Package impact
RubyGems / bundler
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7954 | critical | 9.8 | 9.8 | 10y ago | Bundler allows attacker to inject arbitrary code via secondary Gem source | |||
| CVE-2021-43809 | medium | — | 5.5 | 5y ago | RHSA-2025:7539: ruby:2.5 security update (Moderate) | |||
| CVE-2019-3881 | medium | — | 5.5 | 8y ago | RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2013-0334 | medium | — | 5.0 | 12y ago | Bundler may install gems from a different source than expected |