Ruby Rexml
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ruby Rexml.
By the Year
In 2026 there have been 0 vulnerabilities in Ruby Rexml. Last year, in 2025 Rexml had 1 security vulnerability published. Right now, Rexml is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 1 | 0.00 |
It may take a day or so for new Rexml vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ruby Rexml Security Vulnerabilities
REXML DoS: Multiple XML Declarations 3.3.3–3.4.1
CVE-2025-58767
- September 17, 2025
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.
Resource Exhaustion
REXML 3.3.8 ReDoS via Hex Numeric Ref
CVE-2024-49761
- October 28, 2024
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
ReDoS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ruby Rexml or by Ruby? Click the Watch button to subscribe.
