Is rubygems-update safe to use?

rubygems-update has 7 known vulnerabilities on the latest version (4.0.11). DepScope rates its health at 48/100 (high risk).

What is the latest version of rubygems-update?

The latest version of rubygems-update is 4.0.11, released 2026-04-30.

Does rubygems-update have known vulnerabilities?

Yes. rubygems-update has 7 known vulnerabilities. See depscope.dev/pkg/rubygems/rubygems-update for details.

Is rubygems-update deprecated?

No, rubygems-update is actively maintained. Latest release: 4.0.11 (2026-04-30).

What are alternatives to rubygems-update?

Popular alternatives to rubygems-update in RubyGems include: jmespath, netrc, thread_safe, crass, tzinfo.

What license does rubygems-update use?

rubygems-update is licensed under Ruby.

rubygems-update

rubygemsv4.0.11

A package (also known as a library) contains a set of functionality that can be invoked by a Ruby program, such as reading and parsing an XML file. We call these packages 'gems' and RubyGems is a tool to install, create, manage and load these packages in your Ruby environment. RubyGems is also a client for RubyGems.org, a public repository of Gems that allows you to publish a Gem that can be shared and used by other developers. See our guide on publishing a Gem at guides.rubygems.org

License Ruby20 versions0 deps155,474 weekly dl

ruby/rubygems

/ 100

Health

do not use

rubygems-update has critical vulnerabilities — do not use

Update to >= 9.1.16.0 to fix known vulnerabilities

3 high severity vulnerabilities
1 critical vulnerabilities

Health breakdown0 – 100

25/25

maintenance

14/20

popularity

0/25

security

9/15

maturity

0/15

community

Vulnerabilities

1 critical3 high3 medium

Advisories (7)

Severity	ID	Summary	Fixed in
high	CVE-2018-1000075	RubyGems Infinite Loop vulnerability	9.1.16.0
medium	CVE-2018-1000078	RubyGems Cross-site Scripting vulnerability	9.1.16.0
medium	CVE-2018-1000079	RubyGems Path Traversal vulnerability	9.1.16.0
medium	CVE-2018-1000077	RubyGems Improper Input Validation vulnerability	9.1.16.0
high	CVE-2018-1000073	RubyGems Link Following vulnerability	9.1.16.0
critical	CVE-2018-1000076	RubyGems Improper Verification of Cryptographic Signature vulnerability	9.1.16.0
high	CVE-2018-1000074	RubyGems Deserialization of Untrusted Data vulnerability	9.1.16.0

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/rubygems/rubygems-update