pkg:Debian/rails

142 total CVEsCRITICAL8HIGH33MEDIUM35LOW1

✅ Check your installed version

All known vulnerabilities

  • HIGH7.5CVE-2019-5418⚠ KEVrails - security update
    from 0, < 2:4.1.8-1+deb8u5
  • HIGH7.5CVE-2019-5418⚠ KEVrails - security update
    from 0, < 2:5.2.2.1+dfsg-1
  • HIGH7.5CVE-2016-0752⚠ KEVDirectory traversal vulnerability in Action View in Ruby on Rails
    from 0, < 2:4.2.5.1-1
  • CRITICAL9.8CVE-2026-33195Rails Active Storage has possible Path Traversal in DiskService
    from 0
  • CRITICAL9.8CVE-2022-32224Active Record RCE bug with Serialized Columns
    from 0, < 2:6.0.3.7+dfsg-2+deb11u5
  • CRITICAL9.8CVE-2022-21831Possible code injection vulnerability in Rails / Active Storage
    from 0, < 2:5.2.2.1+dfsg-1+deb10u4
  • CRITICAL9.8CVE-2022-21831Possible code injection vulnerability in Rails / Active Storage
    from 0, < 2:6.0.3.7+dfsg-2+deb11u1
  • CRITICAL9.8CVE-2020-8165ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
    from 0, < 2:5.2.4.3+dfsg-1
  • CRITICAL9.8CVE-2019-5420Use of Insufficiently Random Values in Railties Allows Remote Code Execution
    from 0, < 2:5.2.2.1+dfsg-1
  • CRITICAL9.8CVE-2009-2422rails vulnerable to improper authentication
    from 0, < 2.3.5-1
  • CRITICAL9.1CVE-2026-33202Rails Active Storage has possible glob injection in its DiskService
    from 0
  • HIGH8.8CVE-2023-22794SQL Injection Vulnerability via ActiveRecord comments
    from 0, < 2:6.0.3.7+dfsg-2+deb11u1
  • HIGH8.8CVE-2020-8163rails - security update
    from 0, < 2:4.2.7.1-1+deb9u3
  • HIGH8.8CVE-2020-8163rails - security update
    from 0, < 2:5.2.0+dfsg-2
  • HIGH8.1CVE-2017-17920SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL com…
    from 0
  • HIGH8.1CVE-2017-17919SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL comma…
    from 0
  • HIGH8.1CVE-2017-17917SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL comma…
    from 0
  • HIGH8.1CVE-2017-17916SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL com…
    from 0
  • HIGH7.5CVE-2026-33176Rails Active Support has a possible DoS vulnerability in its number helpers
    from 0
  • HIGH7.5CVE-2026-33174Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests
    from 0
  • HIGH7.5CVE-2023-22792ReDoS based DoS vulnerability in Action Dispatch
    from 0, < 2:6.0.3.7+dfsg-2+deb11u1
  • HIGH7.5CVE-2023-22796ReDoS based DoS vulnerability in Active Support's underscore
    from 0, < 2:6.0.3.7+dfsg-2+deb11u1
  • HIGH7.5CVE-2022-44566Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
    from 0, < 2:6.0.3.7+dfsg-2+deb11u3
  • HIGH7.5CVE-2022-44566Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
    from 0, < 2:6.0.3.7+dfsg-2+deb11u3
  • HIGH7.5CVE-2023-22795ReDoS based DoS vulnerability in Action Dispatch
    from 0, < 2:6.0.3.7+dfsg-2+deb11u1
  • HIGH7.5CVE-2021-22904Possible DoS Vulnerability in Action Controller Token Authentication
    from 0, < 2:6.0.3.7+dfsg-1
  • HIGH7.5CVE-2021-22885rails - security update
    from 0, < 2:4.2.7.1-1+deb9u5
  • HIGH7.5CVE-2021-22885rails - security update
    from 0, < 2:6.0.3.7+dfsg-1
  • HIGH7.5CVE-2021-22902Denial of Service in Action Dispatch
    from 0, < 2:6.0.3.7+dfsg-1
