Known Vulnerabilities for Ruby by Ruby-lang
Listed below are 10 of the newest known vulnerabilities associated with "Ruby" by "Ruby-lang".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34060 | Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp... | Not Provided | 2026-03-31 | 2026-04-02 |
| CVE-2026-33946 | MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's ... | Not Provided | 2026-03-27 | 2026-03-30 |
| CVE-2026-33635 | iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-33306 | bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer overfl... | Not Provided | 2026-03-24 | 2026-03-24 |
| CVE-2021-41819 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0... | 7.5 - HIGH | 2022-01-01 | 2024-01-24 |
| CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The ... | 7.5 - HIGH | 2022-01-01 | 2024-01-24 |
| CVE-2021-41816 | CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long st... | 9.8 - CRITICAL | 2022-02-06 | 2024-01-24 |
| CVE-2021-33621 | The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relev... | 8.8 - HIGH | 2022-11-18 | 2024-01-24 |
| CVE-2021-32066 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an except... | 7.4 - HIGH | 2021-08-01 | 2024-01-24 |
| CVE-2021-31810 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the... | 5.8 - MEDIUM | 2021-07-13 | 2024-01-24 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ruby-lang | Ruby | 2011-11-03 | All | All | All |
| Application | Ruby-lang | Ruby | 2011-09-01 | All | All | All |
| Application | Ruby-lang | Ruby | 2.7.0 | preview1 | All | All |
| Application | Ruby-lang | Ruby | 2.7.0 | preview3 | All | All |
| Application | Ruby-lang | Ruby | 2.7.0 | rc1 | All | All |
| Application | Ruby-lang | Ruby | 2.7.0 | rc2 | All | All |
| Application | Ruby-lang | Ruby | 2.6.5 | All | All | All |
| Application | Ruby-lang | Ruby | 2.6.4 | All | All | All |
| Application | Ruby-lang | Ruby | 2.6.0 | - | All | All |
| Application | Ruby-lang | Ruby | 2.6.0 | preview1 | All | All |
| Application | Ruby-lang | Ruby | 2.6.0 | preview2 | All | All |
| Application | Ruby-lang | Ruby | 2.5.7 | All | All | All |
| Application | Ruby-lang | Ruby | 2.5.6 | All | All | All |
| Application | Ruby-lang | Ruby | 2.5.5 | All | All | All |
| Application | Ruby-lang | Ruby | 2.5.4 | All | All | All |
| Application | Ruby-lang | Ruby | 2.5.3 | All | All | All |
| Application | Ruby-lang | Ruby | 2.5.2 | All | All | All |
| Application | Ruby-lang | Ruby | 2.5.1 | All | All | All |
| Application | Ruby-lang | Ruby | 2.5.0 | All | All | All |
| Application | Ruby-lang | Ruby | 2.5.0 | preview1 | All | All |