Public RubyGems bug reports.

Team Bounty Title
RubyGems $1,000 Installing a crafted gem package may create or overwrite files
RubyGems - No limit of summary length allows Denail of Service
RubyGems $500 Escape sequence injection in "summary" field
RubyGems $1,000 Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier
RubyGems - Possible Subdomain Takeover at pointing to Fastly
RubyGems - Login credentials transmitted in cleartext on
RubyGems - Password Reset emails missing TLS leads account takeover
RubyGems - Invalid username updating