Safeguard
Tag

rubygems

Safeguard articles tagged "rubygems" — guides, analysis, and best practices for software supply chain and application security.

24 articles

Open Source Security

RubyGems Malicious Gem Arbitrary Code Execution via Missi...

CVE-2019-8324 let a malicious RubyGems package run arbitrary code at install time via a crafted multi-line gem name evaluated during the preinstall check.

Dec 4, 20257 min read
Open Source Security

RubyGems Escape Sequence Injection via Unpack API (CVE-20...

CVE-2019-8325 lets a malicious RubyGems package inject terminal escape sequences via the unpack API. Here's the impact, affected versions, and how to remediate it.

Dec 3, 20258 min read
Open Source Security

RubyGems.org domain takeover risk report

RubyGems.org hasn't adopted the domain-resurrection defenses PyPI rolled out in 2025 — leaving a proven account-takeover technique open across the Ruby ecosystem.

Nov 21, 20257 min read
Open Source Security

Ruby supply chain security report

A report on Ruby supply chain security: malicious RubyGems campaigns, maintainer credential compromises, and 2025's RubyGems governance dispute.

Nov 21, 20257 min read
Open Source Security

How Snyk scans Composer/PHP and RubyGems dependency manif...

A technical look at how Snyk parses composer.json/composer.lock and Gemfile/Gemfile.lock to build dependency trees and match PHP and Ruby packages against known vulnerabilities.

Aug 23, 20256 min read
Buyer's Guides

Comparing Malicious Package Tactics Across npm, PyPI, Rub...

npm, PyPI, RubyGems, and crates.io each get hit by malicious packages differently. Real incidents from 2018-2025 show how attacker tactics shift by ecosystem.

Aug 1, 20257 min read
Open Source Security

RubyGems Reserved Namespace Claims

A look at how organizations can claim reserved namespace prefixes on RubyGems.org, what the policy currently supports, and where it falls short for real enterprise use cases.

Dec 18, 20248 min read
Open Source Security

RubyGems.org and Sigstore: Progress Check

An honest look at where RubyGems.org stands with Sigstore integration, what has shipped, what is still being debated, and how maintainers can prepare for signed gems.

Sep 20, 20247 min read
Open Source Security

RubyGems Typosquatting Incidents: 2024

A running ledger of typosquat incidents on RubyGems.org through 2024, the patterns across them, and what the year's data says about where the registry's defenses still fall short.

Aug 25, 20248 min read
Open Source Security

RubyGems 2FA Enforcement Analysis

A look at how RubyGems.org rolled out mandatory 2FA for high-traffic gem maintainers, what it has caught, and what gaps still remain in the account-compromise defense story.

Apr 18, 20247 min read
Open Source Security

Ruby Gem Reserved Names Policy

How RubyGems.org handles reserved gem names, what protections exist for trademark holders, and where the policy creates friction for legitimate namespace claims.

Mar 15, 20248 min read
Software Supply Chain Security

RubyGems Yanked Gems: Security Risks of Removed Ruby Packages

When a Ruby gem is yanked from RubyGems.org, it creates security risks for projects that depended on it. Understanding the yanking mechanism is critical for Ruby supply chain security.

Nov 5, 20235 min read
rubygems (Page 2) — Safeguard Blog