{"url":"http://public2.vulnerablecode.io/api/packages/130673?format=json","purl":"pkg:ruby/ruby@1.9","type":"ruby","namespace":"","name":"ruby","version":"1.9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38794?format=json","vulnerability_id":"VCID-5e5v-pmb2-zkba","summary":"The Ruby cgi.rb CGI library is vulnerable to a Denial of Service attack.","references":[{"reference_url":"ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P","reference_id":"","reference_type":"","scores":[],"url":"ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"},{"reference_url":"http://docs.info.apple.com/article.html?artnum=305530","reference_id":"","reference_type":"","scores":[],"url":"http://docs.info.apple.com/article.html?artnum=305530"},{"reference_url":"http://lists.apple.com/archives/security-announce/2007/May/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"},{"reference_url":"http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html","reference_id":"","reference_type":"","scores":[],"url":"http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5467.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5467.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5467","reference_id":"","reference_type":"","scores":[{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89851","published_at":"2026-05-16T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89713","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89716","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.8973","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89732","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.8975","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89757","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89763","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89761","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89754","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89771","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89766","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.8978","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.8984","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.8985","published_at":"2026-05-15T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89793","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89809","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89819","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89815","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05038","scoring_system":"epss","scoring_elements":"0.89823","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0524","scoring_system":"epss","scoring_elements":"0.89999","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5467"},{"reference_url":"http://secunia.com/advisories/22615","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/22615"},{"reference_url":"http://secunia.com/advisories/22624","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/22624"},{"reference_url":"http://secunia.com/advisories/22761","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/22761"},{"reference_url":"http://secunia.com/advisories/22929","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/22929"},{"reference_url":"http://secunia.com/advisories/22932","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/22932"},{"reference_url":"http://secunia.com/advisories/23040","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/23040"},{"reference_url":"http://secunia.com/advisories/23344","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/23344"},{"reference_url":"http://secunia.com/advisories/25402","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25402"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200611-12.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200611-12.xml"},{"reference_url":"http://securitytracker.com/id?1017194","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1017194"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2006-5467","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-5467"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10185"},{"reference_url":"http://www.debian.org/security/2006/dsa-1234","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2006/dsa-1234"},{"reference_url":"http://www.debian.org/security/2006/dsa-1235","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2006/dsa-1235"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:192","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:192"},{"reference_url":"http://www.novell.com/linux/security/advisories/2006_26_sr.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.novell.com/linux/security/advisories/2006_26_sr.html"},{"reference_url":"http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2006-0729.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2006-0729.html"},{"reference_url":"http://www.securityfocus.com/bid/20777","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/20777"},{"reference_url":"http://www.ubuntu.com/usn/usn-371-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-371-1"},{"reference_url":"http://www.vupen.com/english/advisories/2006/4244","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2006/4244"},{"reference_url":"http://www.vupen.com/english/advisories/2006/4245","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2006/4245"},{"reference_url":"http://www.vupen.com/english/advisories/2007/1939","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2007/1939"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=212396","reference_id":"212396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=212396"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*"},{"reference_url":"https://security.gentoo.org/glsa/200611-12","reference_id":"GLSA-200611-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200611-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0729","reference_id":"RHSA-2006:0729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0729"},{"reference_url":"https://usn.ubuntu.com/371-1/","reference_id":"USN-371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/371-1/"}],"fixed_packages":[],"aliases":["CVE-2006-5467","GHSA-cgqx-jwj4-2jc4"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5e5v-pmb2-zkba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90858?format=json","vulnerability_id":"VCID-e58n-x5ra-6ybq","summary":"Ruby on Windows ARGF.inplace_mode Variable Local Overflow\nBuffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might\nallow local users to gain privileges via a crafted ARGF.inplace_mode\nvalue that is not properly handled when constructing the filenames\nof the backup files.","references":[{"reference_url":"http://osdir.com/ml/ruby-talk/2010-07/msg00095.html","reference_id":"","reference_type":"","scores":[],"url":"http://osdir.com/ml/ruby-talk/2010-07/msg00095.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2489","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.3205","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32473","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32617","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32652","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32522","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32553","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32515","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.325","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32467","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32302","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32186","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32101","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31961","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32026","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32036","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.3194","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31963","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32031","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32052","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2489"},{"reference_url":"http://secunia.com/advisories/40442","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/40442"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/60135","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/60135"},{"reference_url":"http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog","reference_id":"","reference_type":"","scores":[],"url":"http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog"},{"reference_url":"http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog","reference_id":"","reference_type":"","scores":[],"url":"http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog"},{"reference_url":"https://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released"},{"reference_url":"http://www.openwall.com/lists/oss-security/2010/07/02/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2010/07/02/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2010/07/02/10","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2010/07/02/10"},{"reference_url":"http://www.osvdb.org/66040","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/66040"},{"reference_url":"http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/"},{"reference_url":"http://www.securityfocus.com/bid/41321","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/41321"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-2489","reference_id":"CVE-2010-2489","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-2489"}],"fixed_packages":[],"aliases":["CVE-2010-2489","GHSA-pj28-mx3m-9668","OSV-66040"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e58n-x5ra-6ybq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86675?format=json","vulnerability_id":"VCID-ggcn-qfts-rbeu","summary":"Ruby: