MEDIUM RubyGems
GHSA-24fg-p96v-hxh8 · CVE-2011-0447 actionpack Cross-Site Request Forgery vulnerability
Modified: 12/7/2024
package
RubyGems / actionpack
pkg:rubygems/actionpack
MEDIUM RubyGems
GHSA-29gr-w57f-rpfw · CVE-2014-7818 actionpack vulnerable to Path Traversal
Modified: 11/29/2024
MEDIUM 6.1 RubyGems
GHSA-2rqw-v265-jf8c · CVE-2021-22942 Open Redirect in ActionPack
Modified: 2/21/2024
MEDIUM RubyGems
GHSA-2xjj-5x6h-8vmf · CVE-2012-1099 Cross-site Scripting in actionpack
Modified: 11/29/2024
MEDIUM 6.1 RubyGems
GHSA-35mm-cc6r-8fjp · CVE-2020-8264 Cross-site scripting in actionpack
Modified: 2/16/2024
MEDIUM RubyGems
GHSA-3vfw-7rcp-3xgm · CVE-2011-3187 actionpack Improper Input Validation vulnerability
Modified: 11/29/2024
MEDIUM 4.0 RubyGems
GHSA-4g8v-vg43-wpgf · CVE-2023-28362 Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
Modified: 5/5/2025
HIGH RubyGems
GHSA-4ww3-3rxj-8v6q · CVE-2011-0449 actionpack allows remote attackers to bypass intended access restrictions
Modified: 11/29/2024
MEDIUM 6.1 RubyGems
GHSA-5hq2-xf89-9jxq · CVE-2021-22903 Possible Open Redirect Vulnerability in Action Pack
Modified: 2/16/2024
MEDIUM RubyGems
GHSA-699m-mcjm-9cw8 · CVE-2013-4491 actionpack vulnerable to Cross-site Scripting
Modified: 11/29/2024
MEDIUM RubyGems
GHSA-6h5q-96hp-9jgm · CVE-2013-6415 actionpack vulnerable to Cross-site Scripting
Modified: 11/29/2024
HIGH 7.5 RubyGems
GHSA-6x85-j5j2-27jx · CVE-2014-0130 actionpack Path Traversal vulnerability
Modified: 10/24/2025
MEDIUM RubyGems
GHSA-75w6-p6mg-vh8j · CVE-2011-0446 Rails actionpack gem vulnerable to Cross-site Scripting
Modified: 11/28/2024
HIGH 7.3 RubyGems
GHSA-78rc-8c29-p45g · CVE-2016-2098 actionpack allows remote code execution via application's unrestricted use of render method
Modified: 2/20/2024
MEDIUM RubyGems
GHSA-7cgp-c3g7-qvrw · CVE-2014-0082 actionpack Improper Input Validation vulnerability
Modified: 12/2/2024
MEDIUM RubyGems
GHSA-7g65-ghrg-hpf5 · CVE-2012-3465 actionpack Cross-site Scripting vulnerability
Modified: 1/21/2025
HIGH 7.5 RubyGems
GHSA-7wjx-3g7j-8584 · CVE-2021-22904 Possible DoS Vulnerability in Action Controller Token Authentication
Modified: 2/16/2024
HIGH 7.5 RubyGems
GHSA-8727-m6gj-mc37 · CVE-2020-8164 Possible Strong Parameters Bypass in ActionPack
Modified: 2/16/2024
MEDIUM 6.1 RubyGems
GHSA-8877-prq4-9xfw · CVE-2021-22881 Actionpack Open Redirect Vulnerability
Modified: 2/20/2024
MEDIUM RubyGems
GHSA-8fqx-7pv4-3jwm · CVE-2008-7248 Improper Input Validation in actionpack
Modified: 12/7/2024
MEDIUM RubyGems
GHSA-8qrh-h9m2-5fvf · CVE-2009-3009 Cross site scripting that affects rails
Modified: 4/9/2025
LOW RubyGems
GHSA-8xww-x3g3-6jcv · CVE-2023-22795 ReDoS based DoS vulnerability in Action Dispatch
Modified: 3/31/2025
MEDIUM RubyGems
GHSA-92w9-2pqw-rhjj · CVE-2012-3424 actionpack Improper Authentication vulnerability
Modified: 1/22/2025
MEDIUM 6.1 RubyGems
GHSA-9445-4cr6-336r · CVE-2023-22797 Open Redirect Vulnerability in Action Pack
Modified: 2/16/2024
MEDIUM 6.1 RubyGems
GHSA-9822-6m93-xqf4 · BIT-rails-2024-26143, CVE-2024-26143 Rails has possible XSS Vulnerability in Action Controller
Modified: 6/8/2026
MEDIUM RubyGems
GHSA-98mf-8f57-64qf · CVE-2012-3463 actionpack Cross-site Scripting vulnerability
Modified: 11/30/2024
HIGH 7.5 RubyGems
GHSA-9h6g-gp95-x3q5 · CVE-2015-7581 actionpack is vulnerable to denial of service because of a wildcard controller route
Modified: 11/29/2024
MEDIUM 6.5 RubyGems
GHSA-c6qr-h5vq-59jc · CVE-2020-8185 Untrusted users can run pending migrations in production in Rails
Modified: 2/22/2024
MEDIUM RubyGems
GHSA-fcqf-h4h4-695m · CVE-2011-3186 actionpack CRLF injection vulnerability
Modified: 12/5/2024
HIGH 7.5 RubyGems
GHSA-ffpv-c4hm-3x6v · CVE-2016-0751 actionpack is vulnerable to denial of service via a crafted HTTP Accept header
Modified: 11/29/2024
MEDIUM RubyGems
GHSA-fg9w-g6m4-557j · CVE-2009-3086 actionpack and activesupport vulnerable to information leaks
Modified: 11/28/2024
