Browse all 7 CVE security advisories affecting rubygems. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-35221 | Denial of service when publishing a package on rubygems.org — rubygems.orgCWE-400 | 4.3 | Medium | 2024-05-29 |
| CVE-2024-21654 | rubygems.org MFA Bypass through password reset function could allow account takeover — rubygems.orgCWE-287 | 4.8 | Medium | 2024-01-12 |
| CVE-2023-40165 | Unauthorized gem replacement for full names ending in numbers on rubygems.org — rubygems.orgCWE-20 | 7.4 | High | 2023-08-17 |
| CVE-2022-36073 | RubyGems allows creation of users with arbitrary unverified emails — rubygems.orgCWE-287 | 8.3 | High | 2022-09-07 |
| CVE-2022-29218 | Unauthorized takeover for new versions of some platform-specific gems — rubygems.orgCWE-269 | 7.7 | High | 2022-05-12 |
| CVE-2022-29176 | Unauthorized gem takeover for some gems on rubygems.org — rubygems.orgCWE-862 | 9.9 | Critical | 2022-05-05 |
| CVE-2021-43809 | Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile — rubygemsCWE-88 | 6.7 | Medium | 2021-12-08 |
This page lists every published CVE security advisory associated with rubygems. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.