I changed YAML.load_file to YAML.safe_load because it can deserialize unexpected classes. RCE can occur if there are no restrictions on the classes that can be deserialized, if the ruby-advisory-db...