Ruby Json vulnerabilities
2 known vulnerabilities affecting ruby/json.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2026-33210HIGHCVSS 8.3v>= 2.14.0, < 2.15.2.1v>= 2.16.0, < 2.17.1.2+1 more2026-03-20
CVE-2026-33210 [HIGH] CWE-134 CVE-2026-33210: Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions
cvelistv5nvd
CVE-2025-27788HIGHCVSS 7.5v>= 2.10.0, < 2.10.22025-03-12
CVE-2025-27788 [HIGH] CWE-125 CVE-2025-27788: JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a sp
JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are available.
cvelistv5nvd