{"id":4940775,"name":"org.jruby:jruby-stdlib","ecosystem":"maven","description":"JRuby is the effort to recreate the Ruby (https://www.ruby-lang.org) interpreter in Java.","homepage":"https://github.com/jruby/jruby","licenses":"GPL-2.0,LGPL-2.1,EPL-2.0","normalized_licenses":["GPL-2.0","LGPL-2.1","EPL-2.0"],"repository_url":"https://github.com/jruby/jruby","keywords_array":[],"namespace":"org.jruby","versions_count":142,"first_release_published_at":"2011-03-15T19:40:10.000Z","latest_release_published_at":"2017-05-11T14:54:59.000Z","latest_release_number":"1.7.27","last_synced_at":"2026-06-28T11:47:09.068Z","created_at":"2022-07-27T04:24:07.829Z","updated_at":"2026-06-28T11:47:09.068Z","registry_url":"https://central.sonatype.com/artifact/org.jruby/jruby-stdlib/","install_command":null,"documentation_url":"https://appdoc.app/artifact/org.jruby/jruby-stdlib/","metadata":{"repositories":["https://central.sonatype.com/repository/maven-snapshots/"]},"repo_metadata":{"id":538858,"uuid":"168370","full_name":"jruby/jruby","owner":"jruby","description":"JRuby, an implementation of Ruby on the JVM","archived":false,"fork":false,"pushed_at":"2026-02-06T16:44:51.000Z","size":297062,"stargazers_count":3865,"open_issues_count":936,"forks_count":941,"subscribers_count":132,"default_branch":"master","last_synced_at":"2026-02-07T19:02:57.104Z","etag":null,"topics":["concurrency","invokedynamic","jruby","jvm","performance","ruby","ruby-language"],"latest_commit_sha":null,"homepage":"https://www.jruby.org","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jruby.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":"FUNDING.yml","license":"COPYING","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["headius"],"patreon":"JRuby"}},"created_at":"2009-04-05T03:54:35.000Z","updated_at":"2026-02-06T16:44:56.000Z","dependencies_parsed_at":"2024-04-11T18:25:05.606Z","dependency_job_id":"0003aa9e-756c-41ee-864f-771b9d715803","html_url":"https://github.com/jruby/jruby","commit_stats":{"total_commits":49034,"total_committers":536,"mean_commits":91.48134328358209,"dds":0.7351225680140311,"last_synced_commit":"ab66c9e8cddbc7fe34fe2a089ca4d5b3eae65064"},"previous_names":[],"tags_count":202,"template":false,"template_full_name":null,"purl":"pkg:github/jruby/jruby","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jruby%2Fjruby","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jruby%2Fjruby/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jruby%2Fjruby/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jruby%2Fjruby/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jruby","download_url":"https://codeload.github.com/jruby/jruby/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jruby%2Fjruby/sbom","scorecard":{"id":507267,"data":{"date":"2025-08-11","repo":{"name":"github.com/jruby/jruby","commit":"f5b5cdd0c4ed3d389a6050f7b518602b52dc51a7"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.3,"checks":[{"name":"Code-Review","score":2,"reason":"Found 3/14 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:460","Info: jobLevel 'contents' permission set to 'read': .github/workflows/manual-snapshot-publish-21.yml:10","Info: jobLevel 'contents' permission set to 'read': .github/workflows/manual-snapshot-publish.yml:10","Info: jobLevel 'contents' permission set to 'read': .github/workflows/nightly-snapshot-publish-21.yml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/nightly-snapshot-publish.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/manual-snapshot-publish-21.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/manual-snapshot-publish.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly-snapshot-publish-21.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly-snapshot-publish.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/snapshot-publish.yml:18","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: COPYING:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Warn: branch 'master' does not require approvers","Warn: codeowners review is not required on branch 'master'","Warn: no status checks found to merge onto branch 'master'","Warn: PRs are not required to make changes on branch 'master'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 10.0.2.0 not signed: https://api.github.com/repos/jruby/jruby/releases/238369107","Warn: release artifact 10.0.1.0 not signed: https://api.github.com/repos/jruby/jruby/releases/233281622","Warn: release artifact 9.4.13.0 not signed: https://api.github.com/repos/jruby/jruby/releases/201700009","Warn: release artifact 10.0.0.1 not signed: https://api.github.com/repos/jruby/jruby/releases/217098940","Warn: release artifact 9.4.12.1 not signed: https://api.github.com/repos/jruby/jruby/releases/217094857","Warn: release artifact 10.0.2.0 does not have provenance: https://api.github.com/repos/jruby/jruby/releases/238369107","Warn: release artifact 10.0.1.0 does not have provenance: https://api.github.com/repos/jruby/jruby/releases/233281622","Warn: release artifact 9.4.13.0 does not have provenance: https://api.github.com/repos/jruby/jruby/releases/201700009","Warn: release artifact 10.0.0.1 does not have provenance: https://api.github.com/repos/jruby/jruby/releases/217098940","Warn: release artifact 9.4.12.1 does not have provenance: https://api.github.com/repos/jruby/jruby/releases/217094857"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: .mvn/wrapper/maven-wrapper.jar:1","Warn: binary detected: bin/jruby.dll:1","Warn: binary detected: bin/jruby.exe:1","Warn: binary detected: bin/jrubyw.exe:1","Warn: binary detected: core/src/main/resources/wasm/prism.wasm:1","Warn: binary detected: lib/ruby/stdlib/racc/cparse-jruby.jar:1","Warn: binary detected: maven/jruby/src/empty.jar:1","Warn: binary detected: maven/jruby/src/it/integrity/src/main/resources/hello.jar:1","Warn: binary detected: samples/relative_require.jar:1","Warn: binary detected: spec/java_integration/fixtures/tinySQL-2.26.jar:1","Warn: binary detected: test/classpath_test.jar:1","Warn: binary detected: test/dir2/target.class:1","Warn: binary detected: test/jruby/_leading_and_consecutive__underscores.jar:1","Warn: binary detected: test/jruby/dir with spaces/test#hash#symbol##jar.jar:1","Warn: binary detected: test/jruby/dir with spaces/test_jar.jar:1","Warn: binary detected: test/jruby/dir with spaces/testgem.jar:1","Warn: binary detected: test/jruby/gem.jar:1","Warn: binary detected: test/jruby/jar_with+.jar:1","Warn: binary detected: test/jruby/jar_with_nested_classes_jar.jar:1","Warn: binary detected: test/jruby/jar_with_no_manifest.jar:1","Warn: binary detected: test/jruby/jar_with_relative_require1.jar:1","Warn: binary detected: test/jruby/jar_with_ruby_files.jar:1","Warn: binary detected: test/jruby/jar_with_ruby_files_in_jar.jar:1","Warn: binary detected: test/jruby/jruby-3977.so.jar:1","Warn: binary detected: test/jruby/jruby-4198.jar:1","Warn: binary detected: test/jruby/requireTest-1.0.jar:1","Warn: binary detected: test/jruby/test_jar2.jar:1","Warn: binary detected: test/jruby/test_jruby_1332.jar:1","Warn: binary detected: test/jruby/test_uri_classloader.jar:1","Warn: binary detected: test/jruby/testapp/testapp.exe:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Info: Possibly incomplete results: error parsing shell code: \"a[b]\" must be followed by =: test/tool/merger.rb:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:281: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:285: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:233: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:452: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:329: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:349: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:353: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:427: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:431: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot-publish.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/snapshot-publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot-publish.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/snapshot-publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot-publish.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/jruby/jruby/snapshot-publish.yml/master?enable=pin","Info:   0 out of  30 GitHub-owned GitHubAction dependencies pinned","Info:   5 out of   5 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"13 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-4p6w-m9wc-c9c9","Warn: Project is vulnerable to: GHSA-5v34-g2px-j4fw","Warn: Project is vulnerable to: GHSA-q5r4-cfpx-h6fh","Warn: Project is vulnerable to: GHSA-9hf4-67fc-4vf4","Warn: Project is vulnerable to: GHSA-22f2-v57c-j9cx","Warn: Project is vulnerable to: GHSA-54rr-7fvw-6x8f","Warn: Project is vulnerable to: GHSA-7g2v-jj9q-g3rg","Warn: Project is vulnerable to: GHSA-7wqh-767x-r66v","Warn: Project is vulnerable to: GHSA-8cgq-6mh2-7j6v","Warn: Project is vulnerable to: GHSA-gjh7-p2fx-99vx","Warn: Project is vulnerable to: GHSA-vpfw-47h7-xj4g","Warn: Project is vulnerable to: GHSA-xj5v-6v4g-jfw6","Warn: Project is vulnerable to: