ruby

Top products

The 15 most recently published vulnerabilities affecting ruby.

• CVE-2026-42258net-imap: Command Injection via unvalidated Symbol inputs9.8May 9, 2026
• CVE-2026-42257net-imap: Command Injection via "raw" arguments to multiple commands9.8May 9, 2026
• CVE-2026-42256net-imap: Denial of service via high iteration count for `SCRAM-*` authentication6.5May 9, 2026
• CVE-2026-42245net-imap: Quadratic complexity when reading response literals7.5May 9, 2026
• CVE-2026-42246net-imap vulnerable to STARTTLS stripping via invalid response timing7.4May 9, 2026
• CVE-2026-41316ERB has an @_init deserialization guard bypass via def_module / def_method / def_class8.1Apr 24, 2026
• CVE-2026-27820zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption9.8Apr 16, 2026
• CVE-2026-33210Ruby JSON has a format string injection vulnerability9.1Mar 20, 2026
• CVE-2025-61594URI Credential Leakage Bypass over CVE-2025-272217.5Dec 30, 2025
• CVE-2025-58767REXML has a DoS condition when parsing malformed XML file5.3Sep 17, 2025
• CVE-2025-24294The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can cr...7.5Jul 12, 2025
• CVE-2025-6442Ruby WEBrick read_header HTTP Request Smuggling Vulnerability5.9Jun 25, 2025
• CVE-2025-43857net-imap rubygem vulnerable to possible DoS by memory exhaustion6.5Apr 28, 2025
• CVE-2025-27788Ruby JSON Parser has Out-of-bounds Read7.5Mar 12, 2025
• CVE-2025-25186Net::IMAP vulnerable to possible DoS by memory exhaustion6.5Feb 10, 2025