Ruby Programming Language Uri
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ruby Programming Language Uri.
By the Year
In 2026 there have been 0 vulnerabilities in Ruby Programming Language Uri. Last year, in 2025 Uri had 1 security vulnerability published. Right now, Uri is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 3.20 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 5.30 |
It may take a day or so for new Uri vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ruby Programming Language Uri Security Vulnerabilities
URI gem <=1.0.2 creds leak after host change
CVE-2025-27221
3.2 - Low
- March 04, 2025
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
Improper Removal of Sensitive Information Before Storage or Transfer
Ruby URI Parser Redos - Before 0.12.2 & 0.10.3
CVE-2023-36617
- June 29, 2023
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
ReDoS in Ruby URI Parser pre0.12.0 via malformed URLs (0.11,0.10)
CVE-2023-28755
5.3 - Medium
- March 31, 2023
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
ReDoS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ruby Programming Language Uri or by Ruby Programming Language? Click the Watch button to subscribe.
