rubygem-bigdecimal vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the rubygem-bigdecimal package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Improper Cross-boundary Removal of Sensitive Data	<0:3.1.5-5.module+el8.10.0+40038+e29e4152
M Resource Exhaustion	<0:3.1.5-5.module+el8.10.0+40038+e29e4152
M CVE-2025-24294	<0:3.1.5-5.module+el8.10.0+40038+e29e4152
M Inefficient Regular Expression Complexity	<0:3.1.1-145.module+el8.10.0+1957+16e0d1a2
M Arbitrary Argument Injection	<0:1.3.4-114.module+el8.10.0+1979+815637df
M Out-of-bounds Read	<0:1.3.4-114.module+el8.10.0+1979+815637df
M Improper Cross-boundary Removal of Sensitive Data	<0:3.1.1-145.module+el8.10.0+1957+16e0d1a2
M Allocation of Resources Without Limits or Throttling	<0:3.1.1-145.module+el8.10.0+1957+16e0d1a2
M Resource Exhaustion	<0:3.1.5-4.module+el8.10.0+2004+fd6e8d72
H Inefficient Regular Expression Complexity	<0:1.3.4-113.module+el8.10.0+1901+b9cac91a
M CVE-2024-43398	<0:3.1.5-3.module+el8.10.0+1867+7989c958
M Resource Exhaustion	<0:3.1.5-3.module+el8.10.0+1867+7989c958
M Resource Exhaustion	<0:3.1.5-3.module+el8.10.0+1867+7989c958
M CVE-2024-39908	<0:3.1.5-3.module+el8.10.0+1867+7989c958
M CVE-2024-35176	<0:1.3.4-112.module+el8.10.0+1839+f1f156ae
M CVE-2024-27282	<0:3.0.0-143.module+el8.10.0+1820+f3fffb92
M CVE-2024-27281	<0:3.0.0-143.module+el8.10.0+1820+f3fffb92
M CVE-2024-27280	<0:3.0.0-143.module+el8.10.0+1820+f3fffb92
M Inefficient Regular Expression Complexity	<0:3.1.1-142.module+el8.9.0+1759+ff68ae72
M Inefficient Regular Expression Complexity	<0:3.0.0-143.module+el8.10.0+1820+f3fffb92
M Inefficient Regular Expression Complexity	<0:3.0.0-143.module+el8.10.0+1820+f3fffb92
M Arbitrary Code Injection	<0:3.0.0-143.module+el8.10.0+1820+f3fffb92
M CVE-2021-28965	<0:2.0.0-136.module+el8.4.0+594+11b6673a
M HTTP Request Smuggling	<0:2.0.0-136.module+el8.4.0+594+11b6673a
M Use of Uninitialized Resource	<0:1.3.4-107.module+el8.4.0+592+03ff458a
M Improper Input Validation	<0:1.3.4-107.module+el8.4.0+592+03ff458a
M Uncontrolled Search Path Element	<0:1.4.1-107.module+el8.4.0+593+8d7f9f0c
M Arbitrary Code Injection	<0:1.3.4-107.module+el8.4.0+592+03ff458a
M Arbitrary Code Injection	<0:1.3.4-107.module+el8.4.0+592+03ff458a
M Improper Authentication	<0:1.3.4-107.module+el8.4.0+592+03ff458a
M CVE-2019-15845	<0:1.3.4-107.module+el8.4.0+592+03ff458a
H Improper Handling of Exceptional Conditions	<0:2.0.0-137.module+el8.4.0+629+f8f0bf91
H CVE-2021-31810	<0:2.0.0-137.module+el8.4.0+629+f8f0bf91
H OS Command Injection	<0:2.0.0-137.module+el8.4.0+629+f8f0bf91
H CVE-2020-36327	<0:2.0.0-137.module+el8.4.0+629+f8f0bf91
M Reliance on Cookies without Validation and Integrity Checking	<0:1.3.4-110.module+el8.6.0+992+fc951c18
M Inefficient Regular Expression Complexity	<0:1.3.4-110.module+el8.6.0+992+fc951c18
M Out-of-bounds Read	<0:2.0.0-138.module+el8.6.0+1001+b5678180
M Double Free	<0:3.0.0-141.module+el8.6.0+1002+a7dba0ac

Vulnerability

Vulnerable Version

Improper Cross-boundary Removal of Sensitive Data

<0:3.1.5-5.module+el8.10.0+40038+e29e4152