Every CVE whose affected-product data names Rubygems Rubygems.org, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-29176 — CVSS 9.9 (critical): Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible…
CVE-2022-29218 — CVSS 7.7 (high): RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem…
CVE-2024-21654 — CVSS 4.8 (medium): Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account…