Vulnerabilities > Rubygems

DATE CVE VULNERABILITY TITLE RISK
2022-05-13 CVE-2022-29218 Authentication Bypass by Spoofing vulnerability in Rubygems Rubygems.Org
RubyGems is a package registry used to supply software for the Ruby language ecosystem.
network
low complexity
rubygems CWE-290
7.5
7.5
2022-05-05 CVE-2022-29176 Missing Authorization vulnerability in Rubygems Rubygems.Org
Rubygems is a package registry used to supply software for the Ruby language ecosystem.
network
high complexity
rubygems CWE-862
7.5
7.5
2019-06-17 CVE-2019-8323 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-74
5.0
5.0
2019-06-17 CVE-2019-8322 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-74
5.0
5.0
2019-06-17 CVE-2019-8321 Argument Injection or Modification vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-88
5.0
5.0
2019-06-17 CVE-2019-8325 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems opensuse debian CWE-74
5.0
5.0
2019-06-17 CVE-2019-8324 Code Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2. 		6.8
6.8
2019-06-06 CVE-2019-8320 Path Traversal vulnerability in Rubygems
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2.
network
rubygems CWE-22
8.8
8.8
2018-03-13 CVE-2018-1000079 Path Traversal vulnerability in Rubygems
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation.
network
rubygems CWE-22
4.3
4.3
2018-03-13 CVE-2018-1000078 Cross-site Scripting vulnerability in multiple products
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. 		4.3
4.3