Skip to content
supplychainattack.orgSupply chain attack incident catalog

RubyGems supply chain incidents

90 confirmed incidents affecting the rubygems ecosystem.

  1. resolvedcritical

    Malicious code in zwmeet017694 (RubyGems)

    Malicious code was discovered in the zwmeet017694 RubyGems package. The package was identified by the OpenSSF malicious-packages project and assigned advisory GHSA-54w6-2989-56v7.

    RubyGemsCompromised package
  2. resolvedcritical

    Malicious code in zzfadgivar09 (RubyGems)

    Malicious code was discovered in the zzfadgivar09 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  3. resolvedcritical

    Malicious code in zzjinavcsfossil (RubyGems)

    Malicious code was published in the zzjinavcsfossil package on RubyGems. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  4. resolvedcritical

    Malicious code in zzpdfvar07 (RubyGems)

    Malicious code was discovered in the zzpdfvar07 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9964.

    RubyGemsCompromised package
  5. resolvedcritical

    Malicious code in zzfadgivar01 (RubyGems)

    Malicious code was discovered in the zzfadgivar01 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Security Advisory GHSA-9g95-jm3c-f79g.

    RubyGemsCompromised package
  6. resolvedcritical

    Malicious code in zzpdfvar14 (RubyGems)

    Malicious code was discovered in the zzpdfvar14 package on RubyGems. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9971.

    RubyGemsCompromised package
  7. resolvedcritical

    Malicious code in zzpdfvar05 (RubyGems)

    Malicious code was discovered in the zzpdfvar05 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Advisory GHSA-49pr-q84r-hfv8.

    RubyGemsCompromised package
  8. resolvedcritical

    Malicious code in zzlambtestf295 (RubyGems)

    Malicious code was discovered in the zzlambtestf295 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Security Advisory GHSA-f483-hmjg-2j4m.

    RubyGemsCompromised package
  9. resolvedcritical

    Malicious code in zzfadgivar08 (RubyGems)

    Malicious code was discovered in the zzfadgivar08 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Security Advisory GHSA-gf2j-wrw9-h7g7.

    RubyGemsCompromised package
  10. resolvedcritical

    Malicious code in zzfadgivar00 (RubyGems)

    Malicious code was published in the zzfadgivar00 RubyGems package. The package was identified and reported by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  11. resolvedcritical

    Malicious code in zztest4098 (RubyGems)

    Malicious code was discovered in the zztest4098 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  12. resolvedcritical

    Malicious code in zzsouthhack252269 (RubyGems)

    Malicious code was published in the RubyGems package zzsouthhack252269. The package was identified and documented by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  13. resolvedcritical

    Malicious code in zzpdfvar08 (RubyGems)

    Malicious code was discovered in the zzpdfvar08 RubyGems package. The package was identified by the OpenSSF malicious-packages project as containing malicious code.

    RubyGemsCompromised package
  14. resolvedcritical

    Malicious code in zzfadgivar06 (RubyGems)

    Malicious code was discovered in the zzfadgivar06 RubyGems package. The package was identified by the OpenSSF malicious-packages project and reported via GitHub Advisory GHSA-3j6m-654q-8x4q.

    RubyGemsCompromised package
  15. resolvedcritical

    Malicious code in zzfadgivar10 (RubyGems)

    Malicious code was discovered in the zzfadgivar10 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Security Advisory GHSA-crg7-g47c-86c6.

    RubyGemsCompromised package
  16. resolvedcritical

    Malicious code in zzdelay2119 (RubyGems)

    Malicious code was discovered in the zzdelay2119 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9935.

    RubyGemsCompromised package
  17. resolvedcritical

    Malicious code in zztxtwtmp05 (RubyGems)

    Malicious code was published in the zztxtwtmp05 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Advisory GHSA-2pxx-p3xh-qj6q.

    RubyGemsCompromised package
  18. resolvedcritical

    Malicious code in zzpdfvar04 (RubyGems)

    Malicious code was discovered in the zzpdfvar04 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9961.

    RubyGemsCompromised package
  19. resolvedcritical

    Malicious code in zzpdfvar02 (RubyGems)

    Malicious code was discovered in the zzpdfvar02 package on RubyGems. The package contained intentional malicious functionality and was flagged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  20. resolvedcritical

    Malicious code in zzjinavcshg (RubyGems)

    Malicious code was discovered in the zzjinavcshg RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Security Advisory GHSA-5c6q-wgr7-jpmj.

