Filter
Versions
2.4.3
10
2.5.0
8
2.2.9
7
2.3.6
7
2.6.0
6
3.0.2
6
2.0.0
5
2.0.1
5
2.0.2
5
2.0.3
5
2.0.4
5
2.0.5
5
2.0.6
5
2.0.7
5
2.6.12
5
1.8.0
4
1.8.1
4
1.8.10
4
1.8.11
4
1.8.12
4
1.8.13
4
1.8.14
4
1.8.15
4
1.8.16
4
1.8.17
4
1.8.18
4
1.8.19
4
1.8.2
4
1.8.20
4
1.8.21
4
1.8.22
4
1.8.3
4
1.8.4
4
1.8.5
4
1.8.6
4
1.8.7
4
1.8.8
4
1.8.9
4
2.0.8
4
2.0.9
4
2.0.0-preview2
3
2.0.0-preview2.1
3
2.0.0-preview2.2
3
2.0.0-rc1
3
2.0.0-rc2
3
2.0.10
3
2.0.11
3
2.0.12
3
2.0.13
3
2.0.14
3
2.0.15
3
2.2.0
3
2.2.1
3
2.2.2
3
2.2.3
3
2.4.0
3
2.4.1
3
2.4.2
3
2.4.4
3
2.4.5
3
2.4.6
3
1.8.23
2
1.8.24
2
1.8.25
2
2.0.16
2
2.1.0
2
2.1.0-rc1
2
2.1.0-rc2
2
2.1.1
2
2.1.2
2
2.1.3
2
2.1.4
2
2.2.4
2
2.4.7
2
0.8.11
1
0.9.0
1
1.8.26
1
2.0.17
1
2.1.0.rc.1
1
2.1.0.rc.2
1
2.1.10
1
2.1.11
1
2.1.5
1
2.1.6
1
2.1.7
1
2.1.8
1
2.1.9
1
2.2.0.preiew.1
1
2.2.0.rc.1
1
2.2.5
1
2.3.0
1
2.4.8
1
2.5.1
1
2.5.2
1
2.6.1
1
2.6.10
1
2.6.11
1
2.6.13
1
2.6.2
1
2.6.3
1
2.6.4
1
2.6.5
1
2.6.6
1
2.6.7
1
2.6.8
1
2.6.9
1
2.7.6
1
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
RubyGemsrubygems.org MFA Bypass through password reset function could allow account takeover
9.8
EPSS
0.08%
First published (updated )
RubyGemsUnauthorized gem replacement for full names ending in numbers on rubygems.org
7.5
First published (updated )
RubyGemsThe extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exi…
9.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
RubyGemsRubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote atta…
5.8
First published (updated )
RubyGemsRubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a…
4.3
First published (updated )
RubyGemsAlgorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/versi…
4.3
First published (updated )
RubyGemsAlgorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in …
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
RubyGemsRubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostn…
First published (updated )
rubygems/rubygems-updateAn issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_respon…
7.5
First published (updated )
rubygems/rubygems-updateAn issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
rubygems/rubygems-updateAn issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the c…
7.5
First published (updated )
rubygems/rubygems-updateAn issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose …
7.5
First published (updated )
RubyGemsRubyGems allows creation of users with arbitrary unverified emails
8.8
First published (updated )
RubyGemsUnauthorized takeover for new versions of some platform-specific gems
7.7
First published (updated )
RubyGemsUnauthorized gem takeover for some gems on rubygems.org
9.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.