Every CVE whose affected-product data names Ruby-lang Uri, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-61594 — CVSS 7.5 (high): URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series)…
CVE-2023-28755 — CVSS 5.3 (medium): A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have…
CVE-2023-36617 — CVSS 5.3 (medium): A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific…
CVE-2025-27221 — CVSS 3.2 (low): In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication…