Known Vulnerabilities for Rails by Rubyonrails
Listed below are 10 of the newest known vulnerabilities associated with "Rails" by "Rubyonrails".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33868 json | Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an u... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-33658 json | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-33168 json | Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.... | Not Provided | 2026-03-23 | 2026-03-24 |
| CVE-2023-25015 json | Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | 6.5 - MEDIUM | 2023-02-02 | 2023-02-09 |
| CVE-2023-22797 json | An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect... | 6.1 - MEDIUM | 2023-02-09 | 2023-02-21 |
| CVE-2023-22795 json | A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A ... | 7.5 - HIGH | 2023-02-09 | 2024-02-02 |
| CVE-2023-22792 json | A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, ... | 7.5 - HIGH | 2023-02-09 | 2024-02-02 |
| CVE-2022-23634 json | Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on ... | 5.9 - MEDIUM | 2022-02-11 | 2023-11-07 |
| CVE-2022-23633 json | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not ... | 5.9 - MEDIUM | 2022-02-11 | 2024-01-19 |
| CVE-2022-3704 json | ** DISPUTED ** A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the... | 5.4 - MEDIUM | 2022-10-26 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rubyonrails | Rails | 6.1.2.1 | |||
| Application | Rubyonrails | Rails | 6.1.2 | |||
| Application | Rubyonrails | Rails | 6.1.1 | |||
| Application | Rubyonrails | Rails | 6.1.0 | |||
| Application | Rubyonrails | Rails | 6.1.0 | |||
| Application | Rubyonrails | Rails | 6.1.0 | |||
| Application | Rubyonrails | Rails | 6.0.4 | |||
| Application | Rubyonrails | Rails | 6.0.3.5 | |||
| Application | Rubyonrails | Rails | 6.0.3.4 | |||
| Application | Rubyonrails | Rails | 6.0.3.3 | |||
| Application | Rubyonrails | Rails | 6.0.3.2 | |||
| Application | Rubyonrails | Rails | 6.0.3.1 | |||
| Application | Rubyonrails | Rails | 6.0.3 | |||
| Application | Rubyonrails | Rails | 6.0.3 | |||
| Application | Rubyonrails | Rails | 6.0.2.2 | |||
| Application | Rubyonrails | Rails | 6.0.2.1 | |||
| Application | Rubyonrails | Rails | 6.0.2 | |||
| Application | Rubyonrails | Rails | 6.0.2 | |||
| Application | Rubyonrails | Rails | 6.0.2 | |||
| Application | Rubyonrails | Rails | 6.0.1 |