Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Ruby on rails Number Of NVD 106 CRITICAL 3 HIGH 34 MEDIUM 68 LOW 1
URL https://rubyonrails.org/
Explanation This is the most famous framework in Ruby.
Its basic philosophy is "Don't Repeat Yourself" and "Convention over Configuration".
Model View Controller (MVC) is used.

The latest major release contains bug fixes and security fixes.
The previous major release contains security fixes.
Earlier major releases are no longer supported.

Serious security issues may be addressed outside of support.
Tag
  • MIT License
  • Ruby
Add Information URL
No Type Name URL
1 https://rubyonrails.org/
2 https://guides.rubyonrails.org/maintenance_policy.html
3 https://railslts.com/
4 https://railsguides.jp/maintenance_policy.html
5 https://weblog.rubyonrails.org/releases/
6 https://github.com/rails/rails
7 https://rubyonrails.org/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
51 Ruby on rails 7.0 7.0.8.4 June 4, 2024 Dec. 15, 2021 1 2 4 0
52 Ruby on rails 6.1 6.1.7.7 Feb. 21, 2024 Dec. 9, 2020 1 6 6 0
53 Ruby on rails 6.0 6.0.6.1 Jan. 17, 2023 Aug. 16, 2019 2 8 9 0
54 Ruby on rails 5.2 5.2.8.1 July 12, 2022 April 9, 2018 2 10 5 0
55 Ruby on Rails 5.1 5.1.7 March 27, 2019 April 27, 2017 April 9, 2018 April 9, 2018 2 11 4 0
56 Ruby on rails 5.0 5.0.7.2 March 11, 2019 June 30, 2016 April 27, 2017 April 27, 2017 2 15 7 1
57 Ruby on rails 4.2 4.2.11.3 May 15, 2020 Dec. 20, 2014 June 30, 2016 Aug. 16, 2019 2 17 9 1
58 Ruby on rails 4.1 4.1.16 July 12, 2016 April 8, 2014 Dec. 20, 2014 Dec. 20, 2014 2 17 12 1
59 Ruby on rails 4.0 4.0.13 Jan. 6, 2015 June 25, 2013 April 8, 2014 Dec. 20, 2014 2 17 14 1
60 Ruby on rails 3.2 3.2.2.25 2 16 31 0
61 Ruby on rails 3.1 3.1.9 2 16 35 0
62 Ruby on rails 3.0 3.0.9 2 20 37 0
63 Ruby on rails 2.3 2.3.9 2 14 29 0
64 Ruby on rails 2.2 2.2.3 2 12 22 0
65 Ruby on rails 2.1 2.1.2 2 13 24 0
66 Ruby on rails 2.0 2.0.5 2 13 22 0
67 Ruby on rails 1.9 1.9.5 2 11 17 0
68 Ruby on rails 1.2 1.2.6 2 11 17 0
69 Ruby on rails 1.1 1.1.6 2 13 17 0
70 Ruby on rails 1.0 1.0.0 2 12 16 0
71 Ruby on rails 0.9 0.9.5 2 12 16 0
72 Ruby on rails 0.14 0.14.4 2 12 16 0
73 Ruby on rails 0.13 0.13.1 2 12 16 0
74 Ruby on rails 0.12 0.12.1 2 12 16 0
75 Ruby on rails 0.11 0.11.1 2 12 16 0
76 Ruby on rails 0.10 0.10.1 2 12 16 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
51 -
7.5 		HIGH SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows r… CWE-89
SQL Injection 		CVE-2014-3482 cpe:2.3:a:rubyonrails:rails:3.2.9:*
cpe:2.3:a:rubyonrails:rails:3.2.8:*
cpe:2.3:a:rubyonrails:rails:3.2.7:*
cp… 		2024-11-21 11:08
2014-07-7 		Show GitHub Exploit DB Packet Storm
52 7.5
4.3 		HIGH
Network 		Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when … CWE-22
Path Traversal 		CVE-2014-0130 cpe:2.3:a:rubyonrails:rails:*:*
4.0.0
4.1.0



3.2.18
4.0.5
4.1.1 		2026-04-22 05:07
2014-05-7 		Show GitHub Exploit DB Packet Storm
53 -
5.0 		MEDIUM actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows r… CWE-20
 Improper Input Validation  		CVE-2014-0082 cpe:2.3:a:rubyonrails:rails:3.2.9:*
cpe:2.3:a:rubyonrails:rails:3.2.8:*
cpe:2.3:a:rubyonrails:rails:3.2.7:*
cp… 		2024-11-21 11:01
2014-02-21 		Show GitHub Exploit DB Packet Storm
54 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remot… CWE-79
Cross-site Scripting 		CVE-2014-0081 cpe:2.3:a:rubyonrails:rails:4.1.0:beta1
cpe:2.3:a:rubyonrails:rails:4.0.2:*
cpe:2.3:a:rubyonrails:rails:4.0.1:rc4… 		2024-11-21 11:01
2014-02-21 		Show GitHub Exploit DB Packet Storm
55 -
6.8 		MEDIUM SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, al… CWE-89
SQL Injection 		CVE-2014-0080 cpe:2.3:a:rubyonrails:rails:4.1.0:beta1
cpe:2.3:a:rubyonrails:rails:4.0.2:*
cpe:2.3:a:rubyonrails:rails:4.0.1:rc4… 		2024-11-21 11:01
2014-02-21 		Show GitHub Exploit DB Packet Storm
56 -
6.4 		MEDIUM actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-6417 cpe:2.3:a:rubyonrails:rails:4.0.1:rc1
cpe:2.3:a:rubyonrails:rails:4.0.0:rc2
cpe:2.3:a:rubyonrails:rails:4.0.0:rc1… 		4.0.1 2024-11-21 10:59
2013-12-7 		Show GitHub Exploit DB Packet Storm
57 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary… CWE-79
Cross-site Scripting 		CVE-2013-6416 cpe:2.3:a:rubyonrails:rails:4.0.1:rc1
cpe:2.3:a:rubyonrails:rails:4.0.0:rc2
cpe:2.3:a:rubyonrails:rails:4.0.0:rc1… 		4.0.1 2024-11-21 10:59
2013-12-7 		Show GitHub Exploit DB Packet Storm
58 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote atta… CWE-79
Cross-site Scripting 		CVE-2013-6415 cpe:2.3:a:rubyonrails:rails:4.0.1:rc1
cpe:2.3:a:rubyonrails:rails:4.0.0:rc2
cpe:2.3:a:rubyonrails:rails:4.0.0:rc1… 		4.0.1 2024-11-21 10:59
2013-12-7 		Show GitHub Exploit DB Packet Storm
59 -
5.0 		MEDIUM actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a hea… CWE-20
 Improper Input Validation  		CVE-2013-6414 cpe:2.3:a:rubyonrails:rails:4.0.1:rc1
cpe:2.3:a:rubyonrails:rails:4.0.0:rc2
cpe:2.3:a:rubyonrails:rails:4.0.0:rc1… 		4.0.1 2024-11-21 10:59
2013-12-7 		Show GitHub Exploit DB Packet Storm
60 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allo… CWE-79
Cross-site Scripting 		CVE-2013-4491 cpe:2.3:a:rubyonrails:rails:4.0.1:rc1
cpe:2.3:a:rubyonrails:rails:4.0.0:rc2
cpe:2.3:a:rubyonrails:rails:4.0.0:rc1… 		4.0.1 2024-11-21 10:55
2013-12-7 		Show GitHub Exploit DB Packet Storm