Rubygems Rubygems.org

6 CVEs affecting Rubygems Rubygems.org. Latest disclosed: 2024-05-29. Critical: 1, High: 3.

Top CVEs affecting Rubygems Rubygems.org
CVESeverityScorePublishedSummary
CVE-2022-29176Critical9.92022-05-05Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org u…
CVE-2022-36073High8.32022-09-07RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change their RubyGems.org account's emai…
CVE-2022-29218High7.72022-05-13RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some g…
CVE-2023-40165High7.42023-08-17rubygems.org is the Ruby community's primary gem (library) hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem…
CVE-2024-21654Medium4.82024-01-12Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of…
CVE-2024-35221Medium4.32024-05-29Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manif…