MEDIUM 5.4 RubyGems
GHSA-fwhr-88qx-h9g7 · BIT-rails-2024-28103, CVE-2024-28103 Missing security headers in Action Pack on non-HTML responses
Modified: 10/6/2025
HIGH 7.5 RubyGems
GHSA-g8ww-46x2-2p65 · CVE-2021-22902 Denial of Service in Action Dispatch
Modified: 2/16/2024
MEDIUM RubyGems
GHSA-h56m-vwxc-3qpw · CVE-2014-7829 Directory traversal vulnerability in actionpack
Modified: 11/29/2024
MEDIUM RubyGems
GHSA-hgpp-pp89-4fgf · CVE-2012-2660 Action Pack contains database-query restrictions bypass
Modified: 1/22/2025
HIGH 7.5 RubyGems
GHSA-hjg4-8q5f-x6fm · CVE-2021-22885 Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
Modified: 2/22/2024
MEDIUM RubyGems
GHSA-j838-vfpq-fmf2 · CVE-2013-1857 actionpack Cross-site Scripting vulnerability
Modified: 11/30/2024
LOW RubyGems
GHSA-jjhx-jhvp-74wq · BIT-rails-2024-26142, CVE-2024-26142 Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Modified: 12/20/2024
HIGH RubyGems
GHSA-jmgw-6vjg-jjwg · CVE-2013-0156 actionpack Improper Input Validation vulnerability
Modified: 11/30/2024
MEDIUM 4.3 RubyGems
GHSA-jp5v-5gx4-jmj9 · CVE-2020-8166 Ability to forge per-form CSRF tokens in Rails
Modified: 5/5/2026
MEDIUM RubyGems
GHSA-m46p-ggm5-5j83 · CVE-2014-0081 Rails vulnerable to Cross-site Scripting
Modified: 12/8/2024
MEDIUM 6.1 RubyGems
GHSA-mm33-5vfq-3mm3 · CVE-2022-22577 Cross-site Scripting Vulnerability in Action Pack
Modified: 2/18/2024
MEDIUM RubyGems
GHSA-mpxf-gcw2-pw5q · CVE-2013-6414 actionpack Improper Input Validation vulnerability
Modified: 11/29/2024
LOW 3.7 RubyGems
GHSA-p692-7mm3-3fxg · CVE-2015-7576 actionpack is vulnerable to remote bypass authentication
Modified: 11/29/2024
LOW RubyGems
GHSA-p84v-45xj-wwqj · CVE-2023-22792 ReDoS based DoS vulnerability in Action Dispatch
Modified: 2/18/2025
LOW RubyGems
GHSA-pgm4-439c-5jp6 · CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions
Modified: 5/13/2026
MEDIUM RubyGems
GHSA-q34c-48gc-m9g8 · CVE-2012-2694 actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
Modified: 1/20/2025
MEDIUM 6.1 RubyGems
GHSA-q58j-fmvf-9rq6 · CVE-2011-1497 Cross site scripting in actionpack Rubygem
Modified: 1/20/2025
MEDIUM RubyGems
GHSA-q759-hwvc-m3jg · CVE-2013-1855 actionpack Cross-site Scripting vulnerability
Modified: 11/29/2024
MEDIUM 6.1 RubyGems
GHSA-qphc-hf5q-v8fc · BIT-rails-2021-44528, CVE-2021-44528 actionpack Open Redirect in Host Authorization Middleware
Modified: 3/6/2024
MEDIUM RubyGems
GHSA-r7q2-5gqg-6c7q · CVE-2011-2929 actionpack Improper Input Validation vulnerability
Modified: 11/29/2024
MEDIUM RubyGems
GHSA-v5jg-558j-q67c · CVE-2011-2931 actionpack Cross-site Scripting vulnerability
Modified: 11/29/2024
MEDIUM RubyGems
GHSA-v9v4-7jp6-8c73 · CVE-2011-2197 rails Cross-site Scripting vulnerability
Modified: 12/7/2024
MEDIUM RubyGems
GHSA-vfg9-r3fq-jvx4 · BIT-rails-2024-47887, CVE-2024-47887 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
Modified: 10/31/2024
LOW RubyGems
GHSA-vfm5-rmrh-j26v · BIT-rails-2024-54133, CVE-2024-54133 Possible Content Security Policy bypass in Action Dispatch
Modified: 3/7/2025
MEDIUM 5.3 RubyGems
GHSA-vx9j-46rh-fqr8 · CVE-2016-2097 actionview contains Path Traversal vulnerability
Modified: 2/22/2024
MEDIUM RubyGems
GHSA-w37c-q653-qg95 · CVE-2013-6416 actionpack Cross-site Scripting vulnerability
Modified: 12/3/2024
HIGH 7.4 RubyGems
GHSA-wh98-p28r-vrc9 · CVE-2022-23633 Exposure of information in Action Pack
Modified: 2/4/2026
MEDIUM RubyGems
GHSA-wpw7-wxjm-cw8r · CVE-2013-6417 actionpack allows bypass of database-query restrictions
Modified: 11/29/2024
MEDIUM RubyGems
GHSA-x76w-6vjr-8xgj · BIT-rails-2024-41128, CVE-2024-41128 Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
Modified: 10/31/2024
HIGH 7.5 RubyGems
GHSA-xrr4-p6fq-hjg7 · CVE-2016-0752 Directory traversal vulnerability in Action View in Ruby on Rails
Modified: 10/22/2025
MEDIUM RubyGems
GHSA-xxr8-833v-c7wc · CVE-2011-4319 Cross-site Scripting vulnerability in i18n translations helper method
Modified: 12/7/2024