All Sidekiq CVEs — Complete Vulnerability History
Sidekiq is Ruby's most popular background job processor. CVEs here are mostly DoS via crafted job payloads. Keep it updated especially if your Redis instance is accessible externally.
Ruby
2M+ weekly downloads
2 CVEs total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2022-23837 | 2022 | HIGH | DoS via malformed job JSON parsing | Fixed 5.2.10 |
| CVE-2023-26141 | 2023 | MEDIUM | XSS in Sidekiq web UI | Fixed 6.5.12 |
Current safe version: 7.2.4
# Before
gem 'sidekiq', '6.5.0'
# After
gem 'sidekiq', '7.2.4'
Then run: bundle install
Paste your manifest — see your exact versions against the full CVE history.
Scan with PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Should the Sidekiq web UI be publicly accessible?
No — Sidekiq's web UI should be protected with authentication and only accessible to admins. CVE-2023-26141 (XSS in the web UI) is less critical if the UI is properly access-controlled.
Does Sidekiq 7 have breaking changes from 6?
Yes — Sidekiq 7 requires Ruby 2.7+ and Redis 6.2+. Job format is backwards-compatible. Check the upgrade notes.