  • HIGH7.5CVE-2021-22880rails - security update
    from 0, < 2:5.2.2.1+dfsg-1+deb10u3
  • HIGH7.5CVE-2021-22880rails - security update
    from 0, < 2:6.0.3.5+dfsg-1
  • HIGH7.5CVE-2020-8162Circumvention of file size limits in ActiveStorage
    from 0, < 2:5.2.4.3+dfsg-1
  • HIGH7.5CVE-2020-8164rails - security update
    from 0, < 2:4.1.8-1+deb8u7
  • HIGH7.5CVE-2020-8164rails - security update
    from 0, < 2:5.2.4.3+dfsg-1
  • HIGH7.5CVE-2019-5419Denial of Service Vulnerability in Action View
    from 0, < 2:5.2.2.1+dfsg-1
  • HIGH7.5CVE-2018-16476Improper Access Control in activejob
    from 0, < 2:5.2.2+dfsg-1
  • HIGH7.5CVE-2015-7581actionpack is vulnerable to denial of service because of a wildcard controller route
    from 0, < 2:4.2.5.1-1
  • HIGH7.5CVE-2016-0751actionpack is vulnerable to denial of service via a crafted HTTP Accept header
    from 0, < 2:4.2.5.1-1
  • HIGH7.5CVE-2016-6317ActiveRecord in Ruby on Rails allows database-query bypass
    from 0, < 2:4.2.7.1-1
  • HIGH7.4CVE-2022-23633Exposure of information in Action Pack
    from 0, < 2:6.0.3.7+dfsg-2+deb11u1
  • HIGH7.3CVE-2016-2098actionpack allows remote code execution via application's unrestricted use of render method
    from 0, < 2:4.2.5.2-1
  • MEDIUM6.5CVE-2026-33658Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests
    from 0
  • MEDIUM6.5CVE-2020-8167CSRF Vulnerability in rails-ujs
    from 0, < 2:5.2.4.3+dfsg-1
  • MEDIUM6.5CVE-2010-3299The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
    from 0
  • MEDIUM6.5CVE-2018-16477Exposure of Sensitive Information to an Unauthorized Actor in activestorage
    from 0, < 2:5.2.2+dfsg-1
  • MEDIUM6.3CVE-2023-23913rails - security update
    from 0, < 2:6.0.3.7+dfsg-2+deb11u2
  • MEDIUM6.3CVE-2023-23913rails - security update
    from 0, < 2:6.0.3.7+dfsg-2+deb11u2
  • MEDIUM6.1CVE-2026-33170Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
    from 0
  • MEDIUM6.1CVE-2022-27777XSS Vulnerability in Action View tag helpers
    from 0, < 2:6.0.3.7+dfsg-2+deb11u1
  • MEDIUM6.1CVE-2022-22577Cross-site Scripting Vulnerability in Action Pack
    from 0, < 2:6.0.3.7+dfsg-2+deb11u1
  • MEDIUM6.1CVE-2021-44528actionpack Open Redirect in Host Authorization Middleware
    from 0, < 2:6.0.3.7+dfsg-2+deb11u1
  • MEDIUM6.1CVE-2021-22942rails - security update
    from 0, < 2:6.0.3.7+dfsg-2+deb11u1
  • MEDIUM6.1CVE-2021-22942rails - security update
    from 0, < 2:6.0.3.7+dfsg-2+deb11u1
  • MEDIUM6.1CVE-2020-8264Cross-site scripting in actionpack
    from 0, < 2:6.0.3.4+dfsg-1
  • MEDIUM6.1CVE-2021-22881Actionpack Open Redirect Vulnerability
    from 0, < 2:6.0.3.5+dfsg-1
  • MEDIUM6.1CVE-2016-6316rails - security update
    from 0, < 2:4.2.7.1-1
  • MEDIUM6.1CVE-2016-6316rails - security update
    from 0, < 2:4.1.8-1+deb8u4
  • MEDIUM5.5CVE-2023-38037Active Support Possibly Discloses Locally Encrypted Files
    from 0, < 2:6.0.3.7+dfsg-2+deb11u3
  • MEDIUM5.4CVE-2024-28103Action Pack is missing security headers on non-HTML responses
    from 0, < 2:6.1.7.10+dfsg-1~deb12u1
  • MEDIUM5.4CVE-2022-3704A vulnerability classified as problematic has been found in Ruby on Rails.
