✅ Check your installed version
All known vulnerabilities
CRITICAL9.8CVE-2022-32224Active Record RCE bug with Serialized Columns >= 7.0.0, < 7.0.3.1
HIGH8.8CVE-2023-22794SQL Injection Vulnerability via ActiveRecord comments >= 6.0.0, < 6.0.6.1
HIGH7.5CVE-2022-44566Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter from 0, < 6.1.7.1
>= 5.0.0, < 5.2.4.5
HIGH7.5CVE-2016-6317ActiveRecord in Ruby on Rails allows database-query bypass >= 4.2.0, < 4.2.7.1
>= 3.1.0, < 3.2.22.1
—CVE-2025-55193Active Record logging vulnerable to ANSI escape injection >= 8.0, < 8.0.2.1
—CVE-2013-3221Active Record component in Ruby on Rails has a data-type injection vulnerability from 0, < 4.2.0
—CVE-2010-3933Rails activerecord gem has Improper Input Validation vulnerability >= 2.3.9, < 2.3.10
>= 3.0.0.beta, < 3.0.14
—CVE-2012-2661Active Record vulnerable to SQL Injection via nested query parameters >= 3.0.0, < 3.0.13
>= 2.0.0, < 2.3.13
>= 3.0.0, < 3.0.4
from 0, < 2.1.1
>= 2.3.0, < 2.3.18
>= 3.0.0.beta, < 3.0.18
—CVE-2013-0277Active Record contains deserialization of arbitrary YAML from 0, < 2.3.17
>= 3.0.0, < 3.0.19
from 0, < 2.3.17
>= 2.0.0, < 3.2.19
—CVE-2014-3483Active Record contains SQL Injection via improper range quoting >= 4.0.0, < 4.0.7
—CVE-2014-3514Active Record subject to strong parameters protection bypass >= 4.0.0, < 4.0.9
>= 4.0.0, < 4.0.3