Software Detail

Software Informaton Top

Programming

Software Detail

Ruby

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.ruby-lang.org/
Explanation	It is an object-oriented scripting language developed by Yukihiro Matsumoto, which does not require compilation and is executed by an interpreter.
Tag	オープンソース Ruby’s License

Add Information URL

No	Type	Name	URL
1			https://www.ruby-lang.org/en/downloads/branches/
2			https://www.ruby-lang.org/ja/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
61	Ruby 3.2	3.2.9	July 24, 2025	Dec. 25, 2022	March 31, 2026	0	0	0
62	Ruby 3.1	3.1.7	March 26, 2025	Dec. 25, 2021	March 31, 2025	1	2	0
63	Ruby 3.0	3.0.7	April 23, 2024	Dec. 25, 2020	March 31, 2024	1	7	1
64	Ruby 2.7	2.7.8	March 30, 2023	Dec. 25, 2019	March 31, 2023	0	9	3
65	Ruby 2.6	2.6.10	April 12, 2022	Dec. 25, 2018	March 31, 2022	2	15	6
66	Ruby 2.5	2.5.9	April 5, 2021	Dec. 25, 2017	March 31, 2021	3	14	6
67	Ruby 2.4	2.4.10	March 31, 2020	Dec. 25, 2016	March 31, 2020	7	18	6
68	Ruby 2.3	2.3.8	Oct. 17, 2018	Dec. 25, 2015	March 31, 2019	10	15	5
69	Ruby 2.2	2.2.10	March 28, 2018	Dec. 25, 2014	March 31, 2018	9	15	7
70	Ruby 2.1	2.1.10	March 28, 2018	Dec. 25, 2013	March 31, 2017	3	10	11
71	Ruby 2.0	p648	Dec. 16, 2015	Feb. 24, 2013	Feb. 24, 2016	3	10	21
72	Ruby 1.9	p551	Nov. 13, 2014	Dec. 25, 2007	Feb. 23, 2015	4	19	29
73	Ruby 1.8	1.8.7-p374	June 27, 2013			4	22	28

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
61	- 5.0	MEDIUM	lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an X…	CWE-20 Improper Input Validation	CVE-2013-1821	cpe:2.3:a:ruby-lang:ruby:2.0:* cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1 cpe:2.3:a…	1.9.3	2024-11-21 10:50 2013-04-10	Show	GitHub Exploit DB Packet Storm

62	- 4.3	MEDIUM	darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) atta…	CWE-79 Cross-site Scripting	CVE-2013-0256	cpe:2.3:a:ruby-lang:ruby:2.0:* cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1 cpe:2.3:a…		2024-11-21 10:47 2013-03-1	Show	GitHub Exploit DB Packet Storm

63	- 5.0	MEDIUM	Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attac…	CWE-310 Cryptographic Issues	CVE-2012-5371	cpe:2.3:a:ruby-lang:ruby:2.0:* cpe:2.3:a:ruby-lang:ruby:1.9:* cpe:2.3:a:ruby-lang:ruby:1.9.3:p194 cpe:2.3:a:ru…	1.9.3	2024-11-21 10:44 2012-11-28	Show	GitHub Exploit DB Packet Storm

64	- 5.0	MEDIUM	The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-4522	cpe:2.3:a:ruby-lang:ruby:2.0.0:* cpe:2.3:a:ruby-lang:ruby:1.9.3:*		2024-11-21 10:43 2012-11-25	Show	GitHub Exploit DB Packet Storm

65	- 6.0	MEDIUM	Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse …	NVD-CWE-Other	CVE-2012-5380	cpe:2.3:a:ruby-lang:ruby:1.9.3:*		2024-11-21 10:44 2012-10-11	Show	GitHub Exploit DB Packet Storm

66	- 7.8	HIGH	Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (…	CWE-20 Improper Input Validation	CVE-2011-4815	cpe:2.3:a:ruby-lang:ruby:1.8.7-p334:* cpe:2.3:a:ruby-lang:ruby:1.8.7-p330:* cpe:2.3:a:ruby-lang:ruby:1.8.7-p302:*…	1.8.7-p352	2024-11-21 10:33 2011-12-30	Show	GitHub Exploit DB Packet Storm

67	- 5.0	MEDIUM	Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number…	CWE-310 Cryptographic Issues	CVE-2011-3009	cpe:2.3:a:ruby-lang:ruby:1.8.6:p36 cpe:2.3:a:ruby-lang:ruby:1.8.6:p110 cpe:2.3:a:ruby-lang:ruby:*:p111	1.8.6	2024-11-21 10:29 2011-08-6	Show	GitHub Exploit DB Packet Storm

68	- 5.0	MEDIUM	The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependen…	CWE-20 Improper Input Validation	CVE-2011-2705	cpe:2.3:a:ruby-lang:ruby:1.9:r18423 cpe:2.3:a:ruby-lang:ruby:1.9:* cpe:2.3:a:ruby-lang:ruby:1.9.2:dev cpe:2.3:…	1.8.7-334	2024-11-21 10:28 2011-08-6	Show	GitHub Exploit DB Packet Storm

69	- 5.0	MEDIUM	Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number…	CWE-310 Cryptographic Issues	CVE-2011-2686	cpe:2.3:a:ruby-lang:ruby:1.8.7:p72 cpe:2.3:a:ruby-lang:ruby:1.8.7:p71 cpe:2.3:a:ruby-lang:ruby:1.8.7:p22 cpe:2…	1.8.7-334	2024-11-21 10:28 2011-08-6	Show	GitHub Exploit DB Packet Storm

70	- 6.8	MEDIUM	The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which a…	CWE-189 Numeric Errors	CVE-2011-0188	cpe:2.3:a:ruby-lang:ruby:1.9:r18423 cpe:2.3:a:ruby-lang:ruby:1.9:* cpe:2.3:a:ruby-lang:ruby:1.9.2:dev cpe:2.3:…	1.9.2-p136	2024-11-21 10:23 2011-03-23	Show	GitHub Exploit DB Packet Storm