14 matches found
EUVD-2026-31972
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...
CVE-2026-44836 view_component: Preview Route Can Dispatch Inherited Helper Methods
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...
CVE-2026-44837
creationtimestamp| type| source ---|---|--- 2026-05-05 20:34:03+00:00| published-proof-of-concept| https://github.com/ViewComponent/viewcomponent/security/advisories/GHSA-hg3h-g7xc-f7vp...
Insecure Inherited Permissions
Overview Affected versions of this package are vulnerable to Insecure Inherited Permissions when handling public methods on ViewComponent::Preview, which are treated as reachable even if the methods are not explicitly allowed, in renderwithtemplate. An attacker can render internal Rails templates...
EUVD-2022-1407
Malicious code in bioql PyPI...
CVE-2022-24722
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an...
ViewComponent Cross-Site Scripting Vulnerability
ViewComponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. A cross-site scripting vulnerability exists in ViewComponent versions prior to 3.9.0, which stems from a cross-site scripting XSS vulnerability in the viewcomponent-gem component...
VIewComponent Cross-Site Scripting Vulnerability
VIewComponent is a framework for building reusable, testable and encapsulated view components in Ruby on Rails. VIewComponent suffers from a cross-site scripting vulnerability that stems from data received via user input and passed as interpolated parameters to the translat method not being clean...
CVE-2022-24722
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an...
Cross site scripting
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an...
CVE-2022-24722 Cross-site Scripting in view_component
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an...
CVE-2022-24722
CVE-2022-24722 affects the view_component gem for Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability where user input interpolated into translate is not properly sanitized before display. Mitigations are available in version 2.31.2 and 2.49.1. Workarou...
CVE-2022-24722 Cross-site Scripting in view_component
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an...
XSS via `translate` method of `ViewComponent::Translatable` in view_component gem
This is an XSS vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an interpolation argument to the translate method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released...