pkg:Alpine/ruby

All known vulnerabilities

• CRITICAL9.8CVE-2026-27820Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
  from 0, < 3.4.9-r0
• CRITICAL9.8CVE-2024-27280StringIO buffer overread vulnerability
  from 0, < 3.1.5-r0
• CRITICAL9.8CVE-2018-16395ruby2.3 - security update
  from 0, < 2.5.2-r0
• CRITICAL9.8CVE-2017-0899RubyGems Code Injection vulnerability
  from 0, < 2.4.2-r0
• CRITICAL9.8CVE-2022-28738A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2.
  from 0, < 3.0.4-r0
• CRITICAL9.8CVE-2021-41816Buffer overrun in CGI.escape_html
  from 0, < 2.7.5-r0
• CRITICAL9.8CVE-2017-14064Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call.
  from 0, < 2.4.2-r0
• CRITICAL9.1CVE-2018-8780In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries a…
  from 0, < 2.5.1-r0
• CRITICAL9.1CVE-2017-0898ruby2.3 - security update
  from 0, < 2.4.2-r0
• HIGH8.8CVE-2021-33621HTTP response splitting in CGI
  from 0, < 2.7.7-r0
• HIGH8.8CVE-2017-10784WEBrick RCE Vulnerability
  from 0, < 2.4.2-r0
• HIGH8.8CVE-2019-8324Code injection in RubyGems
  from 0, < 2.4.6-r0
• HIGH8.8CVE-2017-17405ruby2.3 - security update
  from 0, < 2.4.3-r0
• HIGH8.1CVE-2017-0902RubyGems has Origin Validation Error vulnerability
  from 0, < 2.4.2-r0
• HIGH8.1CVE-2019-16255Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) t…
  from 0, < 2.5.7-r0
• HIGH8.1CVE-2018-16396An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3.
  from 0, < 2.5.2-r0
• HIGH7.5CVE-2025-61594URI Credential Leakage Bypass over CVE-2025-27221
  from 0, < 3.3.10-r0
• HIGH7.5CVE-2023-28755Ruby URI component ReDoS issue
  from 0, < 2.7.8-r0
• HIGH7.5CVE-2023-28756Ruby Time component ReDoS issue
  from 0, < 2.7.8-r0
• HIGH7.5CVE-2020-25613WEBRick vulnerable to HTTP Request/Response Smuggling
  from 0, < 2.5.8-r1
• HIGH7.5CVE-2017-14033Ruby OpenSSL DoS Vulnerability
  from 0, < 2.4.2-r0
• HIGH7.5CVE-2017-0900rubygems - security update
  from 0, < 2.4.2-r0
• HIGH7.5CVE-2017-0901RubyGems may allow a maliciously crafted gem to overwrite files
  from 0, < 2.4.2-r0
• HIGH7.5CVE-2022-28739There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2.
  from 0, < 2.7.6-r0
• HIGH7.5CVE-2021-41819Cookie Prefix Spoofing in CGI::Cookie.parse
  from 0, < 2.7.5-r0
• HIGH7.5CVE-2021-41817ruby2.3 - security update
  from 0, < 2.7.5-r0
• HIGH7.5CVE-2021-28966Tempfile on Windows path traversal vulnerability
  from 0, < 2.5.9-r0
• HIGH7.5CVE-2021-28965ruby2.5 - security update
  from 0, < 2.5.9-r0
• HIGH7.5CVE-2020-10663ruby2.5 - security update
  from 0, < 2.5.8-r0
• HIGH7.5CVE-2019-16201WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Servic…
  from 0, < 2.5.7-r0
• HIGH7.5CVE-2019-8325RubyGems Escape sequence injection in errors
  from 0, < 2.4.6-r0
• HIGH7.5CVE-2019-8321RubyGems Escape sequence injection vulnerability in verbose
  from 0, < 2.4.6-r0
• HIGH7.5CVE-2019-8322RubyGems Escape sequence injection vulnerability in gem owner
  from 0, < 2.4.6-r0
• HIGH7.5CVE-2019-8323RubyGems Escape sequence injection vulnerability in api response handling
  from 0, < 2.4.6-r0
• HIGH7.5CVE-2018-8779In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.o…
  from 0, < 2.5.1-r0
• HIGH7.5CVE-2018-8778In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpackin…
  from 0, < 2.5.1-r0
• HIGH7.5CVE-2018-8777In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP re…
  from 0, < 2.5.1-r0
• HIGH7.5CVE-2018-6914Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before…
  from 0, < 2.5.1-r0
• HIGH7.4CVE-2021-32066An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
  from 0, < 2.6.8-r0
• HIGH7.4CVE-2019-8320ruby2.3 - security update
  from 0, < 2.4.6-r0
• HIGH7.0CVE-2021-31799ruby2.3 - security update
  from 0, < 2.6.8-r0
• MEDIUM6.6CVE-2024-27282An issue was discovered in Ruby 3.x through 3.3.0.
  from 0, < 3.1.5-r0
• MEDIUM6.5CVE-2019-15845ruby2.5 - security update
  from 0, < 2.5.7-r0
• MEDIUM6.1CVE-2020-16255ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
  from 0, < 2.5.8-r0
• MEDIUM6.1CVE-2012-6708Cross-Site Scripting in jquery
  from 0, < 2.5.6-r0
• MEDIUM6.1CVE-2015-9251Cross-Site Scripting (XSS) in jquery
  from 0, < 2.5.6-r0
• MEDIUM5.8CVE-2025-27219CGI has Denial of Service (DoS) potential in Cookie.parse
  from 0, < 3.2.8-r0
• MEDIUM5.8CVE-2021-31810An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
  from 0, < 2.6.8-r0
• MEDIUM5.3CVE-2020-10933An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0.
  from 0, < 2.5.8-r0
• MEDIUM5.3CVE-2019-16254Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting.
  from 0, < 2.5.7-r0
• MEDIUM5.3CVE-2017-17742jruby - security update
  from 0, < 2.5.1-r0
• MEDIUM4.5CVE-2024-27281RDoc RCE vulnerability with .rdoc_options
  from 0, < 3.1.5-r0