Activestorage
This hub aggregates every CVE we track for Activestorage, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
9
CVEs tracked
3
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM4CRITICAL3HIGH2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
5
0
0
0
2024-072026-06
Latest CVEs
The 9 most recently published vulnerabilities affecting Activestorage.
- CVE-2026-33658Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests6.5
- CVE-2026-33202Rails Active Storage has possible glob injection in its DiskService9.1
- CVE-2026-33195Rails Active Storage has possible Path Traversal in DiskService9.8
- CVE-2026-33174Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests7.5
- CVE-2026-33173Rails Active Storage has possible content type bypass via metadata in direct uploads5.3
- CVE-2024-26144Possible Sensitive Session Information Leak in Active Storage5.3
- CVE-2022-21831A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.9.8
- CVE-2020-8162A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be...7.5
- CVE-2018-16477A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in...6.5
Product normalization is registry-driven with AI assist and human review. How it works