    from 0
  • MEDIUM5.4CVE-2020-15169XSS in Action View
    from 0, < 2:5.2.2.1+dfsg-1+deb10u2
  • MEDIUM5.4CVE-2020-15169XSS in Action View
    from 0, < 2:6.0.3.3+dfsg-1
  • MEDIUM5.4CVE-2020-15169XSS in Action View
    from 0, < 2:4.2.7.1-1+deb9u4
  • MEDIUM5.3CVE-2026-33173Rails Active Storage has possible content type bypass via metadata in direct uploads
    from 0
  • MEDIUM5.3CVE-2026-33169Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
    from 0
  • MEDIUM5.3CVE-2024-26144Possible Sensitive Session Information Leak in Active Storage
    from 0, < 2:6.1.7.10+dfsg-1~deb12u1
  • MEDIUM5.3CVE-2023-28120Possible XSS Security Vulnerability in SafeBuffer#bytesplice
    from 0, < 2:6.0.3.7+dfsg-2+deb11u2
  • MEDIUM5.3CVE-2015-7577ruby-activerecord-3.2 - security update
    from 0, < 2:4.2.5.1-1
  • MEDIUM5.3CVE-2016-2097rails - security update
    from 0, < 2:4.2.5.2-1
  • MEDIUM5.3CVE-2016-2097rails - security update
    from 0, < 2:4.1.8-1+deb8u2
  • MEDIUM5.3CVE-2016-0753ruby-activerecord-3.2 - security update
    from 0, < 2:4.2.5.1-1
  • MEDIUM4.8CVE-2020-5267Cross site scripting vulnerability in ActionView
    from 0, < 2:4.1.8-1+deb8u6
  • MEDIUM4.8CVE-2020-5267Cross site scripting vulnerability in ActionView
    from 0, < 2:5.2.4.1+dfsg-2
  • MEDIUM4.3CVE-2020-8166Ability to forge per-form CSRF tokens in Rails
    from 0, < 2:5.2.4.3+dfsg-1
  • MEDIUM4.0CVE-2023-28362rails - security update
    from 0, < 2:6.1.7.10+dfsg-1~deb12u1
  • MEDIUM4.0CVE-2023-28362rails - security update
    from 0, < 2:6.0.3.7+dfsg-2+deb11u3
  • LOW3.7CVE-2015-7576ruby-actionpack-3.2 - security update
    from 0, < 2:4.2.5.1-1
  • CVE-2026-33168Rails has a possible XSS vulnerability in its Action View tag helpers
    from 0
  • CVE-2025-24293Active Storage allowed transformation methods that were potentially unsafe
    from 0, < 2:6.0.3.7+dfsg-2+deb11u4
  • CVE-2025-24293Active Storage allowed transformation methods that were potentially unsafe
    from 0, < 2:6.1.7.10+dfsg-1~deb12u2
  • CVE-2025-24293Active Storage allowed transformation methods that were potentially unsafe
    from 0, < 2:6.0.3.7+dfsg-2+deb11u4
  • CVE-2025-55193Active Record logging vulnerable to ANSI escape injection
    from 0, < 2:6.0.3.7+dfsg-2+deb11u4
  • CVE-2024-54133Possible Content Security Policy bypass in Action Dispatch
    from 0, < 2:6.0.3.7+dfsg-2+deb11u3
  • CVE-2024-47889Action Mailer has possible ReDoS vulnerability in block_format
    from 0, < 2:6.0.3.7+dfsg-2+deb11u3
  • CVE-2024-47888Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node
    from 0, < 2:6.0.3.7+dfsg-2+deb11u3
  • CVE-2024-47887Action Controller has possible ReDoS vulnerability in HTTP Token authentication
    from 0, < 2:6.0.3.7+dfsg-2+deb11u3
  • CVE-2024-41128Action Dispatch has possible ReDoS vulnerability in query parameter filtering
    from 0, < 2:6.0.3.7+dfsg-2+deb11u3
  • CVE-2012-6497Authlogic Information Exposure vulnerability
    from 0, < 2.3.14.1
  • CVE-2013-3221Active Record component in Ruby on Rails has a data-type injection vulnerability
    from 0, < 2.3.14.1
  • CVE-2011-2932rails - several
    from 0, < 2.3.5-1.2+squeeze8
  • CVE-2006-4112Rails Denial of Service vulnerability
    from 0, < 1.1.6-1
  • CVE-2012-1098activesupport Cross-site Scripting vulnerability
    from 0, < 2.3.14
  • CVE-2012-1099rails - cross site scripting
    from 0, < 2.3.14
  • CVE-2011-2932rails - several
    from 0, < 2.3.14
  • CVE-2011-3187actionpack Improper Input Validation vulnerability
    from 0
  • CVE-2011-3186actionpack CRLF injection vulnerability
    from 0, < 2.3.14
  • CVE-2011-2930activerecord vulnerable to SQL Injection
