Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Rails — Vulnerabilities & Security Advisories 45

Browse all 45 CVE security advisories affecting Rails. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Rails:railsrails-html-sanitizeractivestorageActiveSupporthttps://github.com/rails/railsactionviewAction PackKredis JSONRackrails-ujsactionpack
CVE IDTitleCVSSSeverityPublished
CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage — railsCWE-200 5.3 Medium2024-02-27
CVE-2024-26143 Rails Possible XSS Vulnerability in Action Controller — railsCWE-79 6.1 Medium2024-02-27
CVE-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch — railsCWE-1333 7.5 High2024-02-27
CVE-2022-23520 rails-html-sanitizer contains an incomplete fix for an XSS vulnerability — rails-html-sanitizerCWE-79 6.1 Medium2022-12-14
CVE-2022-23519 Possible XSS vulnerability with certain configurations of rails-html-sanitizer — rails-html-sanitizerCWE-79 7.2 High2022-12-14
CVE-2022-23518 Improper neutralization of data URIs allows XSS in rails-html-sanitizer — rails-html-sanitizerCWE-79 6.1 -2022-12-14
CVE-2022-23517 Inefficient Regular Expression Complexity in rails-html-sanitizer — rails-html-sanitizerCWE-1333 7.5 High2022-12-14
CVE-2022-23633 Exposure of sensitive information in Action Pack — railsCWE-200 7.4 High2022-02-11
CVE-2020-15169 XSS in Action View — actionviewCWE-79 5.4 Medium2020-09-11
CVE-2020-5267 Possible XSS vulnerability in ActionView — actionviewCWE-80 4.0 Medium2020-03-19
CVE-2010-3299 Ruby on Rails 安全漏洞 — rails 5.3 -2019-11-12
CVE-2019-5420 Ruby on Rails 安全特征问题漏洞 — https://github.com/rails/railsCWE-77 9.8 -2019-03-27
CVE-2019-5419 Rails 资源管理错误漏洞 — https://github.com/rails/railsCWE-400 7.5 -2019-03-27
CVE-2019-5418 Action View 信息泄露漏洞 — https://github.com/rails/railsCWE-22 7.5 -2019-03-27
CVE-2018-3741 rails-html-sanitizer gem for Ruby 跨站脚本漏洞 — rails-html-sanitizerCWE-79 6.1 -2018-03-30

This page lists every published CVE security advisory associated with Rails. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.