pkg:RubyGems/devise

6 total CVEsCRITICAL1HIGH1MEDIUM3

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2019-5421devise Time-of-check Time-of-use Race Condition vulnerability
    from 0, < 4.6.0
  • HIGH7.5CVE-2015-8314Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
    from 0, < 3.5.4
  • MEDIUM6.1CVE-2026-40295Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler
    from 0, < 5.0.4
  • MEDIUM5.3CVE-2026-32700Devise has a confirmable "change email" race condition permits user to confirm email they have no access to
    from 0, < 5.0.3
  • MEDIUM5.3CVE-2019-16109Authentication Bypass in Devise
    from 0, < 4.7.1
  • CVE-2013-0233Devise does not properly perform type conversion when performing database queries
    >= 2.2.0, < 2.2.3