Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Ruby Number Of NVD 91 CRITICAL 13 HIGH 37 MEDIUM 41 LOW 0
URL https://www.ruby-lang.org/
Explanation It is an object-oriented scripting language developed by Yukihiro Matsumoto, which does not require compilation and is executed by an interpreter.
Tag
  • Ruby’s License
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.ruby-lang.org/en/downloads/branches/
2 https://www.ruby-lang.org/ja/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
11 Ruby 3.2 3.2.9 July 24, 2025 Dec. 25, 2022 March 31, 2026 0 0 0 0
12 Ruby 3.1 3.1.7 March 26, 2025 Dec. 25, 2021 March 31, 2025 1 2 0 0
13 Ruby 3.0 3.0.7 April 23, 2024 Dec. 25, 2020 March 31, 2024 1 7 1 0
14 Ruby 2.7 2.7.8 March 30, 2023 Dec. 25, 2019 March 31, 2023 0 9 3 0
15 Ruby 2.6 2.6.10 April 12, 2022 Dec. 25, 2018 March 31, 2022 2 15 6 0
16 Ruby 2.5 2.5.9 April 5, 2021 Dec. 25, 2017 March 31, 2021 3 14 6 0
17 Ruby 2.4 2.4.10 March 31, 2020 Dec. 25, 2016 March 31, 2020 7 18 6 0
18 Ruby 2.3 2.3.8 Oct. 17, 2018 Dec. 25, 2015 March 31, 2019 10 15 5 0
19 Ruby 2.2 2.2.10 March 28, 2018 Dec. 25, 2014 March 31, 2018 9 15 7 0
20 Ruby 2.1 2.1.10 March 28, 2018 Dec. 25, 2013 March 31, 2017 3 10 11 0
21 Ruby 2.0 p648 Dec. 16, 2015 Feb. 24, 2013 Feb. 24, 2016 3 10 21 0
22 Ruby 1.9 p551 Nov. 13, 2014 Dec. 25, 2007 Feb. 23, 2015 4 19 29 0
23 Ruby 1.8 1.8.7-p374 June 27, 2013 4 22 28 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
11 7.5
5.0 		HIGH
Network 		The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and seri… NVD-CWE-Other
CVE-2021-28965 cpe:2.3:a:ruby-lang:ruby:*:* 3.0.0
2.7.0



3.0.1
2.7.3
2.6.7 		2024-11-21 15:00
2021-04-21 		Show GitHub Exploit DB Packet Storm
12 7.5
5.0 		HIGH
Network 		An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigoro… CWE-444
HTTP Request Smuggling 		CVE-2020-25613 cpe:2.3:a:ruby-lang:ruby:*:* 2.6.0
2.7.0
 2.6.6
2.7.1
2.5.8



2024-11-21 14:18
2020-10-6 		Show GitHub Exploit DB Packet Storm
13 5.3
5.0 		MEDIUM
Network 		An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buff… CWE-908
 Use of Uninitialized Resource 		CVE-2020-10933 cpe:2.3:a:ruby-lang:ruby:2.7.0:*
cpe:2.3:a:ruby-lang:ruby:*:* 		2.5.0
2.6.0 		2.5.7
2.6.5

2024-11-21 13:56
2020-05-5 		Show GitHub Exploit DB Packet Storm
14 7.5
5.0 		HIGH
Network 		In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to en… - CVE-2020-5247 cpe:2.3:a:ruby-lang:ruby:2.7.0:preview1
cpe:2.3:a:ruby-lang:ruby:*:* 		2.6.0
2.5.0
2.4.0
 2.6.4
2.5.6
2.4.7
2.3.0





2024-11-21 14:33
2020-02-29 		Show GitHub Exploit DB Packet Storm
15 5.9
4.3 		MEDIUM
Network 		verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attacker… CWE-20
 Improper Input Validation  		CVE-2015-1855 cpe:2.3:a:ruby-lang:ruby:2.0.0:p643
cpe:2.3:a:ruby-lang:ruby:2.0.0:p598
cpe:2.3:a:ruby-lang:ruby:2.0.0:p594
cp… 		2.1.0
2.2.0

2.1.6
2.2.2 		2024-11-21 11:26
2019-11-30 		Show GitHub Exploit DB Packet Storm
16 8.1
6.8 		HIGH
Network 		Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. … CWE-94
Code Injection 		CVE-2019-16255 cpe:2.3:a:ruby-lang:ruby:*:* 2.6.0
2.5.0
2.4.0 		2.6.4
2.5.6
2.4.7



2024-11-21 13:30
2019-11-27 		Show GitHub Exploit DB Packet Storm
17 5.3
5.0 		MEDIUM
Network 		Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit i… CWE-74
Injection 		CVE-2019-16254 cpe:2.3:a:ruby-lang:ruby:*:* 2.6.0
2.5.0
2.4.0
 2.6.4
2.5.6
2.4.7
2.3.0





2024-11-21 13:30
2019-11-27 		Show GitHub Exploit DB Packet Storm
18 7.5
7.8 		HIGH
Network 		WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBr… CWE-287
Improper Authentication 		CVE-2019-16201 cpe:2.3:a:ruby-lang:ruby:*:* 2.6.0
2.5.0
2.4.0 		2.6.4
2.5.6
2.4.7



2024-11-21 13:30
2019-11-27 		Show GitHub Exploit DB Packet Storm
19 6.5
6.4 		MEDIUM
Network 		Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. NVD-CWE-noinfo
CVE-2019-15845 cpe:2.3:a:ruby-lang:ruby:*:* 2.6.0
2.5.0
2.4.0 		2.6.4
2.5.6
2.4.7



2024-11-21 13:29
2019-11-27 		Show GitHub Exploit DB Packet Storm
20 9.8
7.5 		CRITICAL
Network 		The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use t… CWE-326
Inadequate Encryption Strength 		CVE-2011-4121 cpe:2.3:a:ruby-lang:ruby:*:* 1.8.7.334 1.9.3 2024-11-21 10:31
2019-11-26 		Show GitHub Exploit DB Packet Storm