Known Vulnerabilities for products from Rubygems
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Rubygems".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41316 json | Not Provided | 2026-04-24 | 2026-04-25 | |
| CVE-2024-21654 json | 9.8 - CRITICAL | 2024-01-12 | 2024-01-22 | |
| CVE-2023-40165 json | rubygems.org is the Ruby community's primary gem (library) hosting service. Insufficient input validation allowed malicious a... | 7.5 - HIGH | 2023-08-17 | 2023-08-24 |
| CVE-2022-36073 json | RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change... | 8.8 - HIGH | 2022-09-07 | 2022-09-12 |
| CVE-2022-29218 json | RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that ... | 7.5 - HIGH | 2022-05-13 | 2022-12-02 |
| CVE-2022-29176 json | Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it w... | 7.5 - HIGH | 2022-05-05 | 2023-02-10 |
| CVE-2019-8325 json | An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without esca... | 7.5 - HIGH | 2019-06-17 | 2020-08-19 |
| CVE-2019-8324 json | An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctl... | 8.8 - HIGH | 2019-06-17 | 2020-08-24 |
| CVE-2019-8323 json | An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API res... | 7.5 - HIGH | 2019-06-17 | 2020-08-19 |
| CVE-2019-8322 json | An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API respon... | 7.5 - HIGH | 2019-06-17 | 2020-08-19 |
| CVE-2019-8321 json | An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escapin... | 7.5 - HIGH | 2019-06-17 | 2020-08-19 |
| CVE-2019-8320 json | A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touchi... | 7.4 - HIGH | 2019-06-06 | 2020-08-16 |
| CVE-2018-1000079 json | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, ... | 5.5 - MEDIUM | 2018-03-13 | 2018-11-30 |
| CVE-2018-1000078 json | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, ... | 6.1 - MEDIUM | 2018-03-13 | 2019-05-20 |
| CVE-2018-1000077 json | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, ... | 5.3 - MEDIUM | 2018-03-13 | 2019-05-20 |
| CVE-2018-1000076 json | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, ... | 9.8 - CRITICAL | 2018-03-13 | 2019-05-20 |
| CVE-2018-1000075 json | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, ... | 7.5 - HIGH | 2018-03-13 | 2019-10-03 |
| CVE-2018-1000074 json | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, ... | 7.8 - HIGH | 2018-03-13 | 2019-05-20 |
| CVE-2018-1000073 json | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, ... | 7.5 - HIGH | 2018-03-13 | 2020-08-24 |
| CVE-2017-0903 json | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserializa... | 9.8 - CRITICAL | 2017-10-11 | 2019-10-09 |
Known software with vulnerabilities from Rubygems
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Rubygems | Rubygems | 0.2.0 |