Ruby Lang Security Vulnerabilities (CVEs)
Track 13 security vulnerabilities affecting Ruby Lang products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Ruby's URI module allows credential exposure when using the '+' operator to combine URIs. Sensitive information like passwords f...
Dec 30, 2025This vulnerability in Ruby's Net::IMAP library allows a malicious or compromised IMAP server to cause denial of service through memory exhaustion. Whe...
Apr 28, 2025A Regular Expression Denial of Service (ReDoS) vulnerability exists in the CGI gem for Ruby versions before 0.4.2. This vulnerability allows attackers...
Mar 4, 2025CVE-2024-49761 is a Regular Expression Denial of Service (ReDoS) vulnerability in REXML, Ruby's XML toolkit. It allows attackers to cause denial of se...
Oct 28, 2024CVE-2024-41946 is a denial-of-service vulnerability in REXML, Ruby's XML toolkit, where parsing XML with many entity expansions via SAX2 or pull parse...
Aug 1, 2024REXML, an XML toolkit for Ruby, has a denial of service vulnerability when parsing XML with many '<' characters in attribute values. Attackers can cau...
May 16, 2024This vulnerability is a buffer over-read in Ruby's String-to-Float conversion functions (Kernel#Float and String#to_f). It allows attackers to read me...
May 9, 2022This vulnerability in Ruby's CGI.escape_html function allows integer overflow and buffer overflow when processing very long strings on platforms where...
Feb 6, 2022This vulnerability in Ruby's CGI::Cookie.parse function mishandles security prefixes in cookie names, allowing attackers to bypass cookie security mec...
Jan 1, 2022CVE-2021-41817 is a regular expression denial of service (ReDoS) vulnerability in Ruby's date gem. Attackers can cause denial of service by sending sp...
Jan 1, 2022This vulnerability in Ruby's Net::IMAP library allows man-in-the-middle attackers to bypass TLS encryption by blocking StartTLS commands, potentially ...
Aug 1, 2021This vulnerability allows remote attackers to write arbitrary files to the Windows temporary directory by submitting crafted paths when a Ruby web app...
Jul 30, 2021This vulnerability in RDoc (Ruby's documentation generator) allows arbitrary code execution when processing filenames containing pipe (|) or backtick ...
Jul 30, 2021Why Monitor Ruby Lang Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 13+ known vulnerabilities affecting Ruby Lang products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Ruby Lang packages in under 60 seconds. No agents required - completely agentless scanning that works across Ruby Lang deployments.
Free vulnerability database: Access detailed information about every Ruby Lang CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Ruby Lang CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
