| Bug | Description |
|---|
| CVE-2024-26143 | Rails is a web-application framework. There is a possible XSS vulnerab ... |
| CVE-2024-26142 | Rails is a web-application framework. Starting in version 7.1.0, there ... |
| CVE-2023-22797 | An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new ... |
| CVE-2023-22794 | A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 relate ... |
| CVE-2022-27777 | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 wh ... |
| CVE-2022-23633 | Action Pack is a framework for handling and responding to web requests ... |
| CVE-2022-22577 | An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could al ... |
| CVE-2022-21831 | A code injection vulnerability exists in the Active Storage >= v5.2.0 ... |
| CVE-2021-44528 | A open redirect vulnerability exists in Action Pack >= 6.0.0 that coul ... |
| CVE-2021-22942 | A possible open redirect vulnerability in the Host Authorization middl ... |
| CVE-2021-22904 | The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ... |
| CVE-2021-22903 | The actionpack ruby gem before 6.1.3.2 suffers from a possible open re ... |
| CVE-2021-22902 | The actionpack ruby gem (a framework for handling and responding to we ... |
| CVE-2021-22885 | A possible information disclosure / unintended method execution vulner ... |
| CVE-2021-22881 | The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ... |
| CVE-2021-22880 | The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ... |
| CVE-2020-15169 | In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potentia ... |
| CVE-2020-8264 | In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when a ... |
| CVE-2020-8185 | A denial of service vulnerability exists in Rails <6.0.3.2 that allowe ... |
| CVE-2020-8167 | A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that co ... |
| CVE-2020-8166 | A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 th ... |
| CVE-2020-8165 | A deserialization of untrusted data vulnernerability exists in rails < ... |
| CVE-2020-8164 | A deserialization of untrusted data vulnerability exists in rails < 5. ... |
| CVE-2020-8163 | The is a code injection vulnerability in versions of Rails prior to 5. ... |
| CVE-2020-8162 | A client side enforcement of server side security vulnerability exists ... |
| CVE-2020-8151 | There is a possible information disclosure issue in Active Resource <v ... |
| CVE-2020-5267 | In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ... |
| CVE-2019-5420 | A remote code execution vulnerability in development mode Rails <5.2.2 ... |
| CVE-2019-5419 | There is a possible denial of service vulnerability in Action View (Ra ... |
| CVE-2019-5418 | There is a File Content Disclosure vulnerability in Action View <5.2.2 ... |
| CVE-2018-16477 | A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Sto ... |
| CVE-2018-16476 | A Broken Access Control vulnerability in Active Job versions >= 4.2.0 ... |
| CVE-2016-6317 | Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly ... |
| CVE-2016-6316 | Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rai ... |
| CVE-2016-2098 | Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and ... |
| CVE-2016-2097 | Directory traversal vulnerability in Action View in Ruby on Rails befo ... |
| CVE-2016-0753 | Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2. ... |
| CVE-2016-0752 | Directory traversal vulnerability in Action View in Ruby on Rails befo ... |
| CVE-2016-0751 | actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Rub ... |
| CVE-2015-7581 | actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in ... |
| CVE-2015-7577 | activerecord/lib/active_record/nested_attributes.rb in Active Record i ... |
| CVE-2015-7576 | The http_basic_authenticate_with method in actionpack/lib/action_contr ... |
| CVE-2015-3227 | The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ... |
| CVE-2015-3226 | Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active ... |
| CVE-2014-7829 | Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ... |
| CVE-2014-7818 | Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ... |
| CVE-2014-3514 | activerecord/lib/active_record/relation/query_methods.rb in Active Rec ... |
| CVE-2014-3483 | SQL injection vulnerability in activerecord/lib/active_record/connecti ... |
| CVE-2014-3482 | SQL injection vulnerability in activerecord/lib/active_record/connecti ... |
| CVE-2014-0082 | actionpack/lib/action_view/template/text.rb in Action View in Ruby on ... |
| CVE-2014-0081 | Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/ ... |
| CVE-2014-0080 | SQL injection vulnerability in activerecord/lib/active_record/connecti ... |
| CVE-2013-6417 | actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ... |
| CVE-2013-6416 | Cross-site scripting (XSS) vulnerability in the simple_format helper i ... |
| CVE-2013-6415 | Cross-site scripting (XSS) vulnerability in the number_to_currency hel ... |
| CVE-2013-6414 | actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ... |
| CVE-2013-4491 | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ... |
| CVE-2013-4389 | Multiple format string vulnerabilities in log_subscriber.rb files in t ... |
| CVE-2013-3221 | The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ... |
| CVE-2013-1857 | The sanitize helper in lib/action_controller/vendor/html-scanner/html/ ... |
| CVE-2013-1856 | The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini ... |
| CVE-2013-1855 | The sanitize_css method in lib/action_controller/vendor/html-scanner/h ... |
| CVE-2013-1854 | The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1. ... |
| CVE-2013-0333 | lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before ... |
| CVE-2013-0277 | ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allow ... |
| CVE-2013-0276 | ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and ... |
| CVE-2013-0156 | active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2. ... |
| CVE-2013-0155 | Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x befo ... |
| CVE-2012-6497 | The Authlogic gem for Ruby on Rails, when used with certain versions b ... |
| CVE-2012-6496 | SQL injection vulnerability in the Active Record component in Ruby on ... |
| CVE-2012-3465 | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ... |
| CVE-2012-3464 | Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ... |
| CVE-2012-3463 | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ... |
| CVE-2012-3424 | The decode_credentials method in actionpack/lib/action_controller/meta ... |
| CVE-2012-2661 | The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1. ... |
| CVE-2012-1099 | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ... |
| CVE-2012-1098 | Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ... |
| CVE-2011-4319 | Cross-site scripting (XSS) vulnerability in the i18n translations help ... |
| CVE-2011-3186 | CRLF injection vulnerability in actionpack/lib/action_controller/respo ... |
| CVE-2011-2932 | Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ... |
| CVE-2011-2931 | Cross-site scripting (XSS) vulnerability in the strip_tags helper in a ... |
| CVE-2011-2930 | Multiple SQL injection vulnerabilities in the quote_table_name method ... |
| CVE-2011-2929 | The template selection functionality in actionpack/lib/action_view/tem ... |
| CVE-2011-2197 | The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x ... |
| CVE-2011-1497 | A cross-site scripting vulnerability flaw was found in the auto_link f ... |
| CVE-2011-0449 | actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x ... |
| CVE-2011-0448 | Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ... |
| CVE-2011-0447 | Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3. ... |
| CVE-2011-0446 | Multiple cross-site scripting (XSS) vulnerabilities in the mail_to hel ... |
| CVE-2010-3933 | Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attribut ... |
| CVE-2009-4214 | Cross-site scripting (XSS) vulnerability in the strip_tags function in ... |
| CVE-2009-3086 | A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x be ... |
| CVE-2009-3009 | Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2 ... |
| CVE-2009-2422 | The example code for the digest authentication functionality (http_aut ... |
| CVE-2008-7248 | Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ... |
| CVE-2008-5189 | CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remo ... |
| CVE-2008-4094 | Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 a ... |
| CVE-2007-6077 | The session fixation protection mechanism in cgi_process.rb in Rails 1 ... |
| CVE-2007-5380 | Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ... |
| CVE-2007-5379 | Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ... |
| CVE-2007-3227 | Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord: ... |
| CVE-2006-4112 | Unspecified vulnerability in the "dependency resolution mechanism" in ... |
| CVE-2006-4111 | Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby cod ... |