ruby — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting ruby. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ruby is a dynamic, open-source programming language primarily utilized for web application development, scripting, and system administration tasks. Its widespread adoption in frameworks like Ruby on Rails has historically exposed it to common vulnerability classes, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection, often stemming from unsafe deserialization or improper input validation. While the language itself is robust, security incidents frequently arise from misconfigured environments or outdated dependencies rather than core language flaws. Notable concerns involve the potential for arbitrary code execution through crafted objects, particularly in legacy versions lacking modern security patches. With 23 CVEs currently on record, developers must prioritize rigorous code auditing and dependency management to mitigate risks associated with privilege escalation and data exposure, ensuring that the flexibility of Ruby does not compromise application integrity.

Top products by ruby: rexml net-imap Ruby Nokogiri gem json WEBrick resolv uri zlib erb

LowCVE-2026-422452026-05-10

Quadratic complexity when reading response literals · Advisory · ruby/net-imap · GitHub

Unknown2026-05-10

🔀 Merge pull request #650 from ruby/backport/v0.5/response_reader-non… · ruby/net-imap@6091f7d · GitHub

High2026-05-10

Release v0.4.24 · ruby/net-imap · GitHub

High2026-05-10

Release v0.6.4 · ruby/net-imap · GitHub

High2026-05-10

🔀 Merge pull request #655 from ruby/backport/v0.4/scram-maximum_itera… · ruby/net-imap@158d0b5 · GitHub

Medium2026-05-10

Denial of service via high iteration count for `SCRAM-*` authentication · Advisory · ruby/net-imap · GitHub

Medium2026-05-10

🔀 Merge pull request #654 from ruby/scram-maximum_iterations · ruby/net-imap@99f59ea · GitHub

High2026-05-10

🔀 Merge pull request #656 from ruby/backport/v0.5/scram-maximum_itera… · ruby/net-imap@808001b · GitHub

High2026-05-10

🔀 Merge pull request #664 from ruby/security/STARTTLS-stripping · ruby/net-imap@0ede4c4 · GitHub

HighCVE-2026-423462026-05-10

STARTTLS stripping via invalid response timing · Advisory · ruby/net-imap · GitHub

High2026-05-10

🔀 Merge pull request #666 from ruby/backport/v0.4/STARTTLS-stripping · ruby/net-imap@24a4e77 · GitHub

MediumCVE-2014-39122026-05-10

🔀 Merge pull request #667 from ruby/backport/v0.3/STARTTLS-stripping · ruby/net-imap@97e2488 · GitHub

HighCVE-2024-27352026-05-10

🔀 Merge pull request #665 from ruby/backport/v0.5/STARTTLS-stripping · ruby/net-imap@f79d35b · GitHub

LowCVE-2025-272212026-04-18

URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+ · CVE-2025-27221 · GitHub Advisory Database · GitHub

Medium2026-04-18

Security advisories: CVE-2025-27219, CVE-2025-27220 and CVE-2025-27221 | Ruby

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with ruby. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

ruby — Vulnerabilities & Security Advisories 28