GHSA-hxx2-7vcw-mqr3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T23:32:31.571Z","repository_id":538858,"created_at":"2025-08-19T23:32:31.571Z","updated_at":"2025-08-19T23:32:31.571Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29329492,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-11T06:13:03.264Z","status":"ssl_error","status_checked_at":"2026-02-11T06:12:55.843Z","response_time":97,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"tags":[]},"repo_metadata_updated_at":"2026-02-13T10:27:16.023Z","dependent_packages_count":62,"downloads":null,"downloads_period":null,"dependent_repos_count":44,"rankings":{"downloads":null,"dependent_repos_count":3.2421655846758033,"dependent_packages_count":1.1294782399615293,"stargazers_count":5.396329245812295,"forks_count":5.467660495311373,"docker_downloads_count":0.10038470786246695,"average":3.0672036547246933},"purl":"pkg:maven/org.jruby/jruby-stdlib","advisories":[{"uuid":"GSA_kwCzR0hTQS04cXhnLW1mZjUtajN3Y84AAUt2","url":"https://github.com/advisories/GHSA-8qxg-mff5-j3wc","title":"RubyGems Path Traversal vulnerability","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem writing to arbitrary filesystem locations during installation. This attack appears to be exploitable via installation of a malicious gem. This vulnerability is fixed in 2.7.6.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T01:54:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.5,"cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1000079","https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099","https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759","https://access.redhat.com/errata/RHSA-2018:3729","https://access.redhat.com/errata/RHSA-2018:3730","https://access.redhat.com/errata/RHSA-2018:3731","https://access.redhat.com/errata/RHSA-2019:2028","https://access.redhat.com/errata/RHSA-2020:0542","https://access.redhat.com/errata/RHSA-2020:0591","https://access.redhat.com/errata/RHSA-2020:0663","https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","https://usn.ubuntu.com/3621-1/","https://www.debian.org/security/2018/dsa-4219","https://www.debian.org/security/2018/dsa-4259","http://blog.rubygems.org/2018/02/15/2.7.6-released.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895778","https://security-tracker.debian.org/tracker/CVE-2018-1000079","https://github.com/advisories/GHSA-8qxg-mff5-j3wc"],"source_kind":"github","identifiers":["GHSA-8qxg-mff5-j3wc","CVE-2018-1000079"],"repository_url":"https://github.com/rubygems/rubygems","blast_radius":0.0,"created_at":"2023-03-10T03:03:08.158Z","updated_at":"2026-06-26T12:09:05.005Z","epss_percentage":0.02876,"epss_percentile":0.85005,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04cXhnLW1mZjUtajN3Y84AAUt2","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04cXhnLW1mZjUtajN3Y84AAUt2","packages":[{"ecosystem":"maven","package_name":"org.jruby:jruby-stdlib","versions":[{"first_patched_version":"9.1.16.0","vulnerable_version_range":"\u003c 9.1.16.0"}],"purl":null},{"ecosystem":"rubygems","package_name":"rubygems-update","versions":[{"first_patched_version":"2.7.6","vulnerable_version_range":"\u003c 2.7.6"}],"purl":"pkg:gem/rubygems-update"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04cXhnLW1mZjUtajN3Y84AAUt2/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xajJ3LW13MnItcHYzOc4AATbJ","url":"https://github.com/advisories/GHSA-qj2w-mw2r-pv39","title":"RubyGems Deserialization of Untrusted Data vulnerability","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack requires the victim to run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability is fixed in 2.7.6.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T01:01:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.8,"cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1000074","https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d","https://access.redhat.com/errata/RHSA-2018:3729","https://access.redhat.com/errata/RHSA-2018:3730","https://access.redhat.com/errata/RHSA-2018:3731","https://access.redhat.com/errata/RHSA-2019:2028","https://access.redhat.com/errata/RHSA-2020:0542","https://access.redhat.com/errata/RHSA-2020:0591","https://access.redhat.com/errata/RHSA-2020:0663","https://lists.debian.org/debian-lts-announce/2018/04/msg00017.html","https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","https://usn.ubuntu.com/3621-1/","https://usn.ubuntu.com/3621-2/","https://usn.ubuntu.com/3685-1/","https://www.debian.org/security/2018/dsa-4219","https://www.debian.org/security/2018/dsa-4259","http://blog.rubygems.org/2018/02/15/2.7.6-released.