VYPR

Mail

by Mail Project

gem: mail

Source repositories

CVEs (3)

  • CVE-2015-9097MedJun 12, 2017
    risk 0.33cvss 6.1epss 0.03

    The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

  • CVE-2002-0542Jul 3, 2002
    risk 0.03cvss epss 0.02

    mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.

  • CVE-2025-66514Dec 5, 2025
    risk 0.00cvss epss 0.00

    Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content…