rubygems-devel (AlmaLinux:10) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:10 package rubygems-devel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2026-41316 — CVSS 8.1 (high): ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable…
CVE-2025-24294 — CVSS 7.5 (high): The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a…
CVE-2025-25186 — CVSS 6.5 (medium): Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions…
CVE-2025-27219 — CVSS 5.8 (medium): In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS)…
CVE-2025-58767 — CVSS 5.3 (medium): REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML…
CVE-2025-27221 — CVSS 3.2 (low): In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication…