[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-1000076":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":76,"related":77,"reserved_at":9,"published_at":83,"modified_at":84,"state":85,"summary":86,"references_raw":95,"kevs":199,"epss":200,"epss_history":203,"metrics":459,"affected":470},"CVE-2018-1000076","RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-347","Improper Verification of Cryptographic Signature","The product does not verify, or incorrectly verifies, the cryptographic signature for data.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-463","Padding Oracle Crypto Attack",[],{"id":24,"name":25,"techniques":26},"CAPEC-475","Signature Spoofing by Improper Validation",[],[],[29],"GHSA-mc6j-h948-v2p6",[],[32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74],{"_key":33},"SUSE-SU-2019:1804-1",{"_key":35},"SUSE-SU-2020:1570-1",{"_key":37},"OPENSUSE-SU-2019:1771-1",{"_key":39},"DLA-1336-1",{"_key":41},"DLA-1337-1",{"_key":43},"DLA-1358-1",{"_key":45},"DLA-1421-1",{"_key":47},"DLA-1796-1",{"_key":49},"DSA-4219-1",{"_key":51},"DSA-4259-1",{"_key":53},"MGASA-2020-0243",{"_key":55},"MGASA-2019-0062",{"_key":57},"RHSA-2018:3729",{"_key":59},"RHSA-2018:3730",{"_key":61},"RHSA-2018:3731",{"_key":63},"RHSA-2019:2028",{"_key":65},"RHSA-2020:0542",{"_key":67},"RHSA-2020:0591",{"_key":69},"RHSA-2020:0663",{"_key":71},"UBUNTU-CVE-2018-1000076",{"_key":73},"USN-3621-1",{"_key":75},"DEBIAN-CVE-2018-1000076",[],[78,79,80,81,82],{"_key":33},{"_key":35},{"_key":37},{"_key":55},{"_key":53},"2018-03-13T15:00:00.000Z","2024-08-05T12:33:49.167Z","Modified",{"cisa_kev":87,"cisa_ransomware":87,"cisa_vendor":9,"epss_severity":88,"epss_score":89,"severity":90,"severity_score":91,"severity_version":92,"severity_source":93,"severity_vector":94,"severity_status":85},false,"low",0.00929,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[96,105,110,115,119,125,129,134,138,142,147,152,156,160,165,169,173,177,181,186,190,194],{"url":97,"sources":98,"tags":101},"https://www.debian.org/security/2018/dsa-4219",[99,93,100],"cve.org","osv_maven",[102,103,104],"Vendor Advisory","X Refsource DEBIAN","WEB",{"url":106,"sources":107,"tags":108},"https://usn.ubuntu.com/3621-1/",[99,93],[102,109],"X Refsource UBUNTU",{"url":111,"sources":112,"tags":113},"https://access.redhat.com/errata/RHSA-2018:3729",[99,93,100],[102,114,104],"X Refsource REDHAT",{"url":116,"sources":117,"tags":118},"https://access.redhat.com/errata/RHSA-2018:3730",[99,93,100],[102,114,104],{"url":120,"sources":121,"tags":122},"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html",[99,93,100],[123,124,104],"Mailing List","X Refsource MLIST",{"url":126,"sources":127,"tags":128},"https://access.redhat.com/errata/RHSA-2018:3731",[99,93,100],[102,114,104],{"url":130,"sources":131,"tags":132},"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html",[99,93,100],[123,124,133,104],"Third Party Advisory",{"url":135,"sources":136,"tags":137},"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html",[99,93,100],[123,124,104],{"url":139,"sources":140,"tags":141},"https://www.debian.org/security/2018/dsa-4259",[99,93,100],[102,103,104],{"url":143,"sources":144,"tags":145},"http://blog.rubygems.org/2018/02/15/2.7.6-released.html",[99,93,100],[146,102,104],"X Refsource MISC",{"url":148,"sources":149,"tags":150},"https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693",[99,93,100],[146,151,133,104],"Patch",{"url":153,"sources":154,"tags":155},"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html",[99,93,100],[123,124,133,104],{"url":157,"sources":158,"tags":159},"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html",[99,93,100],[123,124,104],{"url":161,"sources":162,"tags":163},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html",[99,93,100],[102,164,104],"X Refsource