| Bug | Description |
|---|
| CVE-2023-36617 | A ReDoS issue was discovered in the URI component before 0.12.2 for Ru ... |
| CVE-2022-28738 | A double free was found in the Regexp compiler in Ruby 3.x before 3.0. ... |
| CVE-2021-41819 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ... |
| CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ... |
| CVE-2021-41816 | CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ... |
| CVE-2021-32066 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ... |
| CVE-2021-31810 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ... |
| CVE-2021-31799 | In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ... |
| CVE-2020-25613 | An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ... |
| CVE-2020-10933 | An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6 ... |
| CVE-2020-10663 | The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ... |
| CVE-2019-16255 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ... |
| CVE-2019-16254 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ... |
| CVE-2019-16201 | WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ... |
| CVE-2019-15845 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 misha ... |
| CVE-2019-8325 | An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ... |
| CVE-2019-8324 | An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ... |
| CVE-2019-8323 | An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem:: ... |
| CVE-2019-8322 | An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ... |
| CVE-2019-8321 | An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ... |
| CVE-2019-8320 | A Directory Traversal issue was discovered in RubyGems 2.7.6 and later ... |
| CVE-2018-1000079 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ... |
| CVE-2018-1000078 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ... |
| CVE-2018-1000077 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ... |
| CVE-2018-1000076 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ... |
| CVE-2018-1000075 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ... |
| CVE-2018-1000074 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ... |
| CVE-2018-1000073 | RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ... |
| CVE-2018-16396 | An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5. ... |
| CVE-2018-16395 | An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2 ... |
| CVE-2018-8780 | In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ... |
| CVE-2018-8779 | In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ... |
| CVE-2018-8778 | In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ... |
| CVE-2018-8777 | In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ... |
| CVE-2018-6914 | Directory traversal vulnerability in the Dir.mktmpdir method in the tm ... |
| CVE-2017-17790 | The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 us ... |
| CVE-2017-17742 | Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x befo ... |
| CVE-2017-17405 | Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, get ... |
| CVE-2017-14064 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can e ... |
| CVE-2017-14033 | The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2. ... |
| CVE-2017-11465 | The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows a ... |
| CVE-2017-10784 | The Basic authentication code in WEBrick library in Ruby before 2.2.8, ... |
| CVE-2017-6181 | The parse_char_class function in regparse.c in the Onigmo (aka Oniguru ... |
| CVE-2017-0903 | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possibl ... |
| CVE-2017-0902 | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking v ... |
| CVE-2017-0901 | RubyGems version 2.6.12 and earlier fails to validate specification na ... |
| CVE-2017-0900 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ... |
| CVE-2017-0899 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ... |
| CVE-2017-0898 | Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious forma ... |
| CVE-2016-7798 | The openssl gem for Ruby uses the same initialization vector (IV) in G ... |
| CVE-2016-2339 | An exploitable heap overflow vulnerability exists in the Fiddle::Funct ... |
| CVE-2016-2338 | An exploitable heap overflow vulnerability exists in the Psych::Emitte ... |
| CVE-2016-2337 | Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ... |
| CVE-2016-2336 | Type confusion exists in two methods of Ruby's WIN32OLE class, ole_inv ... |
| CVE-2015-9096 | Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ... |