    RubyGemsCompromised package
  21. resolvedcritical

    Malicious code in zzfadgivar02 (RubyGems)

    Malicious code was discovered in the zzfadgivar02 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  22. resolvedcritical

    Malicious code in zztestproxyfooabcxyz (RubyGems)

    Malicious code was discovered in the zztestproxyfooabcxyz RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  23. resolvedcritical

    Malicious code in zwkopt5 (RubyGems)

    Malicious code was discovered in the zwkopt5 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  24. resolvedcritical

    Malicious code in zzpdfvar00 (RubyGems)

    Malicious code was discovered in the zzpdfvar00 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9957.

    RubyGemsCompromised package
  25. resolvedcritical

    Malicious code in zztemp-ssf-2605 (RubyGems)

    Malicious code was discovered in the zztemp-ssf-2605 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  26. resolvedcritical

    Malicious code in zwxbcsacre (RubyGems)

    Malicious code was discovered in the zwxbcsacre RubyGems package. The package was flagged by the OpenSSF malicious packages project and assigned identifier MAL-2026-9931.

    RubyGemsCompromised package
  27. resolvedcritical

    Malicious code in zz-oai-test12 (RubyGems)

    Malicious code was discovered in the zz-oai-test12 package on RubyGems. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  28. resolvedcritical

    Malicious code in zwpdfg10266a (RubyGems)

    Malicious code was published in the zwpdfg10266a RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  29. resolvedcritical

    Malicious code in zwwactb3703 (RubyGems)

    Malicious code was published in the RubyGems package zwwactb3703. The package was identified and reported by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  30. resolvedcritical

    Malicious code in zzpdfvar06 (RubyGems)

    Malicious code was discovered in the zzpdfvar06 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Advisory GHSA-qc82-ff9w-gw63.

    RubyGemsCompromised package
  31. resolvedcritical

    Malicious code in zwpdfg10266b (RubyGems)

    Malicious code was discovered in the zwpdfg10266b RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  32. resolvedcritical

    Malicious code in zztest17785553733 (RubyGems)

    Malicious code was discovered in the RubyGems package zztest17785553733. The package was identified and documented by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  33. resolvedcritical

    Malicious code in zztest17785553774 (RubyGems)

    Malicious code was published in the zztest17785553774 package on RubyGems. The package was identified and reported by the OpenSSF malicious-packages project.

    RubyGemsCompromised package
  34. resolvedcritical

    Malicious code in zzjinavcsbzr (RubyGems)

    Malicious code was discovered in the zzjinavcsbzr RubyGems package. The package was identified by the OpenSSF malicious packages project and published as a security advisory.

    RubyGemsCompromised package
  35. resolvedcritical

    Malicious code in zwta6000 (RubyGems)

    Malicious code was discovered in the zwta6000 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  36. resolvedcritical

    Malicious code in zzpdfvar10 (RubyGems)

    Malicious code was discovered in the zzpdfvar10 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9967.

    RubyGemsCompromised package
  37. resolvedcritical

    Malicious code in zwtd102 (RubyGems)

    Malicious code was discovered in the zwtd102 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  38. resolvedcritical

    Malicious code in zwtenc1 (RubyGems)

    Malicious code was discovered in the zwtenc1 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned advisory GHSA-958h-6v7m-55q9.

    RubyGemsCompromised package
  39. resolvedcritical

    Malicious code in zwtd101 (RubyGems)

    Malicious code was discovered in the zwtd101 RubyGems package. The package was identified by the OpenSSF malicious-packages project and assigned advisory GHSA-3fwr-j6xp-prv4.

    RubyGemsCompromised package
  40. resolvedcritical

    Malicious code in zwxbcstan (RubyGems)

    Malicious code was discovered in the zwxbcstan RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  41. resolvedcritical

    Malicious code in zwtlist (RubyGems)

    Malicious code was discovered in the zwtlist RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9917.

    RubyGemsCompromised package
  42. resolvedcritical

    Malicious code in zzfadgivar12 (RubyGems)

    Malicious code was discovered in the zzfadgivar12 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Advisory GHSA-54hm-p5mv-4hjw.

