rails
OSS Librariesoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting rails.
- CVE-2026-33658Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests6.5
- CVE-2026-33202Rails Active Storage has possible glob injection in its DiskService9.1
- CVE-2026-33195Rails Active Storage has possible Path Traversal in DiskService9.8
- CVE-2026-33176Rails Active Support has a possible DoS vulnerability in its number helpers7.5
- CVE-2026-33174Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests7.5
- CVE-2026-33173Rails Active Storage has possible content type bypass via metadata in direct uploads5.3
- CVE-2026-33170Rails Active Support has a possible XSS vulnerability in SafeBuffer#%6.1
- CVE-2026-33169Rails Active Support has a possible ReDoS vulnerability in number_to_delimited5.3
- CVE-2026-33168Rails has a possible XSS vulnerability in its Action View tag helpers6.5
- CVE-2023-38037ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's ...5.5
- CVE-2023-28120There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.5.3
- CVE-2023-28362The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC com...4.0
- CVE-2023-27539There is a denial of service vulnerability in the header parsing component of Rack.5.3
- CVE-2023-27531There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code5.3
- CVE-2023-23913There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potent...6.3