Known Vulnerabilities for Rails by Rubyonrails
Listed below are 10 of the newest known vulnerabilities associated with "Rails" by "Rubyonrails".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-44837 json | view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 ... | Not Provided | 2026-05-26 | 2026-05-28 |
| CVE-2026-44836 json | view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 ... | Not Provided | 2026-05-26 | 2026-05-27 |
| CVE-2026-44511 json | Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not... | Not Provided | 2026-05-14 | 2026-05-14 |
| CVE-2026-42205 json | Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerabil... | Not Provided | 2026-05-08 | 2026-05-12 |
| CVE-2026-40295 json | Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is e... | Not Provided | 2026-05-22 | 2026-05-26 |
| CVE-2026-33868 json | Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an u... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-33658 json | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-33168 json | Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.... | Not Provided | 2026-03-23 | 2026-03-24 |
| CVE-2024-0241 json | encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and... | Not Provided | 2024-01-04 | 2026-05-14 |
| CVE-2023-25015 json | Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | 6.5 - MEDIUM | 2023-02-02 | 2023-02-09 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rubyonrails | Rails | 6.1.2.1 | |||
| Application | Rubyonrails | Rails | 6.1.2 | |||
| Application | Rubyonrails | Rails | 6.1.1 | |||
| Application | Rubyonrails | Rails | 6.1.0 | |||
| Application | Rubyonrails | Rails | 6.1.0 | |||
| Application | Rubyonrails | Rails | 6.1.0 | |||
| Application | Rubyonrails | Rails | 6.0.4 | |||
| Application | Rubyonrails | Rails | 6.0.3.5 | |||
| Application | Rubyonrails | Rails | 6.0.3.4 | |||
| Application | Rubyonrails | Rails | 6.0.3.3 | |||
| Application | Rubyonrails | Rails | 6.0.3.2 | |||
| Application | Rubyonrails | Rails | 6.0.3.1 | |||
| Application | Rubyonrails | Rails | 6.0.3 | |||
| Application | Rubyonrails | Rails | 6.0.3 | |||
| Application | Rubyonrails | Rails | 6.0.2.2 | |||
| Application | Rubyonrails | Rails | 6.0.2.1 | |||
| Application | Rubyonrails | Rails | 6.0.2 | |||
| Application | Rubyonrails | Rails | 6.0.2 | |||
| Application | Rubyonrails | Rails | 6.0.2 | |||
| Application | Rubyonrails | Rails | 6.0.1 |