ruby-lang
OSS Librariesoss-project
Latest CVEs
The 15 most recently published vulnerabilities affecting ruby-lang.
- CVE-2026-46727An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a rem...8.1
- CVE-2026-42258net-imap: Command Injection via unvalidated Symbol inputs9.8
- CVE-2026-42257net-imap: Command Injection via "raw" arguments to multiple commands9.8
- CVE-2026-42256net-imap: Denial of service via high iteration count for `SCRAM-*` authentication6.5
- CVE-2026-42245net-imap: Quadratic complexity when reading response literals7.5
- CVE-2026-42246net-imap vulnerable to STARTTLS stripping via invalid response timing7.4
- CVE-2026-27820zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption9.8
- CVE-2026-33210Ruby JSON has a format string injection vulnerability9.1
- CVE-2025-61594URI Credential Leakage Bypass over CVE-2025-272217.5
- CVE-2025-58767REXML has a DoS condition when parsing malformed XML file5.3
- CVE-2025-6442Ruby WEBrick read_header HTTP Request Smuggling Vulnerability5.9
- CVE-2025-43857net-imap rubygem vulnerable to possible DoS by memory exhaustion6.5
- CVE-2025-27788Ruby JSON Parser has Out-of-bounds Read7.5
- CVE-2025-27221In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changin...3.2
- CVE-2025-27220In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.4.0