Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

https://github.com/rails/rails — Vulnerabilities & Security Advisories 30

All 30 CVE vulnerabilities found in https://github.com/rails/rails, with AI-generated Chinese analysis, references, and POCs.

This page provides vulnerability aggregation data for the Ruby on Rails framework, a popular open-source web application development tool. It collects reported security weaknesses affecting the Rails framework and its associated components, covering historical data and recent updates. Here, you can track vendor advisories from the Ruby on Rails team, understand specific weakness classes related to web application security, and look up the product’s vulnerability history. The information includes details on various Common Weakness Enumeration (CWE) categories, such as cross-site scripting, SQL injection, and remote code execution, which have been identified in the framework over time. This resource is intended for developers, security researchers, and system administrators seeking to assess the risk profile of the Rails framework. By reviewing the aggregated data, users can better understand the evolution of security issues within the product ecosystem. The page serves as a reference point for identifying patterns in reported vulnerabilities and evaluating the effectiveness of past security patches. It does not include real-time alerting or automated remediation suggestions, focusing instead on historical context and detailed descriptions of known issues. Readers can use this information to inform their security assessments and update their frameworks accordingly.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2023-22797 actionpack 输入验证错误漏洞 CWE-601 6.1 -2023-02-09
CVE-2023-22796 rubygem-activesupport 安全漏洞 CWE-400 7.5 -2023-02-09
CVE-2023-22794 rubygem-activerecord SQL注入漏洞 CWE-89 9.8 -2023-02-09
CVE-2023-22792 rubygem-actionpack 安全漏洞 CWE-400 7.5 -2023-02-09
CVE-2022-44566 rubygem-activerecord 安全漏洞 CWE-400 7.5 -2023-02-09
CVE-2023-22795 actionpack 安全漏洞 CWE-400 7.5 -2023-02-09
CVE-2022-32224 Rails 代码问题漏洞 CWE-502 9.8 -2022-12-05
CVE-2022-27777 Action View tag helpers 跨站脚本漏洞 CWE-79 6.1 -2022-05-26
CVE-2022-22577 Rails Action Pack 跨站脚本漏洞 CWE-79 6.1 -2022-05-26
CVE-2022-21831 Ruby on Rails 代码注入漏洞 CWE-94 9.8 -2022-05-26
CVE-2021-44528 Rails Action Pack 输入验证错误漏洞 CWE-601 6.1 -2022-01-07
CVE-2021-22942 Ruby on Rails 输入验证错误漏洞 CWE-601 6.1 -2021-10-18
CVE-2021-22904 Ruby 安全漏洞 CWE-400 7.5 -2021-06-11
CVE-2021-22903 Rails Action Pack 输入验证错误漏洞 CWE-601 6.1 -2021-06-11
CVE-2021-22902 Ruby 资源管理错误漏洞 CWE-400 7.5 -2021-06-11
CVE-2021-22885 Rails Action Pack 信息泄露漏洞 CWE-209 9.1 -2021-05-27
CVE-2021-22881 Rails Action Pack 输入验证错误漏洞 CWE-601 6.1 -2021-02-11
CVE-2021-22880 Postgresql PostgreSQL 资源管理错误漏洞 CWE-400 7.5 -2021-02-11
CVE-2020-8264 Rails 跨站脚本漏洞 CWE-79 6.1 -2021-01-06
CVE-2020-8166 Ruby on Rails 跨站请求伪造漏洞 CWE-352 4.3 -2020-07-02
CVE-2020-8163 Ruby on Rails 代码注入漏洞 CWE-94 8.8 -2020-07-02
CVE-2020-8185 Rails 资源管理错误漏洞 CWE-400 6.5 -2020-07-02
CVE-2020-8165 Ruby on Rails 代码问题漏洞 CWE-502 9.8 -2020-06-19
CVE-2020-8164 Ruby on Rails 代码问题漏洞 CWE-502 7.5 -2020-06-19
CVE-2020-8162 Ruby on Rails 代码问题漏洞 CWE-602 7.5 -2020-06-19
CVE-2019-5420 Ruby on Rails 安全特征问题漏洞 CWE-77 9.8 -2019-03-27
CVE-2019-5419 Rails 资源管理错误漏洞 CWE-400 7.5 -2019-03-27
CVE-2019-5418 Action View 信息泄露漏洞 CWE-22 7.5 -2019-03-27
CVE-2018-16477 Active Storage 访问控制错误漏洞 CWE-200 8.1 -2018-11-30
CVE-2018-16476 Active Job 代码问题漏洞 CWE-284 6.5 -2018-11-30

All 30 known CVE vulnerabilities affecting https://github.com/rails/rails with full Chinese analysis, references, and POCs where available.