High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-18	CVE-2021-33621	Injection vulnerability in multiple products The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. network low complexity ruby-lang fedoraproject CWE-74	8.8
2022-05-09	CVE-2022-28739	Out-of-bounds Read vulnerability in multiple products There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. network low complexity ruby-lang debian apple CWE-125	7.5
2022-01-01	CVE-2021-41819	Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. network low complexity ruby-lang redhat debian suse opensuse fedoraproject CWE-565	7.5
2022-01-01	CVE-2021-41817	Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. network low complexity ruby-lang redhat fedoraproject debian suse opensuse	7.5
2021-08-01	CVE-2021-32066	Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. network high complexity ruby-lang oracle CWE-755	7.4
2021-04-21	CVE-2021-28965	The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. network low complexity ruby-lang fedoraproject	7.5
2020-10-06	CVE-2020-25613	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. network low complexity ruby-lang fedoraproject CWE-444	7.5
2020-02-28	CVE-2020-5247	HTTP Response Splitting vulnerability in multiple products In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. network low complexity ruby-lang puma debian fedoraproject CWE-113	7.5
2019-11-26	CVE-2019-16255	Code Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. network high complexity ruby-lang debian opensuse oracle CWE-94	8.1
2019-11-26	CVE-2019-16201	Improper Authentication vulnerability in multiple products WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. network low complexity ruby-lang debian CWE-287	7.5