Browse all 7 CVE security advisories affecting rubygems. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rubygems serves as the primary package manager for Ruby, enabling developers to distribute and install libraries and applications. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insecure input handling or improper access controls. Notable security characteristics include its widespread adoption in the Ruby ecosystem, which amplifies the impact of any discovered flaws. While no major public incidents have been widely documented, the presence of seven CVEs indicates ongoing security concerns that require vigilant maintenance and prompt patching by developers relying on this dependency management system.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-35221 | Denial of service when publishing a package on rubygems.org — rubygems.orgCWE-400 | 4.3 | Medium | 2024-05-29 |
| CVE-2024-21654 | rubygems.org MFA Bypass through password reset function could allow account takeover — rubygems.orgCWE-287 | 4.8 | Medium | 2024-01-12 |
| CVE-2023-40165 | Unauthorized gem replacement for full names ending in numbers on rubygems.org — rubygems.orgCWE-20 | 7.4 | High | 2023-08-17 |
| CVE-2022-36073 | RubyGems allows creation of users with arbitrary unverified emails — rubygems.orgCWE-287 | 8.3 | High | 2022-09-07 |
| CVE-2022-29218 | Unauthorized takeover for new versions of some platform-specific gems — rubygems.orgCWE-269 | 7.7 | High | 2022-05-12 |
| CVE-2022-29176 | Unauthorized gem takeover for some gems on rubygems.org — rubygems.orgCWE-862 | 9.9 | Critical | 2022-05-05 |
| CVE-2021-43809 | Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile — rubygemsCWE-88 | 6.7 | Medium | 2021-12-08 |
This page lists every published CVE security advisory associated with rubygems. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.