Actionview
This hub aggregates every CVE we track for Actionview, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
13
CVEs tracked
0
Critical
4
High
2
In CISA KEV
Severity distribution
MEDIUM9HIGH4
Monthly trend
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
2024-072026-06
Latest CVEs
The 13 most recently published vulnerabilities affecting Actionview.
- CVE-2026-33168Rails has a possible XSS vulnerability in its Action View tag helpers6.5
- CVE-2023-23913There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potent...6.3
- CVE-2022-27777A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.6.1
- CVE-2020-15169XSS in Action View5.4
- CVE-2020-8163The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.8.8
- CVE-2020-8167A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.6.5
- CVE-2020-5267Possible XSS vulnerability in ActionView4.0
- CVE-2019-5419There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu a...7.5
- CVE-2019-5418There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the ta...KEV7.5
- CVE-2016-6316Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script ...6.1
- CVE-2016-2097Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted...5.3
- CVE-2016-0752Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to rea...KEV7.5
- CVE-2011-0446Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject ar...4.3
Product normalization is registry-driven with AI assist and human review. How it works