| Vulnerability Name |
CVE
CWE
|
CWE |
Severity |
|
Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-0752)
|
CVE-2016-0752
CWE-22
|
CWE-22
|
High
|
|
Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-2097)
|
CVE-2016-2097
CWE-22
|
CWE-22
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-3227)
|
CVE-2007-3227
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3009)
|
CVE-2009-3009
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4214)
|
CVE-2009-4214
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0446)
|
CVE-2011-0446
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1497)
|
CVE-2011-1497
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2197)
|
CVE-2011-2197
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2931)
|
CVE-2011-2931
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2932)
|
CVE-2011-2932
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4319)
|
CVE-2011-4319
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1098)
|
CVE-2012-1098
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1099)
|
CVE-2012-1099
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3463)
|
CVE-2012-3463
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3464)
|
CVE-2012-3464
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3465)
|
CVE-2012-3465
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1855)
|
CVE-2013-1855
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1857)
|
CVE-2013-1857
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4491)
|
CVE-2013-4491
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6415)
|
CVE-2013-6415
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6416)
|
CVE-2013-6416
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-0081)
|
CVE-2014-0081
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3226)
|
CVE-2015-3226
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6316)
|
CVE-2016-6316
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8264)
|
CVE-2020-8264
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-26143)
|
CVE-2024-26143
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-32464)
|
CVE-2024-32464
CWE-707
|
CWE-707
|
Medium
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-4094)
|
CVE-2008-4094
CWE-138
|
CWE-138
|
High
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-0448)
|
CVE-2011-0448
CWE-138
|
CWE-138
|
High
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-2930)
|
CVE-2011-2930
CWE-138
|
CWE-138
|
High
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2661)
|
CVE-2012-2661
CWE-138
|
CWE-138
|
Medium
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2695)
|
CVE-2012-2695
CWE-138
|
CWE-138
|
High
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-6496)
|
CVE-2012-6496
CWE-138
|
CWE-138
|
High
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-0080)
|
CVE-2014-0080
CWE-138
|
CWE-138
|
Medium
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3482)
|
CVE-2014-3482
CWE-138
|
CWE-138
|
High
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3483)
|
CVE-2014-3483
CWE-138
|
CWE-138
|
High
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17916)
|
CVE-2017-17916
CWE-138
|
CWE-138
|
High
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17917)
|
CVE-2017-17917
CWE-138
|
CWE-138
|
High
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17919)
|
CVE-2017-17919
CWE-138
|
CWE-138
|
High
|
|
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17920)
|
CVE-2017-17920
CWE-138
|
CWE-138
|
High
|
|
Ruby on Rails Inefficient Regular Expression Complexity Vulnerability (CVE-2023-22792)
|
CVE-2023-22792
CWE-1333
|
CWE-1333
|
High
|
|
Ruby on Rails Inefficient Regular Expression Complexity Vulnerability (CVE-2023-22795)
|
CVE-2023-22795
CWE-1333
|
CWE-1333
|
High
|
|
Ruby on Rails Inefficient Regular Expression Complexity Vulnerability (CVE-2024-26142)
|
CVE-2024-26142
CWE-1333
|
CWE-1333
|
High
|
|
Ruby on Rails Missing Encryption of Sensitive Data Vulnerability (CVE-2010-3299)
|
CVE-2010-3299
CWE-311
|
CWE-311
|
Medium
|
|
Ruby on Rails Other Vulnerability (CVE-2013-0333)
|
CVE-2013-0333
|
|
High
|
|
Ruby on Rails Other Vulnerability (CVE-2021-22904)
|
CVE-2021-22904
|
|
High
|
|
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-0449)
|
CVE-2011-0449
CWE-264
|
CWE-264
|
High
|
|
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2660)
|
CVE-2012-2660
CWE-264
|
CWE-264
|
Medium
|
|
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2694)
|
CVE-2012-2694
CWE-264
|
CWE-264
|
Medium
|
|
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0155)
|
CVE-2013-0155
CWE-264
|
CWE-264
|
Medium
|
|
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0276)
|
CVE-2013-0276
CWE-264
|
CWE-264
|
Medium
|
|
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6417)
|
CVE-2013-6417
CWE-264
|
CWE-264
|
Medium
|
|
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3514)
|
CVE-2014-3514
CWE-264
|
CWE-264
|
High
|
|
Ruby on Rails Resource Management Errors Vulnerability (CVE-2015-7581)
|
CVE-2015-7581
|
|
High
|
|
Ruby on Rails Resource Management Errors Vulnerability (CVE-2016-0751)
|
CVE-2016-0751
|
|
High
|
|
Ruby on Rails SQL injection
|
CVE-2012-2695
CWE-89
|
CWE-89
|
High
|
|
Ruby on Rails Uncontrolled Resource Consumption Vulnerability (CVE-2020-8185)
|
CVE-2020-8185
CWE-400
|
CWE-400
|
Medium
|
|
Ruby on Rails Uncontrolled Resource Consumption Vulnerability (CVE-2021-22880)
|
CVE-2021-22880
CWE-400
|
CWE-400
|
High
|
|
Ruby on Rails Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-8162)
|
CVE-2020-8162
CWE-434
|
CWE-434
|
High
|
|
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22881)
|
CVE-2021-22881
CWE-601
|
CWE-601
|
Medium
|
|
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22903)
|
CVE-2021-22903
CWE-601
|
CWE-601
|
Medium
|
|
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22942)
|
CVE-2021-22942
CWE-601
|
CWE-601
|
Medium
|
|
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-44528)
|
CVE-2021-44528
CWE-601
|
CWE-601
|
Medium
|
|
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-22797)
|
CVE-2023-22797
CWE-601
|
CWE-601
|
Medium
|
|
Ruby on Rails Use of Externally-Controlled Format String Vulnerability (CVE-2013-4389)
|
CVE-2013-4389
CWE-134
|
CWE-134
|
Medium
|
|
Ruby on Rails weak/known secret token
|
CVE-2013-0156
CWE-200
|
CWE-200
|
High
|
|
Ruby Other Vulnerability (CVE-2012-5380)
|
CVE-2012-5380
|
|
Medium
|
|
Ruby Other Vulnerability (CVE-2014-8080)
|
CVE-2014-8080
|
|
Medium
|
|
Ruby Other Vulnerability (CVE-2014-8090)
|
CVE-2014-8090
|
|
Medium
|
|
Ruby Other Vulnerability (CVE-2016-2336)
|
CVE-2016-2336
|
|
Critical
|
|
Ruby Other Vulnerability (CVE-2016-2337)
|
CVE-2016-2337
|
|
Critical
|
|
Ruby Other Vulnerability (CVE-2021-41817)
|
CVE-2021-41817
|
|
High
|
|
Ruby Out-of-bounds Read Vulnerability (CVE-2022-28739)
|
CVE-2022-28739
CWE-125
|
CWE-125
|
High
|
|
Ruby Out-of-bounds Write Vulnerability (CVE-2016-2338)
|
CVE-2016-2338
CWE-787
|
CWE-787
|
Critical
|
|
Ruby Out-of-bounds Write Vulnerability (CVE-2017-11465)
|
CVE-2017-11465
CWE-787
|
CWE-787
|
Critical
|
