Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Ruby on rails Number Of NVD 106 CRITICAL 3 HIGH 34 MEDIUM 68 LOW 1
URL https://rubyonrails.org/
Explanation This is the most famous framework in Ruby.
Its basic philosophy is "Don't Repeat Yourself" and "Convention over Configuration".
Model View Controller (MVC) is used.

The latest major release contains bug fixes and security fixes.
The previous major release contains security fixes.
Earlier major releases are no longer supported.

Serious security issues may be addressed outside of support.
Tag
  • MIT License
  • Ruby
Add Information URL
No Type Name URL
1 https://rubyonrails.org/
2 https://guides.rubyonrails.org/maintenance_policy.html
3 https://railslts.com/
4 https://railsguides.jp/maintenance_policy.html
5 https://weblog.rubyonrails.org/releases/
6 https://github.com/rails/rails
7 https://rubyonrails.org/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 Ruby on rails 7.0 7.0.8.4 June 4, 2024 Dec. 15, 2021 1 2 4 0
32 Ruby on rails 6.1 6.1.7.7 Feb. 21, 2024 Dec. 9, 2020 1 6 6 0
33 Ruby on rails 6.0 6.0.6.1 Jan. 17, 2023 Aug. 16, 2019 2 8 9 0
34 Ruby on rails 5.2 5.2.8.1 July 12, 2022 April 9, 2018 2 10 5 0
35 Ruby on Rails 5.1 5.1.7 March 27, 2019 April 27, 2017 April 9, 2018 April 9, 2018 2 11 4 0
36 Ruby on rails 5.0 5.0.7.2 March 11, 2019 June 30, 2016 April 27, 2017 April 27, 2017 2 15 7 1
37 Ruby on rails 4.2 4.2.11.3 May 15, 2020 Dec. 20, 2014 June 30, 2016 Aug. 16, 2019 2 17 9 1
38 Ruby on rails 4.1 4.1.16 July 12, 2016 April 8, 2014 Dec. 20, 2014 Dec. 20, 2014 2 17 12 1
39 Ruby on rails 4.0 4.0.13 Jan. 6, 2015 June 25, 2013 April 8, 2014 Dec. 20, 2014 2 17 14 1
40 Ruby on rails 3.2 3.2.2.25 2 16 31 0
41 Ruby on rails 3.1 3.1.9 2 16 35 0
42 Ruby on rails 3.0 3.0.9 2 20 37 0
43 Ruby on rails 2.3 2.3.9 2 14 29 0
44 Ruby on rails 2.2 2.2.3 2 12 22 0
45 Ruby on rails 2.1 2.1.2 2 13 24 0
46 Ruby on rails 2.0 2.0.5 2 13 22 0
47 Ruby on rails 1.9 1.9.5 2 11 17 0
48 Ruby on rails 1.2 1.2.6 2 11 17 0
49 Ruby on rails 1.1 1.1.6 2 13 17 0
50 Ruby on rails 1.0 1.0.0 2 12 16 0
51 Ruby on rails 0.9 0.9.5 2 12 16 0
52 Ruby on rails 0.14 0.14.4 2 12 16 0
53 Ruby on rails 0.13 0.13.1 2 12 16 0
54 Ruby on rails 0.12 0.12.1 2 12 16 0
55 Ruby on rails 0.11 0.11.1 2 12 16 0
56 Ruby on rails 0.10 0.10.1 2 12 16 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 6.5
4.3 		MEDIUM
Network 		A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in w… NVD-CWE-noinfo
CVE-2018-16477 cpe:2.3:a:rubyonrails:rails:*:* 5.2.0 5.2.1.1 2024-11-21 12:52
2018-12-1 		Show GitHub Exploit DB Packet Storm
32 8.1
6.8 		HIGH
Network 		SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this i… CWE-89
SQL Injection 		CVE-2017-17917 cpe:2.3:a:rubyonrails:rails:*:* 5.1.4 2024-11-21 12:18
2017-12-30 		Show GitHub Exploit DB Packet Storm
33 8.1
6.8 		HIGH
Network 		SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes th… CWE-89
SQL Injection 		CVE-2017-17916 cpe:2.3:a:rubyonrails:rails:*:* 5.1.4 2024-11-21 12:18
2017-12-30 		Show GitHub Exploit DB Packet Storm
34 7.5
5.0 		HIGH
Network 		Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote a… CWE-284
CWE-476
Improper Access Control
 NULL Pointer Dereference 		CVE-2016-6317 cpe:2.3:a:rubyonrails:rails:4.2.7:rc1
cpe:2.3:a:rubyonrails:rails:4.2.7:*
cpe:2.3:a:rubyonrails:rails:4.2.6:rc1 		2024-11-21 11:55
2016-09-8 		Show GitHub Exploit DB Packet Storm
35 6.1
4.3 		MEDIUM
Network 		Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or… CWE-79
Cross-site Scripting 		CVE-2016-6316 cpe:2.3:a:rubyonrails:rails:5.0.0:rc2
cpe:2.3:a:rubyonrails:rails:5.0.0:rc1
cpe:2.3:a:rubyonrails:rails:5.0.0:bet… 		2024-11-21 11:55
2016-09-8 		Show GitHub Exploit DB Packet Storm
36 7.3
7.5 		HIGH
Network 		Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of t… CWE-20
 Improper Input Validation  		CVE-2016-2098 cpe:2.3:a:rubyonrails:rails:4.2.5:rc2
cpe:2.3:a:rubyonrails:rails:4.2.5:rc1
cpe:2.3:a:rubyonrails:rails:4.2.5:* 		2024-11-21 11:47
2016-04-8 		Show GitHub Exploit DB Packet Storm
37 5.3
5.0 		MEDIUM
Network 		Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted u… CWE-22
Path Traversal 		CVE-2016-2097 cpe:2.3:a:rubyonrails:rails:4.1.9:rc1
cpe:2.3:a:rubyonrails:rails:4.1.8:*
cpe:2.3:a:rubyonrails:rails:4.1.7:*
 2024-11-21 11:47
2016-04-8 		Show GitHub Exploit DB Packet Storm
38 7.5
5.0 		HIGH
Network 		Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read … CWE-22
Path Traversal 		CVE-2016-0752 cpe:2.3:a:rubyonrails:rails:5.0.0:beta1
cpe:2.3:a:rubyonrails:rails:*:*
4.0.0
4.2.0



3.2.22.1
4.1.14.1
4.2.5.1 		2026-04-22 23:36
2016-02-16 		Show GitHub Exploit DB Packet Storm
39 5.3
5.0 		MEDIUM
Network 		Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers t… NVD-CWE-noinfo
CVE-2016-0753 cpe:2.3:a:rubyonrails:rails:5.0.0:beta1
cpe:2.3:a:rubyonrails:rails:*:* 		4.1.0
4.2.0

4.1.14.1
4.2.5.1 		2024-11-21 11:42
2016-02-16 		Show GitHub Exploit DB Packet Storm
40 7.5
5.0 		HIGH
Network 		actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly… CWE-399
 Resource Management Errors 		CVE-2016-0751 cpe:2.3:a:rubyonrails:rails:5.0.0:beta1
cpe:2.3:a:rubyonrails:rails:4.2.5:rc2
cpe:2.3:a:rubyonrails:rails:4.2.5:r… 		2024-11-21 11:42
2016-02-16 		Show GitHub Exploit DB Packet Storm