Every CVE whose affected-product data names Ruby-lang Rexml, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2021-28965 — CVSS 7.5 (high): The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues…
CVE-2024-49761 — CVSS 7.5 (high): REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between…
CVE-2024-43398 — CVSS 5.9 (medium): REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that…
CVE-2024-41946 — CVSS 5.3 (medium): REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with…
CVE-2025-58767 — CVSS 5.3 (medium): REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML…
CVE-2024-35176 — CVSS 5.3 (medium): REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s…
CVE-2024-41123 — CVSS 5.3 (medium): REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific…
CVE-2024-39908 — CVSS 4.3 (medium): REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific…