EUVD-2026-31488

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

DEBIAN-CVE-2026-33168

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...

UBUNTU-CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

EUVD-2026-14622

Rails Active Support has a possible ReDoS vulnerability in numbertodelimited...

Rails 跨站脚本漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. Versions of Rails Active Support prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of...

Rails 安全漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. Security vulnerabilities exist in versions of Rails prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from the acceptance and persistence of arbitrary...

EUVD-2024-0663

Malicious code in bioql PyPI...

EUVD-2024-0589

Malicious code in bioql PyPI...

geminabox

It is an offensive tool for RubyGem hosting. The repository contains a simple RubyGem hosting system called Gem in a Box. It allows users to host their own RubyGems, and it includes features such as user authentication, gem versioning, and a web interface for browsing and downloading gems. The to...

ruby-dragonfly

This repository is an offensive tool for Ruby. It is a highly customizable gem for handling images and other attachments, and is already in use on thousands of websites. The tool is designed to generate image thumbnails in Rails and to manage attachments in web applications. It provides a range o...

Linux Distros Unpatched Vulnerability : CVE-2022-23634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version...

Rails 安全漏洞

Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. A security vulnerability exists in Rails. An attacker exploited the vulnerability to cause a denial of service on the system...

Rails 安全漏洞

Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. A security vulnerability exists in Rails. An attacker exploited the vulnerability to cause a denial of service on the system...

CVE-2024-26143

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...

CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

Rails Security Vulnerabilities

Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. A security vulnerability exists in Rails 7.0.0 and earlier versions, which stems from a cross-site scripting XSS vulnerability when using the Translation Helper in Action Controller...

Fedora: Security Advisory for rubygem-activesupport (FEDORA-2023-4f0bb4ff5e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rails Security Vulnerabilities

Rails is an open source web application framework based on the Ruby language from the Rails team in the United States. A security vulnerability exists in Rails that stems from the redirectto method in Rails that allows values to be supplied that contain characters that are not legal in the HTTP...