Known Vulnerabilities for products from Ruby-lang
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ruby-lang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46727 json | An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo... | Not Provided | 2026-05-22 | 2026-05-26 |
| CVE-2026-42258 json | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, ... | Not Provided | 2026-05-09 | 2026-05-18 |
| CVE-2026-42257 json | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, ... | Not Provided | 2026-05-09 | 2026-05-18 |
| CVE-2026-42256 json | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.... | Not Provided | 2026-05-09 | 2026-05-18 |
| CVE-2026-42246 json | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, ... | Not Provided | 2026-05-09 | 2026-05-18 |
| CVE-2026-42245 json | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, ... | Not Provided | 2026-05-09 | 2026-05-18 |
| CVE-2026-27820 json | zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.... | Not Provided | 2026-04-16 | 2026-05-21 |
| CVE-2025-61594 json | URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2... | Not Provided | 2025-12-30 | 2026-04-16 |
| CVE-2023-36617 json | A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have sp... | 5.3 - MEDIUM | 2023-06-29 | 2023-07-25 |
| CVE-2023-28756 json | A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid UR... | 5.3 - MEDIUM | 2023-03-31 | 2024-01-24 |
| CVE-2023-28755 json | A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URL... | 5.3 - MEDIUM | 2023-03-31 | 2024-01-24 |
| CVE-2023-22795 json | A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A ... | 7.5 - HIGH | 2023-02-09 | 2024-02-02 |
| CVE-2022-28739 json | There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in... | 7.5 - HIGH | 2022-05-09 | 2024-01-24 |
| CVE-2022-28738 json | A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to creat... | 9.8 - CRITICAL | 2022-05-09 | 2024-01-24 |
| CVE-2021-41819 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-01-01 | 2024-01-24 |
| CVE-2021-41817 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-01-01 | 2024-01-24 |
| CVE-2021-41816 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-02-06 | 2024-01-24 |
| CVE-2021-33621 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-11-18 | 2024-01-24 |
| CVE-2021-32066 json | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an except... | 7.4 - HIGH | 2021-08-01 | 2024-01-24 |
| CVE-2021-31810 json | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the... | 5.8 - MEDIUM | 2021-07-13 | 2024-01-24 |