ruby2.5 (SUSE:Linux Enterprise Module for Basesystem 15 SP7) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP7 package ruby2.5, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2026-27820 — CVSS 9.8 (critical): zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a…
CVE-2024-49761 — CVSS 7.5 (high): REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between…
CVE-2025-24294 — CVSS 7.5 (high): The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a…
CVE-2025-27219 — CVSS 5.8 (medium): In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS)…
CVE-2025-58767 — CVSS 5.3 (medium): REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML…
CVE-2024-35221 — CVSS 4.3 (medium): Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how…
CVE-2025-27220 — CVSS 4.0 (medium): In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
CVE-2025-27221 — CVSS 3.2 (low): In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication…
CVE-2024-47220: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length…