Ruby Program Statistics

View program

69 total issues disclosed

$13,900 total paid publicly

Most disclosed (13 disclosures) — None supplied

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
ReDoS in IPAddr None supplied ooooooo_q No rating 2025-07-08
ReDoS in Psych None supplied ooooooo_q No rating 2025-07-08
Uncontrolled Resource Consumption when parsing maliciously crafted XML with REXML Uncontrolled Resource Consumption l33thaxor Medium 2025-02-20
RCE by parsing `.rdoc_options` in RDoc Code Injection ooooooo_q No rating 2024-07-03
The taint flag is not propagated at JSON.parse None supplied ooooooo_q No rating 2024-01-05
DoS in bigdecimal's sqrt function due to miscalculation of loop iterations Uncontrolled Resource Consumption z2_ Medium 2023-12-20
URI parser's RFC3986 regular expression has poor performance when there are two # characters, leading to ReDoS None supplied dee-see Medium 2023-12-13
XMLRPC does not limit deserializable classes. Deserialization of Untrusted Data ooooooo_q High 2023-08-01
heap-buffer-overflow in gc_writebarrier_incremental Heap Overflow piao None 2023-07-19
RDoc::MethodAttr is vulnerable to Regular Expression Denial of Service (ReDoS) Uncontrolled Resource Consumption sighook Low 2023-07-18
Arbitrary file injection via symlink attack in rdoc generator Resource Injection sighook None 2023-07-18
XSS exploit of RDoc documentation generated by rdoc Cross-site Scripting (XSS) - Stored sighook Medium 2023-07-18
XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256) Cross-site Scripting (XSS) - Stored sighook Medium 2023-07-18
Stored XSS in RDoc hyperlinks through javascript scheme Cross-site Scripting (XSS) - Stored sighook Medium 2023-07-18
XSS in HTML generated by RDoc Cross-site Scripting (XSS) - Stored ooooooo_q No rating 2023-07-18
ReDoS in Time.rfc2822 None supplied ooooooo_q No rating 2023-05-16
Header CRLF Injection in Ruby Net::HTTP CRLF Injection leixiao None 2023-05-04
Attacker can smuggle a malicious domain in a URI object. Open Redirect djspinmonkey No rating 2022-12-13
CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装 HTTP Response Splitting htokumaru Low 2022-11-24
RubyのCGIライブラリにHTTPレスポンス分割(HTTPヘッダインジェクション)があり、秘密情報が漏洩する HTTP Response Splitting htokumaru High 2022-11-24
'net/http': HTTP Header Injection in the set_content_type method CRLF Injection sighook High 2022-02-04
Bug Report : [ No Valid SPF Records ] None supplied sohaib619 High 2022-01-13
OS Command Injection in '/lib/un.rb -- Utilities to replace common UNIX commands in Makefiles etc' OS Command Injection chinarulezzz Medium 2021-07-19
OS Command Injection in 'rdoc' documentation generator OS Command Injection chinarulezzz Medium 2021-07-13
imap: StartTLS stripping attack (CVE-2016-0772). Cryptographic Issues - Generic chinarulezzz Medium 2021-07-08
lib/net/ftp.rb: trusting PASV responses allow client abuse Information Disclosure chinarulezzz Low 2021-07-08
Code Injection Bug Report Code Injection geeknik No rating 2021-05-07
'net/ftp': Uncontrolled Resource Consumption (Memory/CPU) Uncontrolled Resource Consumption sighook Medium 2021-04-21
Round-trip instability in REXML None supplied jupenur Medium 2021-04-15
Path traversal in Tempfile on windows OS due to unsanitized backslashes Path Traversal bugdiscloseguys Medium 2021-04-07
DRb denial of service vulnerability Uncontrolled Resource Consumption u75615 None 2021-03-07
Ruby OpenSSL Library - IV Reuse in GCM Mode None supplied offftherecord No rating 2021-03-07
Command injection in OptionParser.load Command Injection - Generic piao Low 2021-03-07
Potential HTTP Request Smuggling in ruby webrick HTTP Request Smuggling piao Low 2020-10-29
Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON) Business Logic Errors jeremyevans Medium 2020-04-23
OS Command Injection via egrep in Rake::FileList OS Command Injection kyoshida No rating 2019-08-29
OpenSSL::X509::Name Equality Check Does Not Work, Patch included Improper Certificate Validation tylereckstein Medium 2018-10-19
SEGV in parse_rat() Denial of Service etsukata No rating 2018-06-13
Invalid URL parsing '#' None supplied mrtc0 None 2018-05-01
Response splitting vulnerability in WEBrick Cross-site Scripting (XSS) - Generic tenderlove Low 2018-04-29
Unintentional file creation caused at Tempfile with directory traversal Improper Access Control - Generic ooooooo_q No rating 2018-04-01
The possibility that unintended file operation may be performed because some methods of `Dir` do not check NULL characters. Improper Access Control - Generic ooooooo_q No rating 2018-04-01
Unix domain socket and a path containing a null character Improper Access Control - Generic ooooooo_q No rating 2018-03-31
controlled buffer under-read in pack_unpack_internal() Buffer Under-read aerodudrizzt Medium 2018-03-30
Resolv::getaddresses bug that can be abused to bypass security measures. Violation of Secure Design Principles edoverflow No rating 2018-02-23
Integer Underflow @ ossl_cipher_pkcs5_keyivgen Integer Underflow finb None 2018-02-23
NET::Ftp allows command injection in filenames Command Injection - Generic staaldraad Low 2017-12-19
Provide a security sistem most fit to our team None supplied sam1166 High 2017-12-15
Take back my all data from [email protected] None supplied sam1166 High 2017-12-15
Bugs None supplied survivedabuse High 2017-12-15
Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML Memory Corruption - Generic usa Medium 2017-10-25
Parsing invalid unicode codepoints using json c extension (2.0.1+) triggers a segfault Memory Corruption - Generic dgollahon None 2017-10-25
Arbitrary heap exposure in JSON.generate Memory Corruption - Generic ahmadsherif No rating 2017-09-25
Ruby 2.4.1 has "Stack consistency error" and aborts when processing return statement within a case statement Memory Corruption - Generic haquaman No rating 2017-09-24
sprintf combined format string attack Memory Corruption - Generic aerodudrizzt Medium 2017-09-22
Escape sequence injection vulnerability in WEBrick BasicAuth Command Injection - Generic mame Medium 2017-09-15
Open aws s3 bucket s3://rubyci Information Disclosure sandeep_hodkasia Critical 2017-08-07
RCE (Remote Code Execution) Vulnerability on Ruby Remote File Inclusion cloudyvirus Medium 2017-04-05
Open S3 Bucket WriteAble To Any Aws User Improper Authentication - Generic injector404 High 2017-03-30
public report - Reproducible - Writable RubyCi Amazon s3 bucket[207053] Improper Authentication - Generic koti2 No rating 2017-03-29
Buffer underflow in sprintf Memory Corruption - Generic haquaman No rating 2017-03-05
Ruby:HTTP Header injection in 'net/http' Open Redirect rootredrain No rating 2017-02-27
Writable RubyCi Amazon s3 bucket Improper Authentication - Generic dataalchemist High 2017-02-27
Arbitrary heap overread in strscan on 32 bit Ruby, patch included Information Disclosure guido Low 2016-11-17
SMTP command injection Command Injection - Generic jeremy No rating 2016-06-30
Heap corruption in string.c tr_trans() due to undersized buffer Memory Corruption - Generic guido No rating 2016-06-21
Heap corruption in DateTime.strftime() on 32 bit for certain format strings Memory Corruption - Generic guido No rating 2016-06-21
StringIO strio_getline() can divulge arbitrary memory Memory Corruption - Generic guido No rating 2016-06-21
Ruby: Heap Overflow in Floating Point Parsing None supplied charliesome No rating 2013-11-22