 3 months ago 1 comment
ParthKolekar
Bump rack from 3.1.20 to 3.1.21

moofmayeda/axioms-for-organizers #65

3.1.20 → 3.1.21 Patch PR
Closed 3 months ago 1 comment
moofmayeda
Bump rack from 3.1.20 to 3.1.21

bgreenlee/footle.org #43

3.1.20 → 3.1.21 Patch PR
Open 3 months ago 1 comment
bgreenlee
Package Details
Name: rack
Ecosystem: rubygems
PURL Type: gem
Package URL: pkg:gem/rack
JSON API: View JSON
Security Advisories

50

Active advisories
CRITICAL 1
HIGH 18
MODERATE 26
LOW 5
View All gem Advisories
Package Information
Description:

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Repository: https://github.com/rack/rack
Homepage: https://github.com/rack/rack
Latest Release: 3.1.16
about 1 year ago
Dependent Repos: 1,043,594
Dependent Packages: 3,634
Downloads: 1,088,635,238
Ranking: Top 0.0045% by dependent repos Top 0.0067% by downloads Top 0.0139% by dependent pkgs
PR Status
Open 4,100 (35.7%)
Merged 2,667 (23.2%)
Closed 3,089 (26.9%)
PR Types
Major 301 (2.6%)
Minor 330 (2.9%)
Patch 9,181 (79.9%)