VulnerableCode Package Details - pkg:ruby/ruby@2.5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:ruby/ruby@2.5

Essentials
History (14)

purl	pkg:ruby/ruby@2.5

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (14)

Vulnerability	Summary	Fixed by
VCID-1cad-uybu-2uau Aliases: CVE-2017-17742 GHSA-7p4c-jf2w-hc3w	security update	There are no reported fixed by versions.
VCID-3d14-jf3q-xqbf Aliases: CVE-2020-10933 GHSA-g5hm-28jr-53fh	ruby: BasicSocket#read_nonblock method leads to information disclosure	There are no reported fixed by versions.
VCID-5fqj-uwnz-93af Aliases: CVE-2019-15845	Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code.	There are no reported fixed by versions.
VCID-bad1-7aa4-cugv Aliases: CVE-2018-6914 GHSA-wpg3-wgm5-rv8w	security update	There are no reported fixed by versions.
VCID-c3y8-w4b4-3qea Aliases: CVE-2018-16395 GHSA-mmrq-6999-72v8	Improper Certificate Validation When two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.	There are no reported fixed by versions.
VCID-d6tn-s1q2-a3hc Aliases: CVE-2020-10663 GHSA-jphg-qwrw-7w9g	Unsafe object creation in json RubyGem The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.	There are no reported fixed by versions.
VCID-f6d8-e8tp-c3am Aliases: CVE-2019-16255 GHSA-ph7w-p94x-9vvw	Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code.	There are no reported fixed by versions.
VCID-kamp-zmtx-aqbz Aliases: CVE-2018-16396 GHSA-xh4x-ph6p-vmxh	security update	There are no reported fixed by versions.
VCID-kp26-vpgn-k7az Aliases: CVE-2019-16201	Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code.	There are no reported fixed by versions.
VCID-qyz5-zmnt-qucy Aliases: CVE-2018-8780 GHSA-fphx-j9v2-w2cx	security update	There are no reported fixed by versions.
VCID-rdme-1q3s-43d8 Aliases: CVE-2018-8777 GHSA-9j6f-82h4-9mw2	security update	There are no reported fixed by versions.
VCID-y29u-wpkt-rkgp Aliases: CVE-2018-8779	security update	There are no reported fixed by versions.
VCID-y56y-5am7-wkhr Aliases: CVE-2019-16254 GHSA-w9fp-2996-hhwx	Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code.	There are no reported fixed by versions.
VCID-zwxw-299r-wfgx Aliases: CVE-2018-8778 GHSA-wvhq-ch4h-8pwr	security update	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:18:13.756941+00:00	Ruby Importer	Affected by	VCID-bad1-7aa4-cugv	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-6914.yml	38.0.0
2026-04-01T15:18:13.693972+00:00	Ruby Importer	Affected by	VCID-d6tn-s1q2-a3hc	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2020-10663.yml	38.0.0
2026-04-01T15:18:13.604853+00:00	Ruby Importer	Affected by	VCID-zwxw-299r-wfgx	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-8778.yml	38.0.0
2026-04-01T15:18:13.009720+00:00	Ruby Importer	Affected by	VCID-c3y8-w4b4-3qea	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-16395.yml	38.0.0
2026-04-01T15:18:12.897004+00:00	Ruby Importer	Affected by	VCID-f6d8-e8tp-c3am	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2019-16255.yml	38.0.0
2026-04-01T15:18:12.855218+00:00	Ruby Importer	Affected by	VCID-1cad-uybu-2uau	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2017-17742.yml	38.0.0
2026-04-01T15:18:12.650940+00:00	Ruby Importer	Affected by	VCID-qyz5-zmnt-qucy	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-8780.yml	38.0.0
2026-04-01T15:18:12.074578+00:00	Ruby Importer	Affected by	VCID-3d14-jf3q-xqbf	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2020-10933.yml	38.0.0
2026-04-01T15:18:11.760337+00:00	Ruby Importer	Affected by	VCID-rdme-1q3s-43d8	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-8777.yml	38.0.0
2026-04-01T15:18:11.695941+00:00	Ruby Importer	Affected by	VCID-y56y-5am7-wkhr	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2019-16254.yml	38.0.0
2026-04-01T15:18:11.505278+00:00	Ruby Importer	Affected by	VCID-kp26-vpgn-k7az	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2019-16201.yml	38.0.0
2026-04-01T15:18:11.285767+00:00	Ruby Importer	Affected by	VCID-y29u-wpkt-rkgp	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-8779.yml	38.0.0
2026-04-01T15:18:11.115189+00:00	Ruby Importer	Affected by	VCID-kamp-zmtx-aqbz	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-16396.yml	38.0.0
2026-04-01T15:18:10.765262+00:00	Ruby Importer	Affected by	VCID-5fqj-uwnz-93af	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2019-15845.yml	38.0.0