Known Vulnerabilities for products from Ruby-lang
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ruby-lang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-61594 json | URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2... | Not Provided | 2025-12-30 | 2026-04-16 |
| CVE-2023-36617 json | A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have sp... | 5.3 - MEDIUM | 2023-06-29 | 2023-07-25 |
| CVE-2023-28756 json | A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid UR... | 5.3 - MEDIUM | 2023-03-31 | 2024-01-24 |
| CVE-2023-28755 json | A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URL... | 5.3 - MEDIUM | 2023-03-31 | 2024-01-24 |
| CVE-2023-22795 json | A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A ... | 7.5 - HIGH | 2023-02-09 | 2024-02-02 |
| CVE-2022-28739 json | There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in... | 7.5 - HIGH | 2022-05-09 | 2024-01-24 |
| CVE-2022-28738 json | A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to creat... | 9.8 - CRITICAL | 2022-05-09 | 2024-01-24 |
| CVE-2021-41819 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-01-01 | 2024-01-24 |
| CVE-2021-41817 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-01-01 | 2024-01-24 |
| CVE-2021-41816 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-02-06 | 2024-01-24 |
| CVE-2021-33621 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-11-18 | 2024-01-24 |
| CVE-2021-32066 json | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an except... | 7.4 - HIGH | 2021-08-01 | 2024-01-24 |
| CVE-2021-31810 json | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the... | 5.8 - MEDIUM | 2021-07-13 | 2024-01-24 |
| CVE-2021-31799 json | In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via |... | 7 - HIGH | 2021-07-30 | 2024-01-05 |
| CVE-2021-28966 json | In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with T... | 7.5 - HIGH | 2021-07-30 | 2022-08-12 |
| CVE-2021-28965 json | The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round... | 7.5 - HIGH | 2021-04-21 | 2023-11-07 |
| CVE-2020-25613 json | An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bu... | 7.5 - HIGH | 2020-10-06 | 2024-01-24 |
| CVE-2020-10933 json | An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonbl... | 5.3 - MEDIUM | 2020-05-04 | 2023-11-07 |
| CVE-2020-10663 json | The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsa... | 7.5 - HIGH | 2020-04-28 | 2023-11-07 |
| CVE-2020-8130 json | There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins ... | 6.4 - MEDIUM | 2020-02-24 | 2023-11-07 |