ruby

Security Risk Profile

/100

medium

Security Risk Score

Comprehensive risk assessment based on 74 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from October 1, 2007 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

3.9

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

59/100

medium

📈 1 in Last 30 Days

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

Race Condition

Use After Free

Buffer Overflow

Weak Encryption

Input Validation

Most Affected Products

1. Ruby Ruby45

2. Ruby WEBrick8

3. Ruby REXML5

4. Ruby json gem4

5. OmniAuth Omniauth Saml Ruby3

Recent Vulnerabilities

REXML has a DoS condition when parsing malformed XML file

CVSS 5.9EPSS 0%medium

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability

6/25/2025

ZDI-25-414

CVSS 6.5medium

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability

6/23/2025🔧 No Patch

ZDI-CAN-21876

CVSS 6.5medium

ZDI-25-414: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability

Ruby vulnerabilities

CVSS 9.8EPSS 0%critical

GHSL-2024-329_GHSL-2024-330: Authentication bypasses in ruby-saml - CVE-2025-25291, CVE-2025-25292

3/12/2025

CVE-2025-27788

CVSS 7.5EPSS 0%high

Ruby JSON Parser has Out-of-bounds Read