pkg:RubyGems/activesupport

All known vulnerabilities

• CRITICAL9.8CVE-2020-8165ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
  >= 5.0.0, < 5.2.4.3
• HIGH7.5CVE-2026-33176Rails Active Support has a possible DoS vulnerability in its number helpers
  >= 8.1.0.beta1, < 8.1.2.1
• HIGH7.5CVE-2023-22796ReDoS based DoS vulnerability in Active Support's underscore
  from 0, < 6.1.7.1
• MEDIUM6.1CVE-2026-33170Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
  >= 8.1.0.beta1, < 8.1.2.1
• MEDIUM5.5CVE-2023-38037Active Support Possibly Discloses Locally Encrypted Files
  >= 5.2.0, < 6.1.7.5
• MEDIUM5.3CVE-2026-33169Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
  >= 8.1.0.beta1, < 8.1.2.1
• MEDIUM5.3CVE-2023-28120Possible XSS Security Vulnerability in SafeBuffer#bytesplice
  >= 7.0.0, < 7.0.4.3
• —CVE-2009-3086rails - several
  >= 2.1.0, < 2.2.3
• —CVE-2011-2932rails - several
  >= 2.0.0, < 2.3.13
• —CVE-2009-3009rails - cross-site scripting
  >= 2.0.0, < 2.2.3
• —CVE-2011-2197rails Cross-site Scripting vulnerability
  >= 2.0.0, < 2.3.12
• —CVE-2012-1098activesupport Cross-site Scripting vulnerability
  >= 3.0.0, < 3.0.12
• —CVE-2013-1856activesupport Improper Input Validation vulnerability
  >= 3.0.0, < 3.1.12
• —CVE-2013-0333rails - insufficient input validation
  >= 2.3.2, < 2.3.16
• —CVE-2012-3464activesupport Cross-site Scripting vulnerability
  >= 3.0.0.beta, < 3.0.17
• —CVE-2015-3226rails - security update
  >= 4.1.0, < 4.1.11
• —CVE-2015-3227ruby-activesupport-3.2 - security update
  >= 4.0.0.beta1, < 4.1.11