Ruby Programming Language Cgi
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ruby Programming Language Cgi.
By the Year
In 2026 there have been 0 vulnerabilities in Ruby Programming Language Cgi. Last year, in 2025 Cgi had 2 security vulnerabilities published. Right now, Cgi is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 4.90 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 3 | 8.65 |
It may take a day or so for new Cgi vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ruby Programming Language Cgi Security Vulnerabilities
ReDoS in CGI Gem v<0.4.2 (Ruby) — Util#escapeElement
CVE-2025-27220
4 - Medium
- March 04, 2025
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
ReDoS
Denial of Service in CGI::Cookie.parse, Ruby CGI gem < 0.4.2
CVE-2025-27219
5.8 - Medium
- March 04, 2025
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
Allocation of Resources Without Limits or Throttling
Ruby cgi gem HTTP response splitting (v<0.1.0.2 /0.2.x<0.2.2 /0.3.x<0.3.5)
CVE-2021-33621
- November 18, 2022
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow
CVE-2021-41816
9.8 - Critical
- February 06, 2022
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
Integer Overflow or Wraparound
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names
CVE-2021-41819
7.5 - High
- January 01, 2022
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
Reliance on Cookies without Validation and Integrity Checking
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ruby Programming Language Cgi or by Ruby Programming Language? Click the Watch button to subscribe.
