70 Total advisories
70 Vulnerabilities
0 Malware
Vulnerabilities
MEDIUM 6.1
CVE-2024-26143
Rails has possible XSS Vulnerability in Action Controller
UNKNOWN
CVE-2026-33167
Rails has a possible XSS vulnerability in its Action Pack debug exceptions
MEDIUM 4.3
CVE-2020-8166
Ability to forge per-form CSRF tokens in Rails
HIGH 7.4
CVE-2022-23633
Exposure of information in Action Pack
HIGH 7.5
CVE-2014-0130
actionpack Path Traversal vulnerability
HIGH 7.5
CVE-2016-0752
Directory traversal vulnerability in Action View in Ruby on Rails
MEDIUM 5.4
CVE-2024-28103
Missing security headers in Action Pack on non-HTML responses
MEDIUM 4.0
CVE-2023-28362
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
UNKNOWN
CVE-2009-3009
Cross site scripting that affects rails
UNKNOWN
CVE-2023-22795
ReDoS based DoS vulnerability in Action Dispatch
UNKNOWN
CVE-2024-54133
Possible Content Security Policy bypass in Action Dispatch
UNKNOWN
CVE-2023-22792
ReDoS based DoS vulnerability in Action Dispatch
UNKNOWN
CVE-2012-3424
actionpack Improper Authentication vulnerability
UNKNOWN
CVE-2012-2660
Action Pack contains database-query restrictions bypass
UNKNOWN
CVE-2012-3465
actionpack Cross-site Scripting vulnerability
UNKNOWN
CVE-2012-2694
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
MEDIUM 6.1
CVE-2011-1497
Cross site scripting in actionpack Rubygem
UNKNOWN
CVE-2024-26142
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
UNKNOWN
CVE-2014-0081
Rails vulnerable to Cross-site Scripting
UNKNOWN
CVE-2008-7248
Improper Input Validation in actionpack
UNKNOWN
CVE-2011-0447
actionpack Cross-Site Request Forgery vulnerability
UNKNOWN
CVE-2011-2197
rails Cross-site Scripting vulnerability
UNKNOWN
CVE-2011-4319
Cross-site Scripting vulnerability in i18n translations helper method
UNKNOWN
CVE-2011-3186
actionpack CRLF injection vulnerability
UNKNOWN
CVE-2013-6416
actionpack Cross-site Scripting vulnerability
UNKNOWN
GHSA-23v3-qfrj-wmgh
Moderate severity vulnerability that affects actionpack
UNKNOWN
GHSA-qf5x-qgx7-437h
Moderate severity vulnerability that affects actionpack
UNKNOWN
GHSA-vwfg-qj3r-6v3r
Moderate severity vulnerability that affects actionpack
UNKNOWN
CVE-2014-0082
actionpack Improper Input Validation vulnerability
UNKNOWN
GHSA-hx46-vwmx-wx95
High severity vulnerability that affects actionpack
UNKNOWN
GHSA-544j-77x9-h938
Moderate severity vulnerability that affects actionpack
UNKNOWN
GHSA-5xmj-wm96-fmw8
Moderate severity vulnerability that affects actionpack
UNKNOWN
GHSA-m53f-rhq8-q6hf
Moderate severity vulnerability that affects actionpack
UNKNOWN
CVE-2013-1857
actionpack Cross-site Scripting vulnerability
UNKNOWN
CVE-2013-0156
actionpack Improper Input Validation vulnerability
UNKNOWN
CVE-2012-3463
actionpack Cross-site Scripting vulnerability
HIGH 7.5
CVE-2016-0751
actionpack is vulnerable to denial of service via a crafted HTTP Accept header
UNKNOWN
CVE-2011-2929
actionpack Improper Input Validation vulnerability
UNKNOWN
CVE-2013-4491
actionpack vulnerable to Cross-site Scripting
UNKNOWN
CVE-2013-1855
actionpack Cross-site Scripting vulnerability
UNKNOWN
CVE-2013-6415
actionpack vulnerable to Cross-site Scripting
UNKNOWN
CVE-2011-0449
actionpack allows remote attackers to bypass intended access restrictions
UNKNOWN
CVE-2011-2931
actionpack Cross-site Scripting vulnerability
UNKNOWN
CVE-2013-6414
actionpack Improper Input Validation vulnerability
UNKNOWN
CVE-2014-7818
actionpack vulnerable to Path Traversal
HIGH 7.5
CVE-2015-7581
actionpack is vulnerable to denial of service because of a wildcard controller route
UNKNOWN
CVE-2012-1099
Cross-site Scripting in actionpack
UNKNOWN
CVE-2014-7829
Directory traversal vulnerability in actionpack
UNKNOWN
CVE-2011-3187
actionpack Improper Input Validation vulnerability
LOW 3.7
CVE-2015-7576
actionpack is vulnerable to remote bypass authentication
UNKNOWN
CVE-2013-6417
actionpack allows bypass of database-query restrictions
UNKNOWN
CVE-2009-3086
actionpack and activesupport vulnerable to information leaks
UNKNOWN
CVE-2011-0446
Rails actionpack gem vulnerable to Cross-site Scripting
UNKNOWN
CVE-2024-41128
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
UNKNOWN
CVE-2024-47887
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
LOW 3.5
GHSA-9chr-4fjh-5rgw
Cross-site Scripting in actionpack
MEDIUM 6.1
CVE-2021-44528
actionpack Open Redirect in Host Authorization Middleware
MEDIUM 6.5
CVE-2020-8185
Untrusted users can run pending migrations in production in Rails
MEDIUM 5.3
CVE-2016-2097
actionview contains Path Traversal vulnerability
HIGH 7.5
CVE-2021-22885
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
MEDIUM 6.1
CVE-2021-22942
Open Redirect in ActionPack
MEDIUM 6.1
CVE-2021-22881
Actionpack Open Redirect Vulnerability
HIGH 7.3
CVE-2016-2098
actionpack allows remote code execution via application's unrestricted use of render method
MEDIUM 6.1
CVE-2022-22577
Cross-site Scripting Vulnerability in Action Pack
MEDIUM 6.1
CVE-2023-22797
Open Redirect Vulnerability in Action Pack
HIGH 7.5
CVE-2021-22902
Denial of Service in Action Dispatch
HIGH 7.5
CVE-2021-22904
Possible DoS Vulnerability in Action Controller Token Authentication
MEDIUM 6.1
CVE-2021-22903
Possible Open Redirect Vulnerability in Action Pack
HIGH 7.5
CVE-2020-8164
Possible Strong Parameters Bypass in ActionPack
MEDIUM 6.1
CVE-2020-8264
Cross-site scripting in actionpack
Ready to move
Start Securing
Free, no credit card | First findings in minutes