Software Detail

Software Informaton Top

Programming

Software Detail

Ruby

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.ruby-lang.org/
Explanation	It is an object-oriented scripting language developed by Yukihiro Matsumoto, which does not require compilation and is executed by an interpreter.
Tag	オープンソース Ruby’s License

Add Information URL

No	Type	Name	URL
1			https://www.ruby-lang.org/en/downloads/branches/
2			https://www.ruby-lang.org/ja/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
71	Ruby 3.2	3.2.9	July 24, 2025	Dec. 25, 2022	March 31, 2026	0	0	0
72	Ruby 3.1	3.1.7	March 26, 2025	Dec. 25, 2021	March 31, 2025	1	2	0
73	Ruby 3.0	3.0.7	April 23, 2024	Dec. 25, 2020	March 31, 2024	1	7	1
74	Ruby 2.7	2.7.8	March 30, 2023	Dec. 25, 2019	March 31, 2023	0	9	3
75	Ruby 2.6	2.6.10	April 12, 2022	Dec. 25, 2018	March 31, 2022	2	15	6
76	Ruby 2.5	2.5.9	April 5, 2021	Dec. 25, 2017	March 31, 2021	3	14	6
77	Ruby 2.4	2.4.10	March 31, 2020	Dec. 25, 2016	March 31, 2020	7	18	6
78	Ruby 2.3	2.3.8	Oct. 17, 2018	Dec. 25, 2015	March 31, 2019	10	15	5
79	Ruby 2.2	2.2.10	March 28, 2018	Dec. 25, 2014	March 31, 2018	9	15	7
80	Ruby 2.1	2.1.10	March 28, 2018	Dec. 25, 2013	March 31, 2017	3	10	11
81	Ruby 2.0	p648	Dec. 16, 2015	Feb. 24, 2013	Feb. 24, 2016	3	10	21
82	Ruby 1.9	p551	Nov. 13, 2014	Dec. 25, 2007	Feb. 23, 2015	4	19	29
83	Ruby 1.8	1.8.7-p374	June 27, 2013			4	22	28

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
71	- 5.0	MEDIUM	The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by ch…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2011-1005	cpe:2.3:a:ruby-lang:ruby:1.8.8:dev cpe:2.3:a:ruby-lang:ruby:1.8.7:* cpe:2.3:a:ruby-lang:ruby:1.8.7-330:* cpe:2…		2024-11-21 10:25 2011-03-3	Show	GitHub Exploit DB Packet Storm

72	- 6.3	MEDIUM	The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delet…	CWE-59 Link Following	CVE-2011-1004	cpe:2.3:a:ruby-lang:ruby:1.9.3:dev cpe:2.3:a:ruby-lang:ruby:1.9.2:* cpe:2.3:a:ruby-lang:ruby:1.9.1:* cpe:2.3:a…		2024-11-21 10:25 2011-03-3	Show	GitHub Exploit DB Packet Storm

73	- 7.2	HIGH	Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filename…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-2489	cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2 cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1 cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2…		2024-11-21 10:16 2010-07-12	Show	GitHub Exploit DB Packet Storm

74	- 10.0	HIGH	Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2009-4124	cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2 cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1 cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2…		2026-04-23 09:35 2009-12-12	Show	GitHub Exploit DB Packet Storm

75	- 5.0	MEDIUM	The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a larg…	CWE-189 Numeric Errors	CVE-2009-1904	cpe:2.3:a:ruby-lang:ruby:1.8.7:* cpe:2.3:a:ruby-lang:ruby:1.8.6:*		2026-04-23 09:35 2009-06-12	Show	GitHub Exploit DB Packet Storm

76	- 6.8	MEDIUM	ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 c…	CWE-287 Improper Authentication	CVE-2009-0642	cpe:2.3:a:ruby-lang:ruby:1.9:* cpe:2.3:a:ruby-lang:ruby:1.8:*		2026-04-23 09:35 2009-02-20	Show	GitHub Exploit DB Packet Storm

77	- 7.8	HIGH	httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE:…	CWE-399 Resource Management Errors	CVE-2008-4310	cpe:2.3:a:ruby-lang:ruby:1.8.5:* cpe:2.3:a:ruby-lang:ruby:1.8.1:*		2026-04-23 09:35 2008-12-9	Show	GitHub Exploit DB Packet Storm

78	- 5.8	MEDIUM	resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which make…	CWE-287 Improper Authentication	CVE-2008-3905	cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3 cpe:2.3:a:ruby-lang:ruby:1.8.7:pr…	1.9 1.8.7 1.8.6 1.8.5	2026-04-23 09:35 2008-09-5	Show	GitHub Exploit DB Packet Storm

79	- 5.0	MEDIUM	The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursiv…	CWE-20 Improper Input Validation	CVE-2008-3790	cpe:2.3:a:ruby-lang:ruby:1.9:* cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3		2026-04-23 09:35 2008-08-28	Show	GitHub Exploit DB Packet Storm

80	- 5.0	MEDIUM	The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infi…	CWE-399 Resource Management Errors	CVE-2008-3443	cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423 cpe:2.3:a:ruby-lang:ruby:1.9.0:* cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4		2026-04-23 09:35 2008-08-15	Show	GitHub Exploit DB Packet Storm