    RubyGemsCompromised package
  43. resolvedcritical

    Malicious code in zzpdfvar15 (RubyGems)

    Malicious code was discovered in the zzpdfvar15 RubyGems package. The package contained intentional malicious functionality and was identified by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  44. resolvedcritical

    Malicious code in zwtestabc1 (RubyGems)

    Malicious code was discovered in the zwtestabc1 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  45. resolvedcritical

    Malicious code in zztest17785553805 (RubyGems)

    Malicious code was discovered in the RubyGems package zztest17785553805. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  46. resolvedcritical

    Malicious code in zztest17785553661 (RubyGems)

    Malicious code was discovered in the RubyGems package zztest17785553661. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  47. resolvedcritical

    Malicious code in zzzltestfoobarxyz (RubyGems)

    Malicious code was published in the zzzltestfoobarxyz RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  48. resolvedcritical

    Malicious code in zztxtwtmp10 (RubyGems)

    Malicious code was discovered in the zztxtwtmp10 package on RubyGems. The package was identified by the OpenSSF malicious packages project and assigned advisory GHSA-9382-vv7h-xjg3.

    RubyGemsCompromised package
  49. resolvedcritical

    Malicious code in zztxtwtmp07 (RubyGems)

    Malicious code was discovered in the zztxtwtmp07 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  50. resolvedcritical

    Malicious code in zzfadgivar03 (RubyGems)

    Malicious code was discovered in the zzfadgivar03 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Security Advisory GHSA-7pqh-5vxm-7gg2.

    RubyGemsCompromised package
  51. resolvedcritical

    Malicious code in zzwmgweb02 (RubyGems)

    Malicious code was discovered in the zzwmgweb02 RubyGems package. The package was identified by the OpenSSF malicious-packages project and cataloged as MAL-2026-10004.

    RubyGemsCompromised package
  52. resolvedcritical

    Malicious code in zztxtwtmp08 (RubyGems)

    Malicious code was discovered in the zztxtwtmp08 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  53. resolvedcritical

    Malicious code in zztxtwtmp01 (RubyGems)

    Malicious code was discovered in the zztxtwtmp01 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Security Advisory GHSA-hjr8-xr98-g6hc.

    RubyGemsCompromised package
  54. resolvedcritical

    Malicious code in zztestownedtmp1 (RubyGems)

    Malicious code was discovered in the zztestownedtmp1 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  55. resolvedcritical

    Malicious code in zztxtwtmp12 (RubyGems)

    Malicious code was discovered in the zztxtwtmp12 RubyGems package. The package was identified and reported by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  56. resolvedcritical

    Malicious code in zztxtwtmp11 (RubyGems)

    Malicious code was discovered in the zztxtwtmp11 RubyGems package. The package was identified and reported by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  57. resolvedcritical

    Malicious code in zztxtwtmp09 (RubyGems)

    Malicious code was published in the zztxtwtmp09 RubyGems package. The package was identified by the OpenSSF malicious-packages project and reported via GitHub Advisory GHSA-g2mw-hc98-7xw3.

    RubyGemsCompromised package
  58. resolvedcritical

    Malicious code in zztxtwtmp06 (RubyGems)

    Malicious code was discovered in the RubyGems package zztxtwtmp06. The package was identified and reported by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  59. resolvedcritical

    Malicious code in zzwandtemp1778552518 (RubyGems)

    Malicious code was discovered in the RubyGems package zzwandtemp1778552518. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  60. resolvedcritical

    Malicious code in zztxtwtmp14 (RubyGems)

    Malicious code was published in the zztxtwtmp14 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  61. resolvedcritical

    Malicious code in zzwandsxabc119 (RubyGems)

    Malicious code was discovered in the zzwandsxabc119 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  62. resolvedcritical

    Malicious code in zztxtwtmp04 (RubyGems)

    Malicious code was discovered in the zztxtwtmp04 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Advisory GHSA-9895-v6m3-rp7r.

    RubyGemsCompromised package
  63. resolvedcritical

    Malicious code in zztxtwtmp13 (RubyGems)

    Malicious code was discovered in the zztxtwtmp13 RubyGems package. The package was identified and reported by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  64. resolvedcritical

    Malicious code in zwtd104 (RubyGems)

    Malicious code was discovered in the zwtd104 RubyGems package. The package was flagged by the OpenSSF malicious packages project and assigned advisory GHSA-x8v6-vchw-7v6h.

    RubyGemsCompromised package
  65. resolvedcritical

    Malicious code in zwtestabc2 (RubyGems)

    Malicious code was discovered in the zwtestabc2 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9911.

    RubyGemsCompromised package
  66. resolvedcritical

    Malicious code in zzpdfvar11 (RubyGems)

    Malicious code was discovered in the zzpdfvar11 RubyGems package. The package was identified by the OpenSSF malicious-packages project and assigned identifier MAL-2026-9968.

    RubyGemsCompromised package
  67. resolvedcritical

    Malicious code in zzfadgivar11 (RubyGems)

    Malicious code was published in the zzfadgivar11 RubyGems package. The package was identified and reported by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  68. resolvedcritical

    Malicious code in zzfadgivar04 (RubyGems)

    Malicious code was published in the zzfadgivar04 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  69. resolvedcritical

    Malicious code in zztxtwtmp02 (RubyGems)

    Malicious code was discovered in the zztxtwtmp02 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Security Advisory GHSA-vjqg-hmmx-fw74.

    RubyGemsCompromised package
  70. resolvedcritical

    Malicious code in zzfadgivar13 (RubyGems)

    Malicious code was published in the zzfadgivar13 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  71. resolvedcritical

    Malicious code in zzfadgivar07 (RubyGems)

    Malicious code was discovered in the zzfadgivar07 RubyGems package. The package was identified by the OpenSSF malicious packages project and published as advisory GHSA-6xp7-54gh-c547.

    RubyGemsCompromised package
  72. resolvedcritical

    Malicious code in zwxbccalag (RubyGems)

    Malicious code was discovered in the zwxbccalag RubyGems package. The package was identified and reported by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  73. resolvedcritical

    Malicious code in zzlambcalx1778552149 (RubyGems)

    Malicious code was discovered in the RubyGems package zzlambcalx1778552149. The package was identified and reported by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  74. resolvedcritical

    Malicious code in zzpdfvar13 (RubyGems)

    Malicious code was discovered in the zzpdfvar13 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9970.

    RubyGemsCompromised package
  75. resolvedcritical

    Malicious code in zzpdfvar12 (RubyGems)

    Malicious code was discovered in the zzpdfvar12 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9969.

    RubyGemsCompromised package
  76. resolvedcritical

    Malicious code in zwkopt3 (RubyGems)

    Malicious code was discovered in the zwkopt3 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9885.

    RubyGemsCompromised package
  77. resolvedcritical

    Malicious code in zztest1778552006 (RubyGems)

    Malicious code was discovered in the RubyGems package zztest1778552006. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  78. resolvedcritical

    Malicious code in zzproxyoaiabc431848 (RubyGems)

    Malicious code was published in the zzproxyoaiabc431848 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  79. resolvedcritical

    Malicious code in zztargettest18587 (RubyGems)

    Malicious code was discovered in the RubyGems package zztargettest18587. The package was identified and documented by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  80. resolvedcritical

    Malicious code in zzpdfvar09 (RubyGems)

    Malicious code was discovered in the zzpdfvar09 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Security Advisory GHSA-qj6m-p9hc-6v3r.

    RubyGemsCompromised package
  81. resolvedcritical

    Malicious code in zztestno44 (RubyGems)

    Malicious code was discovered in the zztestno44 RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  82. resolvedcritical

    Malicious code in zzpdfvar03 (RubyGems)

    Malicious code was discovered in the zzpdfvar03 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Advisory GHSA-fjh2-hpmw-wvw7.

    RubyGemsCompromised package
  83. resolvedcritical

    Malicious code in zztxtwtmp03 (RubyGems)

    Malicious code was discovered in the zztxtwtmp03 RubyGems package. The package was identified and reported by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  84. resolvedcritical

    Malicious code in zwxbclic (RubyGems)

    Malicious code was discovered in the zwxbclic package on RubyGems. The package was identified by the OpenSSF malicious packages project and assigned advisory GHSA-5mv7-2rx3-fjhp.

    RubyGemsCompromised package
  85. resolvedcritical

    Malicious code in zztestno33 (RubyGems)

    Malicious code was discovered in the zztestno33 package on RubyGems. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9984.

    RubyGemsCompromised package
  86. resolvedcritical

    Malicious code in zzjinavcssvn (RubyGems)

    Malicious code was published in the zzjinavcssvn RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Advisory GHSA-gh85-vrrg-vhq6.

    RubyGemsCompromised package
  87. resolvedcritical

    Malicious code in zzpdfvar01 (RubyGems)

    Malicious code was discovered in the zzpdfvar01 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9958.

    RubyGemsCompromised package
  88. resolvedcritical

    Malicious code in zztest17785553702 (RubyGems)

    Malicious code was discovered in the RubyGems package zztest17785553702. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  89. resolvedcritical

    Malicious code in zzjinavcsgit (RubyGems)

    Malicious code was published in the zzjinavcsgit RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  90. resolvedcritical

    Malicious code in zzfadgivar05 (RubyGems)

    Malicious code was discovered in the zzfadgivar05 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Advisory GHSA-3gfr-fq7v-cc26.

    RubyGemsCompromised package