Known Vulnerabilities for Rails by Rubyonrails
Listed below are 10 of the newest known vulnerabilities associated with "Rails" by "Rubyonrails".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33868 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an u... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-33658 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2022-23634 | Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on ... | 5.9 - MEDIUM | 2022-02-11 | 2023-11-07 |
| CVE-2022-23633 | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not ... | 5.9 - MEDIUM | 2022-02-11 | 2024-01-19 |
| CVE-2021-22942 | A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attacker... | 6.1 - MEDIUM | 2021-10-18 | 2024-02-02 |
| CVE-2021-22904 | The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in th... | 7.5 - HIGH | 2021-06-11 | 2021-09-20 |
| CVE-2021-22903 | The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in... | 6.1 - MEDIUM | 2021-06-11 | 2021-10-21 |
| CVE-2021-22902 | The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers fr... | 7.5 - HIGH | 2021-06-11 | 2021-08-18 |
| CVE-2021-22885 | A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirec... | 7.5 - HIGH | 2021-05-27 | 2022-04-06 |
| CVE-2021-22881 | The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Special... | 6.1 - MEDIUM | 2021-02-11 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rubyonrails | Rails | 6.1.2.1 | All | All | All |
| Application | Rubyonrails | Rails | 6.1.2 | All | All | All |
| Application | Rubyonrails | Rails | 6.1.1 | All | All | All |
| Application | Rubyonrails | Rails | 6.1.0 | - | All | All |
| Application | Rubyonrails | Rails | 6.1.0 | rc1 | All | All |
| Application | Rubyonrails | Rails | 6.1.0 | rc2 | All | All |
| Application | Rubyonrails | Rails | 6.0.4 | All | All | All |
| Application | Rubyonrails | Rails | 6.0.3.5 | All | All | All |
| Application | Rubyonrails | Rails | 6.0.3.4 | All | All | All |
| Application | Rubyonrails | Rails | 6.0.3.3 | All | All | All |
| Application | Rubyonrails | Rails | 6.0.3.2 | All | All | All |
| Application | Rubyonrails | Rails | 6.0.3.1 | All | All | All |
| Application | Rubyonrails | Rails | 6.0.3 | - | All | All |
| Application | Rubyonrails | Rails | 6.0.3 | rc1 | All | All |
| Application | Rubyonrails | Rails | 6.0.2.2 | All | All | All |
| Application | Rubyonrails | Rails | 6.0.2.1 | All | All | All |
| Application | Rubyonrails | Rails | 6.0.2 | - | All | All |
| Application | Rubyonrails | Rails | 6.0.2 | rc1 | All | All |
| Application | Rubyonrails | Rails | 6.0.2 | rc2 | All | All |
| Application | Rubyonrails | Rails | 6.0.1 | - | All | All |