VulnerableCode Package Details - pkg:deb/debian/ruby2.7@0?distro=bullseye

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-d6tn-s1q2-a3hc	Unsafe object creation in json RubyGem The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.	CVE-2020-10663 GHSA-jphg-qwrw-7w9g
VCID-jgyw-q58q-7qgm	Tempfile on Windows path traversal vulnerability There is an unintentional directory creation vulnerability in `tmpdir` library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally.	CVE-2021-28966 GHSA-46f2-3v63-3xrp
VCID-qwh3-25yu-qfga	Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.	CVE-2022-28738 GHSA-8pqg-8p79-j5j8

Vulnerability

Summary

Aliases

VCID-d6tn-s1q2-a3hc

Unsafe object creation in json RubyGem The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

CVE-2020-10663
GHSA-jphg-qwrw-7w9g

VCID-jgyw-q58q-7qgm

Tempfile on Windows path traversal vulnerability There is an unintentional directory creation vulnerability in `tmpdir` library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally.

CVE-2021-28966
GHSA-46f2-3v63-3xrp

VCID-qwh3-25yu-qfga

Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.

CVE-2022-28738
GHSA-8pqg-8p79-j5j8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:50:18.184044+00:00	Debian Importer	Fixing	VCID-qwh3-25yu-qfga	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:17:51.978978+00:00	Debian Importer	Fixing	VCID-d6tn-s1q2-a3hc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:10:32.159377+00:00	Debian Importer	Fixing	VCID-jgyw-q58q-7qgm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:04:47.202187+00:00	Debian Importer	Fixing	VCID-qwh3-25yu-qfga	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:41:11.586940+00:00	Debian Importer	Fixing	VCID-d6tn-s1q2-a3hc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:08:31.332696+00:00	Debian Importer	Fixing	VCID-jgyw-q58q-7qgm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:52:24.682183+00:00	Debian Importer	Fixing	VCID-qwh3-25yu-qfga	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:24.527188+00:00	Debian Importer	Fixing	VCID-jgyw-q58q-7qgm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:24.436439+00:00	Debian Importer	Fixing	VCID-d6tn-s1q2-a3hc	https://security-tracker.debian.org/tracker/data/json	38.1.0