Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how ruby-lang compares to other vendors in security performance

View Risk Score →

Ruby Ruby 4Race Condition, Use After Free

Risk 75
Severity
8.1
First published (updated )
CVE-2026-46727

rubygems/net-imapnet-imap: Command Injection via "raw" arguments to multiple commands

Risk 86
Severity
5.8
First published (updated )
CVE-2026-42257

rubygems/net-imapnet-imap: Command Injection via unvalidated Symbol inputs

Risk 86
Severity
5.8
First published (updated )
CVE-2026-42258

rubygems/net-imapnet-imap: Denial of service via high iteration count for `SCRAM-*` authentication

Risk 37
Severity
6
First published (updated )
CVE-2026-42256

rubygems/net-imapnet-imap: Quadratic complexity when reading response literals

Risk 43
Severity
2.3
First published (updated )
CVE-2026-42245
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

rubygems/net-imapnet-imap vulnerable to STARTTLS stripping via invalid response timing

Risk 55
Severity
7.6
First published (updated )
CVE-2026-42246

rubygems/zlibzlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

Risk 86
Severity
1.7
First published (updated )
CVE-2026-27820

rubygems/jsonRuby JSON has a format string injection vulnerability

Risk 47
Severity
8.3
EPSS
0.02%
First published (updated )
CVE-2026-33210

rubygems/uriURI Credential Leakage Bypass over CVE-2025-27221

Risk 43
Severity
2.1
First published (updated )
CVE-2025-61594

Microsoft azl3 rubygem-rexml 3.3.9-1REXML has a DoS condition when parsing malformed XML file

Risk 43
Severity
1.2
First published (updated )
CVE-2025-58767
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Ruby WEBrickRuby WEBrick read_header HTTP Request Smuggling Vulnerability

Risk 33
Severity
5.9
EPSS
0.05%
First published (updated )
CVE-2025-6442

rubygems/net-imapnet-imap rubygem vulnerable to possible DoS by memory exhaustion

Risk 27
Severity
6.5
EPSS
0.08%
First published (updated )
CVE-2025-43857

rubygems/jsonRuby JSON Parser has Out-of-bounds Read

Risk 31
Severity
7.5
EPSS
0.10%
First published (updated )
CVE-2025-27788

rubygems/cgiLast updated 17 April 2025

Risk 31
Severity
7.5
EPSS
0.17%
First published (updated )
CVE-2025-27219

rubygems/uriInfoleak

Risk 19
Severity
5.3
EPSS
0.02%
First published (updated )
CVE-2025-27221
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

rubygems/cgiLast updated 17 April 2025

Risk 31
Severity
7.5
EPSS
0.13%
First published (updated )
CVE-2025-27220

rubygems/rexmlREXML ReDoS vulnerability

Risk 32
Severity
6.6
EPSS
0.24%
First published (updated )
CVE-2024-49761

F5 BIG-IP Next SPKREXML denial of service vulnerability

Risk 37
Severity
5.9
First published (updated )
CVE-2024-43398

rubygems/rexmlREXML DoS vulnerability

Risk 46
Severity
7.5
First published (updated )
CVE-2024-41946

ruby-lang Rexml RubyREXML DoS vulnerability

Risk 46
Severity
7.5
First published (updated )
CVE-2024-41123
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

rubygems/rexmlDenial of service in REXML

Risk 23
Severity
4.3
First published (updated )
CVE-2024-39908

redhat/REXMLREXML contains a denial of service vulnerability

Risk 20
Severity
5.3
EPSS
0.04%
First published (updated )
CVE-2024-35176

rubygems/actionpackRails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Risk 31
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2024-26142

rubygems/uriLast updated 24 July 2024

Risk 28
Severity
5.3
First published (updated )
CVE-2023-36617

Fedoraproject FedoraLast updated 24 July 2024

Risk 46
Severity
7.5
First published (updated )
CVE-2023-28756
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

rubygems/uriInput Validation

Risk 46
Severity
7.5
First published (updated )
CVE-2023-28755

rubyonrails RailsA specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a sta…

Risk 43
Severity
7.5
First published (updated )
CVE-2023-22795

rubygems/cgiLast updated 24 July 2024

Risk 83
Severity
8.8
First published (updated )
CVE-2021-33621

redhat/rubyDouble Free

Risk 89
Severity
9.8
First published (updated )
CVE-2022-28738

redhat/RubyBuffer Overflow, Input Validation, Race Condition, Use After Free

Risk 46
Severity
7.5
First published (updated )
CVE-2022-28739
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203