Mruby

This hub aggregates every CVE we track for Mruby, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Mruby.

• CVE-2026-1979mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after free5.3Feb 6, 2026
• CVE-2025-61594URI Credential Leakage Bypass over CVE-2025-272217.5Dec 30, 2025
• CVE-2025-13120mruby array.c sort_cmp use after free5.3Nov 13, 2025
• CVE-2025-12875mruby array.c ary_fill_exec out-of-bounds write5.3Nov 7, 2025
• CVE-2025-7207mruby nregs codegen.c scope_new heap-based overflow3.3Jul 9, 2025
• CVE-2023-28755A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time...5.3Mar 31, 2023
• CVE-2021-46023An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.7.5Feb 14, 2023
• CVE-2021-33621The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an ...8.8Nov 18, 2022
• CVE-2022-1934Use After Free in mruby/mruby7.8May 31, 2022
• CVE-2022-1427Out-of-bounds Read in mrb_obj_is_kind_of in in mruby/mruby7.8Apr 22, 2022
• CVE-2022-1286heap-buffer-overflow in mrb_vm_exec in mruby/mruby in mruby/mruby9.8Apr 10, 2022
• CVE-2022-1276Out-of-bounds Read in mrb_get_args in mruby/mruby9.8Apr 10, 2022
• CVE-2022-1212Use-After-Free in str_escape in mruby/mruby in mruby/mruby9.8Apr 5, 2022
• CVE-2022-1201NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby6.5Apr 2, 2022
• CVE-2022-1106use after free in mrb_vm_exec in mruby/mruby9.1Mar 27, 2022