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183","https://github.com/advisories/GHSA-qj2w-mw2r-pv39"],"source_kind":"github","identifiers":["GHSA-qj2w-mw2r-pv39","CVE-2018-1000074"],"repository_url":"https://github.com/rubygems/rubygems","blast_radius":0.0,"created_at":"2023-03-10T03:03:08.128Z","updated_at":"2026-06-26T12:09:05.001Z","epss_percentage":0.02982,"epss_percentile":0.85538,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xajJ3LW13MnItcHYzOc4AATbJ","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xajJ3LW13MnItcHYzOc4AATbJ","packages":[{"ecosystem":"maven","package_name":"org.jruby:jruby-stdlib","versions":[{"first_patched_version":"9.1.16.0","vulnerable_version_range":"\u003c 9.1.16.0"}],"purl":null},{"ecosystem":"rubygems","package_name":"rubygems-update","versions":[{"first_patched_version":"2.7.6","vulnerable_version_range":"\u003c 2.7.6"}],"purl":"pkg:gem/rubygems-update"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xajJ3LW13MnItcHYzOc4AATbJ/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1tYzZqLWg5NDgtdjJwNs4AATbI","url":"https://github.com/advisories/GHSA-mc6j-h948-v2p6","title":"RubyGems Improper Verification of Cryptographic Signature vulnerability","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, and Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contain an Improper Verification of Cryptographic Signature vulnerability in package.rb. This can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures. This vulnerability has been fixed in 2.7.6.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-14T01:01:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1000076","https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693","https://access.redhat.com/errata/RHSA-2018:3729","https://access.redhat.com/errata/RHSA-2018:3730","https://access.redhat.com/errata/RHSA-2018:3731","https://access.redhat.com/errata/RHSA-2019:2028","https://access.redhat.com/errata/RHSA-2020:0542","https://access.redhat.com/errata/RHSA-2020:0591","https://access.redhat.com/errata/RHSA-2020:0663","https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","https://usn.ubuntu.com/3621-1/","https://www.debian.org/security/2018/dsa-4219","https://www.debian.org/security/2018/dsa-4259","http://blog.rubygems.org/2018/02/15/2.7.6-released.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","https://github.com/advisories/GHSA-mc6j-h948-v2p6"],"source_kind":"github","identifiers":["GHSA-mc6j-h948-v2p6","CVE-2018-1000076"],"repository_url":"https://github.com/rubygems/rubygems","blast_radius":0.0,"created_at":"2023-03-08T20:03:18.932Z","updated_at":"2026-06-26T12:09:05.016Z","epss_percentage":0.03037,"epss_percentile":0.85793,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tYzZqLWg5NDgtdjJwNs4AATbI","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1tYzZqLWg5NDgtdjJwNs4AATbI","packages":[{"ecosystem":"maven","package_name":"org.jruby:jruby-stdlib","versions":[{"first_patched_version":"9.1.16.0","vulnerable_version_range":"\u003c 9.1.16.0"}],"purl":null},{"ecosystem":"rubygems","package_name":"rubygems-update","versions":[{"first_patched_version":"2.7.6","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.7.6"}],"purl":"pkg:gem/rubygems-update"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tYzZqLWg5NDgtdjJwNs4AATbI/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04N3F4LWc1d2ctbXdtas4AATa0","url":"https://github.com/advisories/GHSA-87qx-g5wg-mwmj","title":"RubyGems Cross-site Scripting vulnerability","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack requires the victim to browse to a malicious gem on a vulnerable gem server. This vulnerability is fixed in 2.7.6.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T01:01:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1000078","https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb","https://access.redhat.com/errata/RHSA-2018:3729","https://access.redhat.com/errata/RHSA-2018:3730","https://access.redhat.com/errata/RHSA-2018:3731","https://access.redhat.com/errata/RHSA-2019:2028","https://access.redhat.com/errata/RHSA-2020:0542","https://access.redhat.com/errata/RHSA-2020:0591","https://access.redhat.com/errata/RHSA-2020:0663","https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","https://usn.ubuntu.com/3621-1/","https://www.debian.org/security/2018/dsa-4219","https://www.debian.org/security/2018/dsa-4259","http://blog.rubygems.org/2018/02/15/2.7.6-released.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183","https://github.com/advisories/GHSA-87qx-g5wg-mwmj"],"source_kind":"github","identifiers":["GHSA-87qx-g5wg-mwmj","CVE-2018-1000078"],"repository_url":"https://github.com/rubygems/rubygems","blast_radius":0.0,"created_at":"2023-03-10T03:03:08.138Z","updated_at":"2026-06-26T12:09:05.002Z","epss_percentage":0.02845,"epss_percentile":0.84856,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04N3F4LWc1d2ctbXdtas4AATa0","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04N3F4LWc1d2ctbXdtas4AATa0","packages":[{"ecosystem":"maven","package_name":"org.jruby:jruby-stdlib","versions":[{"first_patched_version":"9.1.16.0","vulnerable_version_range":"\u003c 9.1.16.0"}],"purl":null},{"ecosystem":"rubygems","package_name":"rubygems-update","versions":[{"first_patched_version":"2.7.6","vulnerable_version_range":"\u003c 2.7.6"}],"purl":"pkg:gem/rubygems-update"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04N3F4LWc1d2ctbXdtas4AATa0/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ndjg2LTQzcnYtNzltMs4AATay","url":"https://github.com/advisories/GHSA-gv86-43rv-79m2","title":"RubyGems Improper Input Validation vulnerability","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem setting an invalid homepage URL. This vulnerability is fixed in 2.7.6.