Fix Critical Ruby CVEs Ruby
Fix CRITICAL and HIGH CVEs in Ruby gems. Paste Gemfile and get a patched version with CISA KEV flags — no CLI needed.
⚠ The Problem
bundler-audit or manual research flags a critical CVE in your Gemfile but gives no patched Gemfile to download.
Bad Configuration — Gemfile
gem 'nokogiri', '1.11.0' gem 'rack', '2.2.2'
Fixed Configuration — Gemfile
gem 'nokogiri', '1.16.5' gem 'rack', '3.0.11'
✓ Fix
nokogiri 1.11.0 is affected by CVE-2022-24836 (CRITICAL). rack 2.2.2 is affected by CVE-2023-27530 (HIGH). Update to safe versions above. After updating, run bundle install.
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
What is the most critical Ruby gem CVE in 2024-2026?
nokogiri has had the most CRITICAL CVEs of any Ruby gem in this period. Always keep nokogiri pinned to the latest version.
How do I force a gem version in Gemfile?
Use gem 'nokogiri', '~> 1.16.5' to pin to a safe version with patch updates allowed, or '1.16.5' for an exact pin.
Does CISA KEV include Ruby gems?
Yes. rack vulnerabilities have appeared in the CISA KEV catalog. PackageFix flags these with a red KEV badge.
How do I scan Gemfile.lock for transitive CVEs?
Drop Gemfile.lock alongside Gemfile into PackageFix. It parses the full lockfile and flags transitive vulnerabilities.