ruby-lang
OSS Librariesoss-project
Latest CVEs
The 15 most recently published vulnerabilities affecting ruby-lang.
- CVE-2026-46727An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a rem...8.1
- CVE-2026-42258net-imap: Command Injection via unvalidated Symbol inputs5.3
- CVE-2026-42257net-imap: Command Injection via "raw" arguments to multiple commands9.8
- CVE-2026-42256net-imap: Denial of service via high iteration count for `SCRAM-*` authentication6.5
- CVE-2026-42245net-imap: Quadratic complexity when reading response literals7.5
- CVE-2026-42246net-imap vulnerable to STARTTLS stripping via invalid response timing7.4
- CVE-2026-27820zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption9.8
- CVE-2026-33210Ruby JSON has a format string injection vulnerability9.1
- CVE-2025-61594URI Credential Leakage Bypass over CVE-2025-272217.5
- CVE-2025-58767REXML has a DoS condition when parsing malformed XML file5.3
- CVE-2025-6442Ruby WEBrick read_header HTTP Request Smuggling Vulnerability5.9
- CVE-2025-43857net-imap rubygem vulnerable to possible DoS by memory exhaustion6.5
- CVE-2025-27788Ruby JSON Parser has Out-of-bounds Read7.5
- CVE-2025-27220In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.4.0
- CVE-2025-27219In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length ...5.8