SUSE",{"url":166,"sources":167,"tags":168},"https://access.redhat.com/errata/RHSA-2019:2028",[99,93,100],[102,114,104],{"url":170,"sources":171,"tags":172},"https://access.redhat.com/errata/RHSA-2020:0542",[99,93,100],[102,114,104],{"url":174,"sources":175,"tags":176},"https://access.redhat.com/errata/RHSA-2020:0591",[99,93,100],[102,114,104],{"url":178,"sources":179,"tags":180},"https://access.redhat.com/errata/RHSA-2020:0663",[99,93,100],[102,114,104],{"url":182,"sources":183,"tags":184},"https://nvd.nist.gov/vuln/detail/CVE-2018-1000076",[100],[185],"Advisory",{"url":187,"sources":188,"tags":189},"https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7",[100],[104],{"url":191,"sources":192,"tags":193},"https://usn.ubuntu.com/3621-1",[100],[104],{"url":195,"sources":196,"tags":197},"https://github.com/rubygems/rubygems",[100],[198],"PACKAGE",[],{"date":201,"score":89,"percentile":202},"2026-06-04",0.76468,[204,208,211,214,217,219,222,225,228,231,234,237,240,242,245,249,252,255,258,261,264,266,268,271,273,275,278,280,283,286,289,292,295,297,299,301,304,307,310,313,316,318,321,324,327,330,333,336,339,341,344,347,350,353,356,359,361,364,367,370,373,376,379,382,385,388,391,394,397,400,403,405,408,411,414,417,420,422,425,428,431,434,437,440,442,445,448,451,454,456],{"date":205,"score":206,"percentile":207},"2025-11-04",0.0086,0.74291,{"date":209,"score":206,"percentile":210},"2025-11-05",0.74277,{"date":212,"score":206,"percentile":213},"2025-11-06",0.74276,{"date":215,"score":206,"percentile":216},"2025-11-07",0.74293,{"date":218,"score":206,"percentile":207},"2025-11-08",{"date":220,"score":206,"percentile":221},"2025-11-09",0.74286,{"date":223,"score":206,"percentile":224},"2025-11-10",0.74273,{"date":226,"score":206,"percentile":227},"2025-11-11",0.74275,{"date":229,"score":206,"percentile":230},"2025-11-12",0.74294,{"date":232,"score":206,"percentile":233},"2025-11-13",0.74301,{"date":235,"score":206,"percentile":236},"2025-11-14",0.74306,{"date":238,"score":206,"percentile":239},"2025-11-15",0.74303,{"date":241,"score":206,"percentile":233},"2025-11-16",{"date":243,"score":206,"percentile":244},"2025-11-17",0.74295,{"date":246,"score":247,"percentile":248},"2025-11-18",0.02289,0.83353,{"date":250,"score":247,"percentile":251},"2025-11-19",0.83355,{"date":253,"score":247,"percentile":254},"2025-11-20",0.83361,{"date":256,"score":206,"percentile":257},"2025-11-21",0.74317,{"date":259,"score":206,"percentile":260},"2025-11-22",0.7431,{"date":262,"score":206,"percentile":263},"2025-11-23",0.74297,{"date":265,"score":206,"percentile":216},"2025-11-24",{"date":267,"score":206,"percentile":244},"2025-11-25",{"date":269,"score":206,"percentile":270},"2025-11-26",0.743,{"date":272,"score":206,"percentile":239},"2025-11-27",{"date":274,"score":206,"percentile":207},"2025-11-28",{"date":276,"score":206,"percentile":277},"2025-11-29",0.74289,{"date":279,"score":206,"percentile":221},"2025-11-30",{"date":281,"score":206,"percentile":282},"2025-12-01",0.74419,{"date":284,"score":206,"percentile":285},"2025-12-02",0.74425,{"date":287,"score":206,"percentile":288},"2025-12-03",0.74415,{"date":290,"score":206,"percentile":291},"2025-12-04",0.74281,{"date":293,"score":206,"percentile":294},"2025-12-05",0.7429,{"date":296,"score":206,"percentile":216},"2025-12-06",{"date":298,"score":206,"percentile":294},"2025-12-07",{"date":300,"score":206,"percentile":230},"2025-12-08",{"date":302,"score":206,"percentile":303},"2025-12-09",0.74322,{"date":305,"score":206,"percentile":306},"2025-12-10",0.74353,{"date":308,"score":206,"percentile":309},"2025-12-11",0.74367,{"date":311,"score":206,"percentile":312},"2025-12-12",0.74391,{"date":314,"score":206,"percentile":315},"2025-12-13",0.74397,{"date":317,"score":206,"percentile":315},"2025-12-14",{"date":319,"score":206,"percentile":320},"2025-12-15",0.74401,{"date":322,"score":206,"percentile":323},"2025-12-16",0.74411,{"date":325,"score":206,"percentile":326},"2025-12-17",0.74422,{"date":328,"score":206,"percentile":329},"2025-12-18",0.74444,{"date":331,"score":206,"percentile":332},"2025-12-19",0.7446,{"date":334,"score":206,"percentile":335},"2025-12-20",0.74458,{"date":337,"score":206,"percentile":338},"2025-12-21",0.74451,{"date":340,"score":206,"percentile":338},"2025-12-22",{"date":342,"score":206,"percentile":343},"2025-12-23",0.74445,{"date":345,"score":206,"percentile":346},"2025-12-24",0.74457,{"date":348,"score":206,"percentile":349},"2025-12-25",0.74485,{"date":351,"score":206,"percentile":352},"2025-12-26",0.7448,{"date":354,"score":206,"percentile":355},"2025-12-27",0.74529,{"date":357,"score":206,"percentile":358},"2025-12-28",0.74462,{"date":360,"score":206,"percentile":335},"2025-12-29",{"date":362,"score":206,"percentile":363},"2025-12-30",0.74471,{"date":365,"score":206,"percentile":366},"2025-12-31",0.74498,{"date":368,"score":206,"percentile":369},"2026-01-01",0.74641,{"date":371,"score":206,"percentile":372},"2026-01-02",0.74642,{"date":374,"score":206,"percentile":375},"2026-01-03",0.74643,{"date":377,"score":206,"percentile":378},"2026-01-04",0.7451,{"date":380,"score":206,"percentile":381},"2026-01-05",0.74502,{"date":383,"score":206,"percentile":384},"2026-01-06",0.74519,{"date":386,"score":206,"percentile":387},"2026-01-07",0.74527,{"date":389,"score":206,"percentile":390},"2026-01-08",0.7454,{"date":392,"score":89,"percentile":393},"2026-01-09",0.75598,{"date":395,"score":89,"percentile":396},"2026-01-10",0.756,{"date":398,"score":89,"percentile":399},"2026-01-11",0.75585,{"date":401,"score":89,"percentile":402},"2026-01-12",0.7557,{"date":404,"score":89,"percentile":402},"2026-01-13",{"date":406,"score":89,"percentile":407},"2026-01-14",0.75597,{"date":409,"score":89,"percentile":410},"2026-01-15",0.75604,{"date":412,"score":89,"percentile":413},"2026-01-16",0.75615,{"date":415,"score":89,"percentile":416},"2026-01-17",0.75614,{"date":418,"score":89,"percentile":419},"2026-01-18",0.75605,{"date":421,"score":89,"percentile":396},"2026-01-19",{"date":423,"score":89,"percentile":424},"2026-01-20",0.75603,{"date":426,"score":89,"percentile":427},"2026-01-21",0.75608,{"date":429,"score":89,"percentile":430},"2026-01-22",0.75612,{"date":432,"score":89,"percentile":433},"2026-01-23",0.75639,{"date":435,"score":89,"percentile":436},"2026-01-24",0.75644,{"date":438,"score":89,"percentile":439},"2026-01-25",0.75631,{"date":441,"score":89,"percentile":439},"2026-01-26",{"date":443,"score":89,"percentile":444},"2026-01-27",0.75633,{"date":446,"score":89,"percentile":447},"2026-01-28",0.75643,{"date":449,"score":89,"percentile":450},"2026-01-29",0.7564,{"date":452,"score":89,"percentile":453},"2026-01-30",0.75646,{"date":455,"score":89,"percentile":453},"2026-01-31",{"date":457,"score":89,"percentile":458},"2026-02-01",0.75769,[460,468],{"source":93,"cvss_v2_0":461,"cvss_v3_0":466,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":462,"baseSeverity":9,"vectorString":463,"impactScore":464,"exploitabilityScore":465},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":91,"baseSeverity":467,"vectorString":94,"impactScore":91,"exploitabilityScore":465},"CRITICAL",{"source":100,"cvss_v2_0":9,"cvss_v3_0":469,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":91,"baseSeverity":9,"vectorString":94,"impactScore":91,"exploitabilityScore":465},[471,480,493,503],{"ecosystem":9,"name":472,"vendor":473,"product":474,"cpe_part":475,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":476},"debian linux","debian","debian_linux","o",[477],{"version":478,"is_range":87,"range_type":479,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0","cpe",{"ecosystem":481,"name":482,"vendor":481,"product":482,"cpe_part":9,"purl_type":483,"purl_namespace":9,"purl_name":482,"source":9,"versions":484},"RubyGems","rubygems-update","gem",[485],{"version":486,"is_range":487,"range_type":488,"version_start":489,"version_start_type":490,"version_end":491,"version_end_type":492,"fixed_in":9},"gte2_2_0_lt2_7_6",true,"ecosystem","2.2.0","including","2.7.6","excluding",{"ecosystem":494,"name":495,"vendor":496,"product":497,"cpe_part":9,"purl_type":498,"purl_namespace":496,"purl_name":497,"source":9,"versions":499},"Maven","org.jruby:jruby-stdlib","org.jruby","jruby-stdlib","maven",[500],{"version":501,"is_range":487,"range_type":488,"version_start":9,"version_start_type":9,"version_end":502,"version_end_type":492,"fixed_in":9},"lt9_1_16_0","9.1.16.0",{"ecosystem":9,"name":504,"vendor":504,"product":504,"cpe_part":505,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":506},"rubygems","a",[507,510,513,516],{"version":508,"is_range":487,"range_type":479,"version_start":9,"version_start_type":9,"version_end":509,"version_end_type":490,"fixed_in":9},"lte2.2.9","2.2.9",{"version":511,"is_range":487,"range_type":479,"version_start":9,"version_start_type":9,"version_end":512,"version_end_type":490,"fixed_in":9},"lte2.3.6","2.3.6",{"version":514,"is_range":487,"range_type":479,"version_start":9,"version_start_type":9,"version_end":515,"version_end_type":490,"fixed_in":9},"lte2.4.3","2.4.3",{"version":517,"is_range":487,"range_type":479,"version_start":9,"version_start_type":9,"version_end":518,"version_end_type":490,"fixed_in":9},"lte2.5.0","2.5.0"]