    from 0, < 2.3.14
  • CVE-2011-2931actionpack Cross-site Scripting vulnerability
    from 0, < 2.3.14
  • CVE-2011-0447actionpack Cross-Site Request Forgery vulnerability
    from 0, < 2.3.11-0.1
  • CVE-2011-0446rails - several vulnerabilities
    from 0, < 2.3.11-0.1
  • CVE-2009-4214rails - several
    from 0, < 2.2.3-2
  • CVE-2009-3009rails - cross-site scripting
    from 0, < 2.2.3-1
  • CVE-2009-3086rails - several
    from 0, < 2.2.3-1
  • CVE-2008-7248Improper Input Validation in actionpack
    from 0, < 2.2.3-1
  • CVE-2008-5189rails is vulnerable to CRLF injection
    from 0, < 2.1.0-6
  • CVE-2009-3009rails - cross-site scripting
    from 0, < 2.1.0-7
  • CVE-2009-4214rails - several
    from 0, < 2.3.5-1.2+squeeze1
  • CVE-2011-0446rails - several vulnerabilities
    from 0, < 2.3.5-1.2+squeeze0.1
  • CVE-2009-3086rails - several
    from 0, < 2.1.0-7+lenny0.2
  • CVE-2012-1099rails - cross site scripting
    from 0, < 2.3.5-1.2+squeeze3
  • CVE-2008-4094Rails ActiveRecord gem vulnerable to SQL injection
    from 0, < 2.1.0-1
  • CVE-2007-5380Session fixation vulnerability in Rails
    from 0, < 1.2.5-1
  • CVE-2007-6077session fixation protection mechanism in cgi_process.rb in Rails
    from 0, < 1.2.6-1
  • CVE-2007-5379Moderate severity vulnerability that affects rails
    from 0, < 1.2.5-1
  • CVE-2007-3227Moderate severity vulnerability that affects rails
    from 0, < 1.2.5-1
  • CVE-2006-4111Ruby on Rails vulnerable to code injection
    from 0, < 1.1.5-1
  • CVE-2013-0156rails - insufficient input validation
    from 0, < 2.3.14.1
  • CVE-2013-0333rails - insufficient input validation
    from 0, < 2.3.14.1
  • CVE-2013-0277Active Record contains deserialization of arbitrary YAML
    from 0, < 2.3.14.1
  • CVE-2013-0276rails - several
    from 0, < 2.3.14.1
  • CVE-2013-1854Active Record Improper Input Validation
    from 0, < 2.3.14.1
  • CVE-2013-1857actionpack Cross-site Scripting vulnerability
    from 0, < 2.3.14.1
  • CVE-2013-1855actionpack Cross-site Scripting vulnerability
    from 0, < 2.3.14.1
  • CVE-2012-3464activesupport Cross-site Scripting vulnerability
    from 0, < 2.3.14.1
  • CVE-2012-6496rails - input validation error
    from 0, < 2.3.5-1.2+squeeze4
  • CVE-2013-0333rails - insufficient input validation
    from 0, < 2.3.5-1.2+squeeze6
  • CVE-2013-0156rails - insufficient input validation
    from 0, < 2.3.5-1.2+squeeze4.1
  • CVE-2013-0155rails - SQL query manipulation
    from 0, < 2.3.5-1.2+squeeze5
  • CVE-2013-0276rails - several
    from 0, < 2.3.5-1.2+squeeze7
  • CVE-2013-0155rails - SQL query manipulation
    from 0, < 2.3.14.1
  • CVE-2012-6496rails - input validation error
    from 0, < 2.3.14.1
  • CVE-2012-3465actionpack Cross-site Scripting vulnerability
    from 0, < 2.3.14.1
  • CVE-2015-3226rails - security update
    from 0, < 2:4.2.4-2
  • CVE-2014-3483Active Record contains SQL Injection via improper range quoting
    from 0, < 2:4.1.4-1
  • CVE-2014-3514Active Record subject to strong parameters protection bypass
    from 0, < 2:4.1.5-1
  • CVE-2014-3482ruby-activerecord-3.2 - security update
    from 0, < 2:4.1.4-1
  • CVE-2014-7829Directory traversal vulnerability in actionpack
    from 0, < 2:4.1.8-1
  • CVE-2015-3226rails - security update
    from 0, < 2:4.1.8-1+deb8u1
  • CVE-2015-3227ruby-activesupport-3.2 - security update
    from 0, < 2:4.2.4-2
  • CVE-2014-7818actionpack vulnerable to Path Traversal
    from 0, < 2:4.1.8-1
  • CVE-2014-0081ruby-actionpack-3.2 - security update
    from 0, < 2.3.14.1
  • CVE-2014-0082actionpack Improper Input Validation vulnerability
    from 0, < 2.3.14.1