Object taint bypassing in DL and Fiddle","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2065.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2065.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2065","reference_id":"","reference_type":"","scores":[{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65861","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65902","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65932","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65898","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.6595","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65961","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65979","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65966","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65936","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65972","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65986","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65974","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.65993","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66005","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66003","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66026","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66069","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66039","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66059","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66115","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66125","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66138","published_at":"2026-05-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2065"},{"reference_url":"https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=962035","reference_id":"962035","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=962035"},{"reference_url":"https://usn.ubuntu.com/2035-1/","reference_id":"USN-2035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2035-1/"}],"fixed_packages":[],"aliases":["CVE-2013-2065","GHSA-wh77-3w5g-7q6x","OSV-93414"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggcn-qfts-rbeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88517?format=json","vulnerability_id":"VCID-m6vt-b9kt-93hw","summary":"ruby: webrick directory traversal","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1145.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1145.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1145","reference_id":"","reference_type":"","scores":[{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98247","published_at":"2026-04-01T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.9825","published_at":"2026-04-02T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98253","published_at":"2026-04-04T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98254","published_at":"2026-04-07T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98259","published_at":"2026-04-09T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98262","published_at":"2026-04-11T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98263","published_at":"2026-04-13T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98269","published_at":"2026-04-21T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.9827","published_at":"2026-04-18T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98271","published_at":"2026-04-24T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98273","published_at":"2026-04-26T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98274","published_at":"2026-04-29T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98279","published_at":"2026-05-07T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98283","published_at":"2026-05-09T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98281","published_at":"2026-05-11T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98284","published_at":"2026-05-12T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98285","published_at":"2026-05-16T12:55:00Z"},{"value":"0.5985","scoring_system":"epss","scoring_elements":"0.98286","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1145"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1145","reference_id":"","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1145"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=435902","reference_id":"435902","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=435902"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/5215.txt","reference_id":"OSVDB-42616;CVE-2008-1145;OSVDB-42615","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/5215.txt"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0897","reference_id":"RHSA-2008:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0897"}],"fixed_packages":[],"aliases":["CVE-2008-1145","GHSA-f279-rf2r-m6m5"],"risk_score":1.0,"exploitability":"2.0","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6vt-b9kt-93hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87965?format=json","vulnerability_id":"VCID-mtmk-9yt6-s3gv","summary":"ruby: Heap-based buffer overflow in the rb_str_justify() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4124.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4124.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4124","reference_id":"","reference_type":"","scores":[{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.8311","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.8313","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83151","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83167","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83203","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83214","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83215","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83404","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83399","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83435","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83332","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83459","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83466","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83468","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83436","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83347","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83362","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83361","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83385","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83394","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01934","scoring_system":"epss","scoring_elements":"0.83409","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4124"},{"reference_url":"https://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=959916","reference_id":"959916","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=959916"},{"reference_url":"https://usn.ubuntu.com/900-1/","reference_id":"USN-900-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/900-1/"}],"fixed_packages":[],"aliases":["CVE-2009-4124","GHSA-9mvm-2xp2-9wmw","OSV-60880"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtmk-9yt6-s3gv"}],"fixing_vulnerabilities":[],"risk_score":"3.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:ruby/ruby@1.9"}