Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rh-ruby25-ruby@2.5.9-9?arch=el7
purl pkg:rpm/redhat/rh-ruby25-ruby@2.5.9-9?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-3d14-jf3q-xqbf
Aliases:
CVE-2020-10933
GHSA-g5hm-28jr-53fh
ruby: BasicSocket#read_nonblock method leads to information disclosure There are no reported fixed by versions.
VCID-5fqj-uwnz-93af
Aliases:
CVE-2019-15845
Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. There are no reported fixed by versions.
VCID-bdar-wgfe-qqgf
Aliases:
CVE-2021-28965
GHSA-8cr8-4vfw-mr7h
REXML round-trip instability The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. There are no reported fixed by versions.
VCID-d6tn-s1q2-a3hc
Aliases:
CVE-2020-10663
GHSA-jphg-qwrw-7w9g
Unsafe object creation in json RubyGem The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. There are no reported fixed by versions.
VCID-f6d8-e8tp-c3am
Aliases:
CVE-2019-16255
GHSA-ph7w-p94x-9vvw
Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. There are no reported fixed by versions.
VCID-kp26-vpgn-k7az
Aliases:
CVE-2019-16201
Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. There are no reported fixed by versions.
VCID-vcz9-dvf4-47am
Aliases:
CVE-2020-25613
GHSA-gwfg-cqmg-cf8f
Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. There are no reported fixed by versions.
VCID-y56y-5am7-wkhr
Aliases:
CVE-2019-16254
GHSA-w9fp-2996-hhwx
Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:15:55.536588+00:00 RedHat Importer Affected by VCID-5fqj-uwnz-93af https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json 38.0.0
2026-04-01T14:15:55.475382+00:00 RedHat Importer Affected by VCID-kp26-vpgn-k7az https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16201.json 38.0.0
2026-04-01T14:15:21.236962+00:00 RedHat Importer Affected by VCID-y56y-5am7-wkhr https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16254.json 38.0.0
2026-04-01T14:15:00.042377+00:00 RedHat Importer Affected by VCID-f6d8-e8tp-c3am https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16255.json 38.0.0
2026-04-01T14:09:42.738376+00:00 RedHat Importer Affected by VCID-d6tn-s1q2-a3hc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json 38.0.0
2026-04-01T14:09:27.873093+00:00 RedHat Importer Affected by VCID-3d14-jf3q-xqbf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10933.json 38.0.0
2026-04-01T14:04:24.817054+00:00 RedHat Importer Affected by VCID-vcz9-dvf4-47am https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25613.json 38.0.0
2026-04-01T14:02:35.747263+00:00 RedHat Importer Affected by VCID-bdar-wgfe-qqgf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28965.json 38.0.0