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T01:01:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1000077","https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964","https://access.redhat.com/errata/RHSA-2018:3729","https://access.redhat.com/errata/RHSA-2018:3730","https://access.redhat.com/errata/RHSA-2018:3731","https://access.redhat.com/errata/RHSA-2019:2028","https://access.redhat.com/errata/RHSA-2020:0542","https://access.redhat.com/errata/RHSA-2020:0591","https://access.redhat.com/errata/RHSA-2020:0663","https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","https://usn.ubuntu.com/3621-1/","https://www.debian.org/security/2018/dsa-4219","https://www.debian.org/security/2018/dsa-4259","http://blog.rubygems.org/2018/02/15/2.7.6-released.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183","https://github.com/advisories/GHSA-gv86-43rv-79m2"],"source_kind":"github","identifiers":["GHSA-gv86-43rv-79m2","CVE-2018-1000077"],"repository_url":"https://github.com/rubygems/rubygems","blast_radius":0.0,"created_at":"2023-03-10T03:03:08.148Z","updated_at":"2026-06-26T12:09:05.003Z","epss_percentage":0.03825,"epss_percentile":0.8871,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ndjg2LTQzcnYtNzltMs4AATay","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ndjg2LTQzcnYtNzltMs4AATay","packages":[{"ecosystem":"maven","package_name":"org.jruby:jruby-stdlib","versions":[{"first_patched_version":"9.1.16.0","vulnerable_version_range":"\u003c 9.1.16.0"}],"purl":null},{"ecosystem":"rubygems","package_name":"rubygems-update","versions":[{"first_patched_version":"2.7.6","vulnerable_version_range":"\u003c 2.7.6"}],"purl":"pkg:gem/rubygems-update"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ndjg2LTQzcnYtNzltMs4AATay/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03NHB2LXY5Z2gtaDI1cM4AASkU","url":"https://github.com/advisories/GHSA-74pv-v9gh-h25p","title":"RubyGems Infinite Loop vulnerability","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-13T01:48:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1000075","https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83","https://access.redhat.com/errata/RHSA-2018:3729","https://access.redhat.com/errata/RHSA-2018:3730","https://access.redhat.com/errata/RHSA-2018:3731","https://access.redhat.com/errata/RHSA-2019:2028","https://access.redhat.com/errata/RHSA-2020:0542","https://access.redhat.com/errata/RHSA-2020:0591","https://access.redhat.com/errata/RHSA-2020:0663","https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","https://usn.ubuntu.com/3621-1/","https://www.debian.org/security/2018/dsa-4219","https://www.debian.org/security/2018/dsa-4259","http://blog.rubygems.org/2018/02/15/2.7.6-released.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183","https://github.com/advisories/GHSA-74pv-v9gh-h25p"],"source_kind":"github","identifiers":["GHSA-74pv-v9gh-h25p","CVE-2018-1000075"],"repository_url":"https://github.com/rubygems/rubygems","blast_radius":0.0,"created_at":"2023-03-10T01:03:09.002Z","updated_at":"2026-06-26T12:09:05.006Z","epss_percentage":0.04769,"epss_percentile":0.90759,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NHB2LXY5Z2gtaDI1cM4AASkU","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03NHB2LXY5Z2gtaDI1cM4AASkU","packages":[{"ecosystem":"maven","package_name":"org.jruby:jruby-stdlib","versions":[{"first_patched_version":"9.1.16.0","vulnerable_version_range":"\u003c 9.1.16.0"}],"purl":null},{"ecosystem":"rubygems","package_name":"rubygems-update","versions":[{"first_patched_version":"2.7.6","vulnerable_version_range":"\u003c 2.7.6"}],"purl":"pkg:gem/rubygems-update"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NHB2LXY5Z2gtaDI1cM4AASkU/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1neDY5LTZjcDQtaHhyas38Wg","url":"https://github.com/advisories/GHSA-gx69-6cp4-hxrj","title":"RubyGems Link Following vulnerability","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in `install_location` function of `package.rb` that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-13T01:18:44.