Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-52783 |
|
Vulnerability in rails (CVE-2026-52783)
vulnerability in rails (CVE-2026-52783). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-46386 |
|
Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44511 |
|
Vulnerability in katalyst-koi (CVE-2026-44511)
vulnerability in katalyst-koi (CVE-2026-44511). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.0` or later.
|
| CVE-2026-44837 |
|
Vulnerability in view_component (CVE-2026-44837)
vulnerability in view_component (CVE-2026-44837). Confidential information can be exposed externally. Exploitable via `GET /_system_test_entrypoint`. Mitigation: upgrade to `4.9.0` or later.
|
| CVE-2026-44836 |
|
Vulnerability in view_component (CVE-2026-44836)
vulnerability in view_component (CVE-2026-44836). Confidential information can be exposed externally. Exploitable via `GET /rails/view_components/my_component/render_with_template`. Mitigation: upgrade to `4.9.0` or later.
|
| CVE-2026-42205 |
|
Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
|
| CVE-2026-40295 |
|
Open Redirect in devise (CVE-2026-40295)
vulnerability in devise (CVE-2026-40295). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `5.0.4` or later.
|
| CVE-2026-41512 |
|
Code Injection in gem (CVE-2026-41512)
code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.
|
| CVE-2026-33195 |
|
Path Traversal in activestorage (CVE-2026-33195)
path traversal in activestorage (CVE-2026-33195). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.2.3.1` or later.
|
| CVE-2024-0241 |
|
Vulnerability in rails (CVE-2024-0241)
vulnerability in rails (CVE-2024-0241). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-48795 |
|
Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
|
| CVE-2017-17920 |
|
SQL Injection in rails (CVE-2017-17920)
SQL injection in rails (CVE-2017-17920). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17919 |
|
SQL Injection in rails (CVE-2017-17919)
SQL injection in rails (CVE-2017-17919). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17917 |
|
SQL Injection in rails (CVE-2017-17917)
SQL injection in rails (CVE-2017-17917). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17916 |
|
SQL Injection in rails (CVE-2017-17916)
SQL injection in rails (CVE-2017-17916). Successful exploitation can lead to full system takeover.
|
| CVE-2014-7813 |
|
Vulnerability in rails (CVE-2014-7813)
vulnerability in rails (CVE-2014-7813). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11727 |
|
Cross-Site Scripting (XSS) in rails (CVE-2017-11727)
cross-site scripting in rails (CVE-2017-11727). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11726 |
|
Cross-Site Request Forgery (CSRF) in rails (CVE-2017-11726)
vulnerability in rails (CVE-2017-11726). Successful exploitation can lead to full system takeover.
|
| CVE-2017-9229 |
|
Vulnerability in oniguruma-project (CVE-2017-9229)
vulnerability in oniguruma-project (CVE-2017-9229). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-9228 |
|
Out-of-Bounds Write in oniguruma-project (CVE-2017-9228)
out-of-bounds write in oniguruma-project (CVE-2017-9228). Successful exploitation can lead to full system takeover.
|
| CVE-2017-9227 |
|
Out-of-Bounds Read in oniguruma-project (CVE-2017-9227)
vulnerability in oniguruma-project (CVE-2017-9227). Successful exploitation can lead to full system takeover.
|
| CVE-2017-9226 |
|
Out-of-Bounds Write in oniguruma-project (CVE-2017-9226)
out-of-bounds write in oniguruma-project (CVE-2017-9226). Successful exploitation can lead to full system takeover.
|
| CVE-2017-9225 |
|
Out-of-Bounds Write in oniguruma-project (CVE-2017-9225)
out-of-bounds write in oniguruma-project (CVE-2017-9225). Successful exploitation can lead to full system takeover.
|
| CVE-2017-9224 |
|
Out-of-Bounds Read in oniguruma-project (CVE-2017-9224)
vulnerability in oniguruma-project (CVE-2017-9224). Successful exploitation can lead to full system takeover.
|
| CVE-2016-7798 |
|
Vulnerability in ruby-lang (CVE-2016-7798)
vulnerability in ruby-lang (CVE-2016-7798). Confidential information can be exposed externally.
|