RubyGems Package Vulnerabilities

All 402 Ruby gems with known CVEs, ranked by live CVE volume — 1,003 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 1.actionpack61 CVEs
  2. 2.rack49 CVEs
  3. 3.nokogiri33 CVEs
  4. 4.rubygems-update25 CVEs
  5. 5.activerecord23 CVEs
  6. 6.puppet22 CVEs
  7. 7.publify_core15 CVEs
  8. 8.activesupport14 CVEs
  9. 9.passenger14 CVEs
  10. 10.puma14 CVEs
  11. 11.rails-html-sanitizer14 CVEs
  12. 12.actionview13 CVEs
  13. 13.decidim12 CVEs
  14. 14.camaleon_cms11 CVEs
  15. 15.oj11 CVEs
  16. 16.rails11 CVEs
  17. 17.fat_free_crm10 CVEs
  18. 18.net-imap10 CVEs
  19. 19.ruby-saml10 CVEs
  20. 20.jquery-rails9 CVEs
  21. 21.openc39 CVEs
  22. 22.katello8 CVEs
  23. 23.rexml8 CVEs
  24. 24.activestorage7 CVEs
  25. 25.bootstrap7 CVEs
  26. 26.bootstrap-sass7 CVEs
  27. 27.jquery-ui-rails7 CVEs
  28. 28.lodash-rails7 CVEs
  29. 29.spree7 CVEs
  30. 30.avo6 CVEs
  31. 31.decidim-core6 CVEs
  32. 32.doorkeeper6 CVEs
  33. 33.ember-source6 CVEs
  34. 34.loofah6 CVEs
  35. 35.sinatra6 CVEs
  36. 36.webrick6 CVEs
  37. 37.bundler5 CVEs
  38. 38.carrierwave5 CVEs
  39. 39.cgi5 CVEs
  40. 40.devise5 CVEs
  41. 41.grpc5 CVEs
  42. 42.sidekiq5 CVEs
  43. 43.dragonfly4 CVEs
  44. 44.json4 CVEs
  45. 45.mail4 CVEs
  46. 46.rails_admin4 CVEs
  47. 47.sanitize4 CVEs
  48. 48.uri4 CVEs
  49. 49.view_component4 CVEs
  50. 50.yard4 CVEs

Which RubyGems packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →