rubygems

965 tracked vulnerabilities.

CVE-2025-57821 MEDIUM
google_sign_in < 1.3.0 - Open Redirect via Malformed URL
Aug 27, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-55193 LOW
Active Record <7.1.5.2, <7.2.2.2, <8.0.2.1 - Info Disclosure
Aug 13, 2025
EPSS 0.01
CVE-2025-54887 CRITICAL
jwe <1.1.0 - Confidentiality Disclosure
Aug 08, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-54572 MEDIUM
ruby-saml < 1.18.1 - Denial of Service via Base64 Validation Bypass
Jul 30, 2025
EPSS 0.00
CVE-2025-54314 LOW
Thor < 1.4.0 - OS Command Injection via Unsafe Shell Command Construction
Jul 20, 2025
CVSS 2.8
EPSS 0.00
CVE-2025-53623 HIGH
job-iteration < 1.11.0 - Remote Code Execution via CsvEnumerator
Jul 14, 2025
EPSS 0.01
CVE-2025-24294 HIGH
Ruby resolv < 0.2.3, 0.2-0.2.2, 0.3.0, 0.6-0.6.1 - Denial of Service via DNS Packet Decompression
Jul 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-6442 MEDIUM
Ruby WEBrick < 1.8.2 - HTTP Request Smuggling via Header Terminator Parsing
Jun 25, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-6494 LOW
Nokogiri - Heap-Based Buffer Overflow in hashmap_get_with_hash
Jun 22, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-6490 LOW
Nokogiri - Heap-Based Buffer Overflow in hashmap_set_with_hash
Jun 22, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-28384 CRITICAL
OpenC3 COSMOS < 6.1.0 - Path Traversal via Script API Endpoint
Jun 13, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-28382 HIGH
OpenC3 COSMOS < 6.1.0 - Path Traversal via openc3-api/tables Endpoint
Jun 13, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-49007 MEDIUM
Rack 3.1.0-3.1.15 - Denial of Service via Content-Disposition Header Parsing
Jun 04, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-48069 MEDIUM
Shopify ejson2env < 2.0.8 - OS Command Injection via Unsanitized stdout Output
May 21, 2025
CVSS 6.6
EPSS 0.01
CVE-2025-46336 MEDIUM
Rack::Session <2.1.1 - Privilege Escalation
May 08, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-46727 HIGH
Rack <2.2.14,3.0.16,3.1.14 - Info Disclosure
May 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-32441 MEDIUM
Rack < 2.2.14 - Unauthenticated Session Restoration via Race Condition in Rack::Session::Pool
May 07, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-46551 LOW
JRuby-OpenSSL 0.12.1-0.15.3 and JRuby 9.3.4.0-9.4.12.0 and 10.0.0.0 - Improper Certificate Validation
May 07, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-43857 MEDIUM
Net::IMAP DoS via Malicious Server Literal Byte Count
Apr 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-30221 MEDIUM
Pitchfork <0.11.0 - HTTP Response Header Injection
Mar 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-2304 CRITICAL
Camaleon CMS < 2.9.1 - Privilege Escalation via Mass Assignment in UsersController
Mar 14, 2025
EPSS 0.01
CVE-2025-25293 HIGH
ruby-saml < 1.12.4 - Denial of Service via Compressed SAML Response Bypass
Mar 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-25292 CRITICAL
ruby-saml <1.12.4,1.18.0 - Auth Bypass
Mar 12, 2025
CVSS 9.8
EPSS 0.64
CVE-2025-25291 CRITICAL NUCLEI
ruby-saml <1.12.4,1.18.0 - Auth Bypass
Mar 12, 2025
CVSS 9.8
EPSS 0.20
CVE-2025-27407 CRITICAL
graphql-ruby Remote Code Execution via Malicious Schema Definition
Mar 12, 2025
CVSS 9.0
EPSS 0.03