Rubygems

901 tracked vulnerabilities.

CVE-2026-0980 HIGH
rubyipmi - Authenticated RCE
Feb 27, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-25500 MEDIUM
Rack <2.2.22/3.1.20/3.2.5 - XSS
Feb 18, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-22860 HIGH
Rack <2.2.22/3.1.20/3.2.5 - Path Traversal
Feb 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25765 MEDIUM
Rubygems Faraday < 2.14.1 - SSRF
Feb 09, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-25757 MEDIUM
Rubygems Spree Storefront < 5.0.8 - IDOR
Feb 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-25758 HIGH
Rubygems Spree API < 4.10.3 - Improper Access Control
Feb 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-65017 MEDIUM
Rubygems Decidim-core < 0.30.4 - Information Disclosure
Feb 03, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-1531 HIGH
Rubygems Foreman Kubevirt < 0.4.3 - Improper Certificate Validation
Feb 02, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-1530 HIGH
Rubygems Fog-kubevirt < 1.5.1 - Improper Certificate Validation
Feb 02, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-24293
Rubygems Activestorage < 8.0.2.1 - Command Injection
Jan 30, 2026
EPSS 0.00
CVE-2026-23885 MEDIUM
Alchemy <7.4.12,8.0.3 - Code Injection
Jan 19, 2026
CVSS 6.4
EPSS 0.00
CVE-2025-68271 CRITICAL
Rubygems Openc3 < 6.10.2 - Remote Code Execution
Jan 13, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-22589 HIGH
Spree < 4.10.2 - IDOR
Jan 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22588 MEDIUM
Spree < 4.10.2 - IDOR
Jan 08, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-61594 HIGH
URI <1.0.4 - Auth Bypass
Dec 30, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-68696 HIGH
httparty <0.23.2 - SSRF
Dec 23, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-14762 MEDIUM
Rubygems Aws-sdk-s3 < 1.208.0 - Broken Cryptographic Algorithm
Dec 17, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-68113 MEDIUM
ALTCHA - Info Disclosure
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66568 CRITICAL
ruby-saml <1.12.4 - Auth Bypass
Dec 09, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-66567 CRITICAL
ruby-saml <1.12.4 - Auth Bypass
Dec 09, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-64501 HIGH
Rubygems Prosemirror TO Html < 0.2.1 - XSS
Nov 10, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-12790 HIGH
Rubygem MQTT - Info Disclosure
Nov 06, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-61921 HIGH
Sinatra < 4.2.0 - Denial of Service
Oct 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61919 HIGH
Rack < 2.2.20 - Denial of Service
Oct 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61780 MEDIUM
Rack < 2.2.20 - Information Disclosure
Oct 10, 2025
CVSS 5.8
EPSS 0.00
Products
actionpack 62 rack 37 nokogiri 34 rubygems-update 25 rubygems 25 activerecord 23 puppet 23 publify_core 15 rails-html-sanitizer 14 activesupport 14 passenger 14 actionview 12 puma 12 decidim 12 rails 11 fat_free_crm 11 jquery-rails 11 camaleon_cms 10 ruby-saml 10 bootstrap 9 rexml 8 bootstrap-sass 8 lodash-rails 7 jquery-ui-rails 7 spree 7 doorkeeper 6 katello 6 loofah 6 sinatra 6 ember-source 6
Quick Filters
Critical CVEs With Exploits In CISA KEV