Software
rubygems/actiontextActionText ContentAttachment can Contain Unsanitized HTML
rubygems/actionpackAction Pack is missing security headers on non-HTML responses
Actionpack Project ActionpackAn open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redire…
Rubyonrails RailsA specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a sta…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Rubyonrails RailsA regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Sp…
Rubyonrails GlobalidThere is a possible DoS vulnerability in the model name parsing section of the GlobalID gem. Careful…
redhat/rubygem-rails-html-sanitizerPossible XSS vulnerability with certain configurations of rails-html-sanitizer
redhat/rubygem-rails-html-sanitizerImproper neutralization of data URIs allows XSS in rails-html-sanitizer
redhat/rubygem-rails-html-sanitizerInefficient Regular Expression Complexity in rails-html-sanitizer
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/rubygem-rails-html-sanitizerrails-html-sanitizer contains an incomplete fix for an XSS vulnerability
Rubyonrails RailsRuby on Rails _table.html.erb cross site scripting
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
rubygems/actionpackExposure of sensitive information in Action Pack
Rubyonrails RailsInformation Exposure when using Puma with Rails
Rubyonrails RailsA open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
debian/railsA possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 …
Rubyonrails RailsThe actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Speciall…
rubygems/actionpackA flaw was found in RubyGem Actionpack which is framework for handling and responding to web request…
rubygems/actionpackA flaw was found in RubyGem Actionpack which is framework for handling and responding to web request…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
rubygems/activerecord-session_storeThe activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on…
Rubyonrails RailsCVE-2021-22881
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Rubyonrails RailsA denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any…
Debian Debian LinuxA deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which c…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Debian Debian LinuxA deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that…
redhat/rubygem-actionviewPossible XSS vulnerability in ActionView
Debian Debian LinuxThe encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Rubyonrails RailsA Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft us…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.