rubygems
954 tracked vulnerabilities.
CVE-2025-68113
MEDIUM
ALTCHA Libraries - Cryptographic Semantic Binding Flaw via HMAC Signature Reinterpretation
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66568
CRITICAL
ruby-saml < 1.18.0 - Authentication Bypass via Signature Wrapping Attack
Dec 09, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-66567
CRITICAL
ruby-saml < 1.18.0 - Authentication Bypass via Signature Wrapping Attack
Dec 09, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-64501
HIGH
prosemirror_to_html < 0.2.1 - Cross-Site Scripting via HTML Attribute Values
Nov 10, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-12790
HIGH
Rubygem MQTT < 0.7.0 - Man-in-the-Middle via Missing Hostname Validation
Nov 06, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-61921
HIGH
Sinatra < 4.2.0 - Denial of Service via If-Match and If-None-Match Header Parsing
Oct 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61919
HIGH
Rack < 2.2.20 - Denial of Service via Unbounded Form Parameter Memory Consumption
Oct 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61780
MEDIUM
Rack < 2.2.20 - Proxy Request Redirection via Untrusted x-sendfile Headers
Oct 10, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-61772
HIGH
Rack < 2.2.19 - Denial of Service via Unbounded Multipart Header Parsing
Oct 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61771
HIGH
Rack < 2.2.19 - Uncontrolled Resource Consumption via Multipart Form Non-File Fields
Oct 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61770
HIGH
Rack < 2.2.19 - Uncontrolled Resource Consumption via Multipart Preamble Buffering
Oct 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59830
HIGH
Rack < 2.2.18 - Denial of Service via Query Parameter Separator Bypass
Sep 25, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58767
MEDIUM
REXML 3.3.3-3.4.1 - Denial of Service via Multiple XML Declarations
Sep 17, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-58067
MEDIUM
google_sign_in < 1.3.1 - Open Redirect via Session Store 'proceed_to' Parameter
Aug 29, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-57821
MEDIUM
google_sign_in < 1.3.0 - Open Redirect via Malformed URL
Aug 27, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-55193
LOW
Active Record <7.1.5.2, <7.2.2.2, <8.0.2.1 - Info Disclosure
Aug 13, 2025
EPSS 0.00
CVE-2025-54887
CRITICAL
jwe <1.1.0 - Confidentiality Disclosure
Aug 08, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-54572
MEDIUM
ruby-saml < 1.18.1 - Denial of Service via Base64 Validation Bypass
Jul 30, 2025
EPSS 0.00
CVE-2025-54314
LOW
Thor < 1.4.0 - OS Command Injection via Unsafe Shell Command Construction
Jul 20, 2025
CVSS 2.8
EPSS 0.00
CVE-2025-53623
HIGH
job-iteration < 1.11.0 - Remote Code Execution via CsvEnumerator
Jul 14, 2025
EPSS 0.01
CVE-2025-24294
HIGH
Ruby resolv < 0.2.3, 0.2-0.2.2, 0.3.0, 0.6-0.6.1 - Denial of Service via DNS Packet Decompression
Jul 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-6442
MEDIUM
Ruby WEBrick < 1.8.2 - HTTP Request Smuggling via Header Terminator Parsing
Jun 25, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-6494
LOW
Nokogiri - Heap-Based Buffer Overflow in hashmap_get_with_hash
Jun 22, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-6490
LOW
Nokogiri - Heap-Based Buffer Overflow in hashmap_set_with_hash
Jun 22, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-28384
CRITICAL
OpenC3 COSMOS < 6.1.0 - Path Traversal via Script API Endpoint
Jun 13, 2025
CVSS 9.1
EPSS 0.02
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
ruby-saml 10
jquery-rails 9
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
katello 7
lodash-rails 7
net-imap 7
spree 7
avo 6
Quick Filters