rubyonrails

Top products

The 15 most recently published vulnerabilities affecting rubyonrails.

• CVE-2026-33658Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests6.5Mar 26, 2026
• CVE-2026-33202Rails Active Storage has possible glob injection in its DiskService9.1Mar 23, 2026
• CVE-2026-33195Rails Active Storage has possible Path Traversal in DiskService9.8Mar 23, 2026
• CVE-2026-33176Rails Active Support has a possible DoS vulnerability in its number helpers7.5Mar 23, 2026
• CVE-2026-33174Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests7.5Mar 23, 2026
• CVE-2026-33173Rails Active Storage has possible content type bypass via metadata in direct uploads5.3Mar 23, 2026
• CVE-2026-33170Rails Active Support has a possible XSS vulnerability in SafeBuffer#%6.1Mar 23, 2026
• CVE-2026-33169Rails Active Support has a possible ReDoS vulnerability in number_to_delimited5.3Mar 23, 2026
• CVE-2025-54314Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are contro...2.8Jul 20, 2025
• CVE-2024-53985Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.06.1Dec 2, 2024
• CVE-2024-53987Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.06.1Dec 2, 2024
• CVE-2024-53986Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.06.1Dec 2, 2024
• CVE-2024-53988Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.06.1Dec 2, 2024
• CVE-2024-53989Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.06.1Dec 2, 2024
• CVE-2024-32464ActionText ContentAttachment can Contain Unsanitized HTML6.1Jun 4, 2024