Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Ruby on rails Number Of NVD 106 CRITICAL 3 HIGH 34 MEDIUM 68 LOW 1
URL https://rubyonrails.org/
Explanation This is the most famous framework in Ruby.
Its basic philosophy is "Don't Repeat Yourself" and "Convention over Configuration".
Model View Controller (MVC) is used.

The latest major release contains bug fixes and security fixes.
The previous major release contains security fixes.
Earlier major releases are no longer supported.

Serious security issues may be addressed outside of support.
Tag
  • MIT License
  • Ruby
Add Information URL
No Type Name URL
1 https://rubyonrails.org/
2 https://guides.rubyonrails.org/maintenance_policy.html
3 https://railslts.com/
4 https://railsguides.jp/maintenance_policy.html
5 https://weblog.rubyonrails.org/releases/
6 https://github.com/rails/rails
7 https://rubyonrails.org/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
41 Ruby on rails 7.0 7.0.8.4 June 4, 2024 Dec. 15, 2021 1 2 4 0
42 Ruby on rails 6.1 6.1.7.7 Feb. 21, 2024 Dec. 9, 2020 1 6 6 0
43 Ruby on rails 6.0 6.0.6.1 Jan. 17, 2023 Aug. 16, 2019 2 8 9 0
44 Ruby on rails 5.2 5.2.8.1 July 12, 2022 April 9, 2018 2 10 5 0
45 Ruby on Rails 5.1 5.1.7 March 27, 2019 April 27, 2017 April 9, 2018 April 9, 2018 2 11 4 0
46 Ruby on rails 5.0 5.0.7.2 March 11, 2019 June 30, 2016 April 27, 2017 April 27, 2017 2 15 7 1
47 Ruby on rails 4.2 4.2.11.3 May 15, 2020 Dec. 20, 2014 June 30, 2016 Aug. 16, 2019 2 17 9 1
48 Ruby on rails 4.1 4.1.16 July 12, 2016 April 8, 2014 Dec. 20, 2014 Dec. 20, 2014 2 17 12 1
49 Ruby on rails 4.0 4.0.13 Jan. 6, 2015 June 25, 2013 April 8, 2014 Dec. 20, 2014 2 17 14 1
50 Ruby on rails 3.2 3.2.2.25 2 16 31 0
51 Ruby on rails 3.1 3.1.9 2 16 35 0
52 Ruby on rails 3.0 3.0.9 2 20 37 0
53 Ruby on rails 2.3 2.3.9 2 14 29 0
54 Ruby on rails 2.2 2.2.3 2 12 22 0
55 Ruby on rails 2.1 2.1.2 2 13 24 0
56 Ruby on rails 2.0 2.0.5 2 13 22 0
57 Ruby on rails 1.9 1.9.5 2 11 17 0
58 Ruby on rails 1.2 1.2.6 2 11 17 0
59 Ruby on rails 1.1 1.1.6 2 13 17 0
60 Ruby on rails 1.0 1.0.0 2 12 16 0
61 Ruby on rails 0.9 0.9.5 2 12 16 0
62 Ruby on rails 0.14 0.14.4 2 12 16 0
63 Ruby on rails 0.13 0.13.1 2 12 16 0
64 Ruby on rails 0.12 0.12.1 2 12 16 0
65 Ruby on rails 0.11 0.11.1 2 12 16 0
66 Ruby on rails 0.10 0.10.1 2 12 16 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
41 7.5
5.0 		HIGH
Network 		actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous c… CWE-399
 Resource Management Errors 		CVE-2015-7581 cpe:2.3:a:rubyonrails:rails:5.0.0:beta1
cpe:2.3:a:rubyonrails:rails:4.2.5:*
cpe:2.3:a:rubyonrails:rails:4.2.4:* 		2024-11-21 11:37
2016-02-16 		Show GitHub Exploit DB Packet Storm
42 5.3
5.0 		MEDIUM
Network 		activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta… CWE-284
Improper Access Control 		CVE-2015-7577 cpe:2.3:a:rubyonrails:rails:5.0.0:beta1
cpe:2.3:a:rubyonrails:rails:4.2.5:rc2
cpe:2.3:a:rubyonrails:rails:4.2.5:r… 		2024-11-21 11:37
2016-02-16 		Show GitHub Exploit DB Packet Storm
43 3.7
4.3 		LOW
Network 		The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22… CWE-254
 7PK - Security Features 		CVE-2015-7576 cpe:2.3:a:rubyonrails:rails:5.0.0:beta1
cpe:2.3:a:rubyonrails:rails:4.2.5:rc2
cpe:2.3:a:rubyonrails:rails:4.2.5:r… 		2024-11-21 11:37
2016-02-16 		Show GitHub Exploit DB Packet Storm
44 -
5.0 		MEDIUM The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service… NVD-CWE-noinfo
CVE-2015-3227 cpe:2.3:a:rubyonrails:rails:4.2.1:*
cpe:2.3:a:rubyonrails:rails:4.2.0:*
cpe:2.3:a:rubyonrails:rails:4.1.8:*
cp… 		2024-11-21 11:28
2015-07-27 		Show GitHub Exploit DB Packet Storm
45 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web scri… CWE-79
Cross-site Scripting 		CVE-2015-3226 cpe:2.3:a:rubyonrails:rails:4.2.1:*
cpe:2.3:a:rubyonrails:rails:4.2.0:*
cpe:2.3:a:rubyonrails:rails:4.1.8:*
cp… 		2024-11-21 11:28
2015-07-27 		Show GitHub Exploit DB Packet Storm
46 -
5.0 		MEDIUM Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4… CWE-22
Path Traversal 		CVE-2014-7829 cpe:2.3:a:rubyonrails:rails:4.2.0:beta3
cpe:2.3:a:rubyonrails:rails:4.2.0:beta2
cpe:2.3:a:rubyonrails:rails:4.2.0… 		2024-11-21 11:18
2014-11-19 		Show GitHub Exploit DB Packet Storm
47 -
5.0 		MEDIUM The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string. CWE-19
 Data Processing Errors 		CVE-2014-3916 cpe:2.3:a:rubyonrails:rails:2.1.0:*
cpe:2.3:a:rubyonrails:rails:2.0.0:*
cpe:2.3:a:rubyonrails:rails:1.9.3:* 		2024-11-21 11:09
2014-11-17 		Show GitHub Exploit DB Packet Storm
48 -
4.3 		MEDIUM Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4… CWE-22
Path Traversal 		CVE-2014-7818 cpe:2.3:a:rubyonrails:rails:4.2.0:beta2
cpe:2.3:a:rubyonrails:rails:4.2.0:beta1
cpe:2.3:a:rubyonrails:rails:4.1.6… 		2024-11-21 11:18
2014-11-8 		Show GitHub Exploit DB Packet Storm
49 -
7.5 		HIGH activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-3514 cpe:2.3:a:rubyonrails:rails:4.1.4:*
cpe:2.3:a:rubyonrails:rails:4.1.3:*
cpe:2.3:a:rubyonrails:rails:4.1.2:rc3
 2024-11-21 11:08
2014-08-20 		Show GitHub Exploit DB Packet Storm
50 -
7.5 		HIGH SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before … CWE-89
SQL Injection 		CVE-2014-3483 cpe:2.3:a:rubyonrails:rails:4.1.2:rc3
cpe:2.3:a:rubyonrails:rails:4.1.2:rc2
cpe:2.3:a:rubyonrails:rails:4.1.2:rc1… 		2024-11-21 11:08
2014-07-7 		Show GitHub Exploit DB Packet Storm