Software Detail

Software Informaton Top

Programming

Software Detail

Ruby

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.ruby-lang.org/
Explanation	It is an object-oriented scripting language developed by Yukihiro Matsumoto, which does not require compilation and is executed by an interpreter.
Tag	オープンソース Ruby’s License

Add Information URL

No	Type	Name	URL
1			https://www.ruby-lang.org/en/downloads/branches/
2			https://www.ruby-lang.org/ja/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
81	Ruby 3.2	3.2.9	July 24, 2025	Dec. 25, 2022	March 31, 2026	0	0	0
82	Ruby 3.1	3.1.7	March 26, 2025	Dec. 25, 2021	March 31, 2025	1	2	0
83	Ruby 3.0	3.0.7	April 23, 2024	Dec. 25, 2020	March 31, 2024	1	7	1
84	Ruby 2.7	2.7.8	March 30, 2023	Dec. 25, 2019	March 31, 2023	0	9	3
85	Ruby 2.6	2.6.10	April 12, 2022	Dec. 25, 2018	March 31, 2022	2	15	6
86	Ruby 2.5	2.5.9	April 5, 2021	Dec. 25, 2017	March 31, 2021	3	14	6
87	Ruby 2.4	2.4.10	March 31, 2020	Dec. 25, 2016	March 31, 2020	7	18	6
88	Ruby 2.3	2.3.8	Oct. 17, 2018	Dec. 25, 2015	March 31, 2019	10	15	5
89	Ruby 2.2	2.2.10	March 28, 2018	Dec. 25, 2014	March 31, 2018	9	15	7
90	Ruby 2.1	2.1.10	March 28, 2018	Dec. 25, 2013	March 31, 2017	3	10	11
91	Ruby 2.0	p648	Dec. 16, 2015	Feb. 24, 2013	Feb. 24, 2016	3	10	21
92	Ruby 1.9	p551	Nov. 13, 2014	Dec. 25, 2007	Feb. 23, 2015	4	19	29
93	Ruby 1.8	1.8.7-p374	June 27, 2013			4	22	28

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	more than	less than	Update date Published date	Show Affected	Exploit PoC Search
81	- 7.5	HIGH	Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which all…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2008-3655	cpe:2.3:a:ruby-lang:ruby:1.9.0:* cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3<…		1.8.5			2026-04-23 09:35 2008-08-13	Show	GitHub Exploit DB Packet Storm

82	- 7.8	HIGH	Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 t…	CWE-399 Resource Management Errors	CVE-2008-3656	cpe:2.3:a:ruby-lang:ruby:1.9.0:* cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3<…		1.8.5			2026-04-23 09:35 2008-08-13	Show	GitHub Exploit DB Packet Storm

83	- 7.5	HIGH	The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to by…	CWE-20 Improper Input Validation	CVE-2008-3657	cpe:2.3:a:ruby-lang:ruby:1.9.0:* cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3<…		1.8.5			2026-04-23 09:35 2008-08-13	Show	GitHub Exploit DB Packet Storm

84	- 7.5	HIGH	Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact…	CWE-189 Numeric Errors	CVE-2008-2376	cpe:2.3:a:ruby-lang:ruby:1.8.6.230:*					2026-04-23 09:35 2008-07-9	Show	GitHub Exploit DB Packet Storm

85	- 10.0	HIGH	Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow contex…	CWE-189 Numeric Errors	CVE-2008-2662	cpe:2.3:a:ruby-lang:ruby::	1.8.6 1.8.7 1.9.0	1.8.4	1.8.5	1.8.5.231 1.8.6.230 1.8.7.22 1.9.0.2	2026-04-23 09:35 2008-06-25	Show	GitHub Exploit DB Packet Storm

86	- 10.0	HIGH	Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to ex…	CWE-190 Integer Overflow or Wraparound	CVE-2008-2663	cpe:2.3:a:ruby-lang:ruby::	1.8.6 1.8.7	1.8.4	1.8.5	1.8.5.231 1.8.6.230 1.8.7.22	2026-04-23 09:35 2008-06-25	Show	GitHub Exploit DB Packet Storm

87	- 7.8	HIGH	The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger …	CWE-399 Resource Management Errors	CVE-2008-2664	cpe:2.3:a:ruby-lang:ruby::	1.8.6 1.8.7 1.9.0	1.8.4	1.8.5	1.8.5.231 1.8.6.230 1.8.7.22 1.9.0.2	2026-04-23 09:35 2008-06-25	Show	GitHub Exploit DB Packet Storm

88	- 7.8	HIGH	Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_re…	CWE-189 Numeric Errors	CVE-2008-2726	cpe:2.3:a:ruby-lang:ruby::	1.8.5 1.8.6 1.8.7 1.9.0	1.8.4		1.8.5.231 1.8.6.230 1.8.7.22 1.9.0.2	2026-04-23 09:35 2008-06-25	Show	GitHub Exploit DB Packet Storm

89	- 7.8	HIGH	Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.…	CWE-189 Numeric Errors	CVE-2008-2725	cpe:2.3:a:ruby-lang:ruby::	1.8.5 1.8.6 1.8.7	1.8.4		1.8.5.231 1.8.6.230 1.8.7.22	2026-04-23 09:35 2008-06-25	Show	GitHub Exploit DB Packet Storm

90	- 5.0	MEDIUM	Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT file…	CWE-22 Path Traversal	CVE-2008-1891	cpe:2.3:a:ruby-lang:ruby:1.8.6:* cpe:2.3:a:ruby-lang:ruby:1.8.5:* cpe:2.3:a:ruby-lang:ruby::		1.9.0			2026-04-23 09:35 2008-04-19	Show	GitHub Exploit DB Packet Storm