Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Tag: ruby Clear
ID Title
CVE-2026-52783 Vulnerability in rails (CVE-2026-52783)
vulnerability in rails (CVE-2026-52783). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-46386 Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
CVE-2026-44511 Vulnerability in katalyst-koi (CVE-2026-44511)
vulnerability in katalyst-koi (CVE-2026-44511). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.0` or later.
CVE-2026-44837 Vulnerability in view_component (CVE-2026-44837)
vulnerability in view_component (CVE-2026-44837). Confidential information can be exposed externally. Exploitable via `GET /_system_test_entrypoint`. Mitigation: upgrade to `4.9.0` or later.
CVE-2026-44836 Vulnerability in view_component (CVE-2026-44836)
vulnerability in view_component (CVE-2026-44836). Confidential information can be exposed externally. Exploitable via `GET /rails/view_components/my_component/render_with_template`. Mitigation: upgrade to `4.9.0` or later.
CVE-2026-42205 Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
CVE-2026-40295 Open Redirect in devise (CVE-2026-40295)
vulnerability in devise (CVE-2026-40295). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `5.0.4` or later.
CVE-2026-41512 Code Injection in gem (CVE-2026-41512)
code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.
CVE-2026-33195 Path Traversal in activestorage (CVE-2026-33195)
path traversal in activestorage (CVE-2026-33195). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.2.3.1` or later.
CVE-2024-0241 Vulnerability in rails (CVE-2024-0241)
vulnerability in rails (CVE-2024-0241). Risk of unauthorized operations or information disclosure.
CVE-2023-48795 Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
CVE-2017-17920 SQL Injection in rails (CVE-2017-17920)
SQL injection in rails (CVE-2017-17920). Successful exploitation can lead to full system takeover.
CVE-2017-17919 SQL Injection in rails (CVE-2017-17919)
SQL injection in rails (CVE-2017-17919). Successful exploitation can lead to full system takeover.
CVE-2017-17917 SQL Injection in rails (CVE-2017-17917)
SQL injection in rails (CVE-2017-17917). Successful exploitation can lead to full system takeover.
CVE-2017-17916 SQL Injection in rails (CVE-2017-17916)
SQL injection in rails (CVE-2017-17916). Successful exploitation can lead to full system takeover.
CVE-2014-7813 Vulnerability in rails (CVE-2014-7813)
vulnerability in rails (CVE-2014-7813). Risk of unauthorized operations or information disclosure.
CVE-2017-11727 Cross-Site Scripting (XSS) in rails (CVE-2017-11727)
cross-site scripting in rails (CVE-2017-11727). Risk of unauthorized operations or information disclosure.
CVE-2017-11726 Cross-Site Request Forgery (CSRF) in rails (CVE-2017-11726)
vulnerability in rails (CVE-2017-11726). Successful exploitation can lead to full system takeover.
CVE-2017-9229 Vulnerability in oniguruma-project (CVE-2017-9229)
vulnerability in oniguruma-project (CVE-2017-9229). Risk of unauthorized operations or information disclosure.
CVE-2017-9228 Out-of-Bounds Write in oniguruma-project (CVE-2017-9228)
out-of-bounds write in oniguruma-project (CVE-2017-9228). Successful exploitation can lead to full system takeover.
CVE-2017-9227 Out-of-Bounds Read in oniguruma-project (CVE-2017-9227)
vulnerability in oniguruma-project (CVE-2017-9227). Successful exploitation can lead to full system takeover.
CVE-2017-9226 Out-of-Bounds Write in oniguruma-project (CVE-2017-9226)
out-of-bounds write in oniguruma-project (CVE-2017-9226). Successful exploitation can lead to full system takeover.
CVE-2017-9225 Out-of-Bounds Write in oniguruma-project (CVE-2017-9225)
out-of-bounds write in oniguruma-project (CVE-2017-9225). Successful exploitation can lead to full system takeover.
CVE-2017-9224 Out-of-Bounds Read in oniguruma-project (CVE-2017-9224)
vulnerability in oniguruma-project (CVE-2017-9224). Successful exploitation can lead to full system takeover.
CVE-2016-7798 Vulnerability in ruby-lang (CVE-2016-7798)
vulnerability in ruby-lang (CVE-2016-7798). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →