Summary iPlain-English security verdict for Ruby, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Ruby currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 4.0.5. It's on the latest patch with no significant known issues — keep it current.
Disclosure trend iNew CVEs published for Ruby each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2017-17405 HIGH OS command injection EPSS 74% → see advisory CVE-2008-3656 HIGH CWE-399 EPSS 70% → see advisory CVE-2021-28966 HIGH Path traversal EPSS 58% → fixed in 3.0.1 CVE-2013-4164 MEDIUM Memory corruption EPSS 35% → see advisory CVE-2018-16395 CRITICAL EPSS 11% → see advisory CVE-2018-8780 CRITICAL Path traversal EPSS 10% → fixed in 2.5.1 CVE-2017-0898 CRITICAL CWE-134 EPSS 10% → see advisory CVE-2017-14064 CRITICAL Memory corruption EPSS 9% → see advisory CVE-2016-2337 CRITICAL EPSS 6% → see advisory CVE-2017-17790 CRITICAL Injection EPSS 6% → see advisory CVE-2016-2339 CRITICAL Memory corruption EPSS 5% → see advisory CVE-2021-41816 CRITICAL Integer overflow EPSS 5% → see advisoryGet alerted about Ruby
Be emailed the moment Ruby gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.
We email only on real events for Ruby — no marketing, no sharing, and we never know what you run. Track your whole stack →
Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each Ruby release line is supported — and when it sunsets. Select a line for its full report.
Full Ruby end-of-life dates & support timeline →
4.0 latest 4.0.5 Supported until 2029-03-314.0.5 → 3.4 latest 3.4.9 Supported until 2028-03-313.4.9 → 3.3 latest 3.3.11 Supported until 2027-03-313.3.11 → 3.2 latest 3.2.11 End of life ended 2026-03-313.2.11 → 3.1 latest 3.1.7 End of life ended 2025-03-313.1.7 → 3.0 latest 3.0.7 End of life ended 2024-04-233.0.7 → 2.7 latest 2.7.8 End of life ended 2023-03-312.7.8 → 2.6 latest 2.6.10 End of life ended 2022-03-312.6.10 → 2.5 latest 2.5.9 End of life ended 2021-03-312.5.9 → 2.4 latest 2.4.10 End of life ended 2020-03-312.4.10 → See all upcoming end-of-life dates →Frequently asked
Is Ruby safe and patched?
Ruby currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 4.0.5. It's on the latest patch with no significant known issues — keep it current.
What should I do about Ruby now?
Upgrade Ruby to the latest supported release (4.0.5) or later and apply available security updates, then confirm against Ruby's official advisory.
When does Ruby reach end-of-life?
The latest supported Ruby release is 4.0.5. After end-of-life a release no longer receives security patches.
Which versions of Ruby are still receiving security updates?
Supported Ruby release lines (latest 4.0.5): 4.0, 3.4, 3.3. End-of-life releases no longer receive security patches.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Ruby's official advisory before you patch or upgrade — Ruby official site ↗