VulnerableCode Package Details

Search for packages

Vulnerability	Summary	Fixed by
VCID-trka-k7zz-bkh3 Aliases: CVE-2025-58767 GHSA-c2f4-jgmc-q2r5	REXML has DoS condition when parsing malformed XML file The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.	There are no reported fixed by versions.
VCID-wsss-kt87-2qdv Aliases: CVE-2025-24294 GHSA-xh69-987w-hrp8	resolv vulnerable to DoS via insufficient DNS domain name length validation A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. ## Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. ## Affected Version The vulnerability affects the resolv gem bundled with the following Ruby series: * Ruby 3.2 series: resolv version 0.2.2 and earlier * Ruby 3.3 series: resolv version 0.3.0 * Ruby 3.4 series: resolv version 0.6.1 and earlier ## Credits Thanks to Manu for discovering this issue. ## History Originally published at 2025-07-08 07:00:00 (UTC)	There are no reported fixed by versions.
VCID-x126-x9qm-e7d3 Aliases: CVE-2024-27282 GHSA-63cq-cj6g-qfr2	ruby: Arbitrary memory address read vulnerability with Regex search	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-trka-k7zz-bkh3
Aliases:
CVE-2025-58767
GHSA-c2f4-jgmc-q2r5

REXML has DoS condition when parsing malformed XML file The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

There are no reported fixed by versions.

VCID-wsss-kt87-2qdv
Aliases:
CVE-2025-24294
GHSA-xh69-987w-hrp8

resolv vulnerable to DoS via insufficient DNS domain name length validation A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. ## Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. ## Affected Version The vulnerability affects the resolv gem bundled with the following Ruby series: * Ruby 3.2 series: resolv version 0.2.2 and earlier * Ruby 3.3 series: resolv version 0.3.0 * Ruby 3.4 series: resolv version 0.6.1 and earlier ## Credits Thanks to Manu for discovering this issue. ## History Originally published at 2025-07-08 07:00:00 (UTC)

There are no reported fixed by versions.

VCID-x126-x9qm-e7d3
Aliases:
CVE-2024-27282
GHSA-63cq-cj6g-qfr2

ruby: Arbitrary memory address read vulnerability with Regex search

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:18:13.311933+00:00	Ruby Importer	Affected by	VCID-trka-k7zz-bkh3	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2025-58767.yml	38.0.0
2026-04-01T15:18:11.416585+00:00	Ruby Importer	Affected by	VCID-x126-x9qm-e7d3	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2024-27282.yml	38.0.0
2026-04-01T15:18:11.071349+00:00	Ruby Importer	Affected by	VCID-wsss-kt87-2qdv	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2025-24294.yml	38.0.0