Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ruby — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting ruby. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ruby is a dynamic, open-source programming language primarily utilized for web application development, scripting, and system administration tasks. Its widespread adoption in frameworks like Ruby on Rails has historically exposed it to common vulnerability classes, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection, often stemming from unsafe deserialization or improper input validation. While the language itself is robust, security incidents frequently arise from misconfigured environments or outdated dependencies rather than core language flaws. Notable concerns involve the potential for arbitrary code execution through crafted objects, particularly in legacy versions lacking modern security patches. With 23 CVEs currently on record, developers must prioritize rigorous code auditing and dependency management to mitigate risks associated with privilege escalation and data exposure, ensuring that the flexibility of Ruby does not compromise application integrity.

Top products by ruby: rexml Ruby Nokogiri gem net-imap json WEBrick resolv uri zlib erb
CVE IDTitleCVSSSeverityPublished
CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class — erbCWE-693 8.1 High2026-04-24
CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption — zlibCWE-120 9.8 -2026-04-16
CVE-2026-33210 Ruby JSON has a format string injection vulnerability — jsonCWE-134 8.2 -2026-03-20
CVE-2025-61594 URI Credential Leakage Bypass over CVE-2025-27221 — uriCWE-200 7.5 -2025-12-30
CVE-2025-58767 REXML has a DoS condition when parsing malformed XML file — rexmlCWE-400 7.5AIHighAI2025-09-17
CVE-2025-24294 Ruby 安全漏洞 — resolv 7.5AIHighAI2025-07-12
CVE-2025-6442 Ruby WEBrick read_header HTTP Request Smuggling Vulnerability — WEBrickCWE-444 5.9AIMediumAI2025-06-25
CVE-2025-43857 net-imap rubygem vulnerable to possible DoS by memory exhaustion — net-imapCWE-400 7.5AIHighAI2025-04-28
CVE-2025-27788 Ruby JSON Parser has Out-of-bounds Read — jsonCWE-125 7.5 High2025-03-12
CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion — net-imapCWE-400 6.5 Medium2025-02-10
CVE-2024-49761 REXML ReDoS vulnerability — rexmlCWE-1333 7.5 -2024-10-28
CVE-2024-43398 REXML denial of service vulnerability — rexmlCWE-776 5.9 Medium2024-08-22
CVE-2024-41946 REXML DoS vulnerability — rexmlCWE-400 5.3 Medium2024-08-01
CVE-2024-41123 REXML DoS vulnerability — rexmlCWE-400 5.3 Medium2024-08-01
CVE-2024-39908 Denial of service in REXML — rexmlCWE-400 4.3 Medium2024-07-16
CVE-2024-35176 REXML contains a denial of service vulnerability — rexmlCWE-400 5.3 Medium2024-05-16
CVE-2015-1855 Ruby OpenSSL extension 输入验证错误漏洞 — Ruby 5.9 -2019-11-29
CVE-2011-3624 Ruby 注入漏洞 — Ruby 5.3 -2019-11-26
CVE-2013-6461 Nokogiri 安全漏洞 — Nokogiri gem 6.5 -2019-11-05
CVE-2013-6460 Nokogiri 安全漏洞 — Nokogiri gem 7.5 -2019-11-05
CVE-2016-2339 Ruby 缓冲区错误漏洞 — Ruby 9.8 -2017-01-06
CVE-2016-2337 Ruby 安全漏洞 — Ruby 9.8 -2017-01-06
CVE-2016-2336 Ruby 安全漏洞 — Ruby 9.8 -2017-01-06

This page lists every published CVE security advisory associated with ruby. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.