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1000073","https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2","https://access.redhat.com/errata/RHSA-2018:3729","https://access.redhat.com/errata/RHSA-2018:3730","https://access.redhat.com/errata/RHSA-2018:3731","https://access.redhat.com/errata/RHSA-2019:2028","https://access.redhat.com/errata/RHSA-2020:0542","https://access.redhat.com/errata/RHSA-2020:0591","https://access.redhat.com/errata/RHSA-2020:0663","https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html","https://usn.ubuntu.com/3621-1/","https://www.debian.org/security/2018/dsa-4219","https://www.debian.org/security/2018/dsa-4259","http://blog.rubygems.org/2018/02/15/2.7.6-released.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925986","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2018-1000073.yml","https://github.com/advisories/GHSA-gx69-6cp4-hxrj"],"source_kind":"github","identifiers":["GHSA-gx69-6cp4-hxrj","CVE-2018-1000073"],"repository_url":"https://github.com/rubygems/rubygems","blast_radius":0.0,"created_at":"2023-03-08T21:03:15.864Z","updated_at":"2026-06-26T12:09:05.013Z","epss_percentage":0.05076,"epss_percentile":0.91237,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1neDY5LTZjcDQtaHhyas38Wg","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1neDY5LTZjcDQtaHhyas38Wg","packages":[{"ecosystem":"maven","package_name":"org.jruby:jruby-stdlib","versions":[{"first_patched_version":"9.1.16.0","vulnerable_version_range":"\u003c 9.1.16.0"}],"purl":null},{"ecosystem":"rubygems","package_name":"rubygems-update","versions":[{"first_patched_version":"2.7.6","vulnerable_version_range":"\u003c 2.7.6"}],"purl":"pkg:gem/rubygems-update"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1neDY5LTZjcDQtaHhyas38Wg/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/maven/org.jruby:jruby-stdlib","docker_dependents_count":420,"docker_downloads_count":972949140,"usage_url":"https://repos.ecosyste.ms/usage/maven/org.jruby:jruby-stdlib","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/maven/org.jruby:jruby-stdlib/dependencies","status":null,"funding_links":["https://github.com/sponsors/headius","https://patreon.com/JRuby"],"critical":null,"issue_metadata":{"last_synced_at":"2025-10-30T01:02:22.409Z","issues_count":620,"pull_requests_count":1268,"avg_time_to_close_issue":29446118.196141478,"avg_time_to_close_pull_request":3258103.5226415093,"issues_closed_count":310,"pull_requests_closed_count":1060,"pull_request_authors_count":49,"issue_authors_count":227,"avg_comments_per_issue":3.903225806451613,"avg_comments_per_pull_request":0.748422712933754,"merged_pull_requests_count":957,"bot_issues_count":0,"bot_pull_requests_count":4,"past_year_issues_count":240,"past_year_pull_requests_count":584,"past_year_avg_time_to_close_issue":1214864.7373737374,"past_year_avg_time_to_close_pull_request":331455.3043478261,"past_year_issues_closed_count":99,"past_year_pull_requests_closed_count":460,"past_year_pull_request_authors_count":25,"past_year_issue_authors_count":96,"past_year_avg_comments_per_issue":2.2375,"past_year_avg_comments_per_pull_request":0.6763698630136986,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":427,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/jruby%2Fjruby/issues","maintainers":[{"login":"headius","count":735,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/headius"},{"login":"enebo","count":453,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/enebo"},{"login":"kares","count":67,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kares"},{"login":"eregon","count":21,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/eregon"},{"login":"donv","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/donv"},{"login":"byteit101","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/byteit101"},{"login":"mkristian","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mkristian"}],"active_maintainers":[{"login":"headius","count":351,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/headius"},{"login":"enebo","count":205,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/enebo"},{"login":"kares","count":17,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kares"},{"login":"eregon","count":3,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/eregon"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.jruby:jruby-stdlib/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.jruby:jruby-stdlib/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.jruby:jruby-stdlib/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.jruby:jruby-stdlib/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.jruby:jruby-stdlib/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.jruby:jruby-stdlib/codemeta","maintainers":[]}