Uri
This hub aggregates every CVE we track for Uri, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM3LOW1HIGH1
Monthly trend
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Uri.
- CVE-2025-61594URI Credential Leakage Bypass over CVE-2025-272217.5
- CVE-2025-27221In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changin...3.2
- CVE-2023-36617A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing st...5.3
- CVE-2023-28755A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time...5.3
- CVE-2023-28628`authority-regex` returns the wrong authority in lambdaisland/uri5.4
Product normalization is registry-driven with AI assist and human review. How it works