What happens if team members leave or join after we’ve purchased licenses?

Licenses are purchased on annual terms, and there is no penalty if they are over-provisioned or unused. Additional licenses can be added after an agreement has started, and can be scaled back during each Support Agreement’s renewal period.

How are licenses tracked? Do you install a license server?

Our Support Agreements require customers to perform a 'good faith' internal audit to ensure compliance with licensing, but how this is done is up to you. We keep it simple, both for your sake AND compliance/security reasons: our products are offered free of any kind of license tracking, termination switches, or 'phone home' functionality of any kind.

Do you offer discounts for nonprofits, open source companies, or educational institutions?

Yes, contact sales to help us understand how we can support the causes that are important to you.

How hard is it to get this through our InfoSec and Legal procurement process?

Even at small organizations, procurement can be a lengthy & frustrating process for everyone involved. We’ve taken that into consideration at every step of our journey, and the end result is that we are a viable option for any organization. We’re confident that even the most rigorous business units will be able to onboard NES with ease.

What makes onboarding so easy?

- Our products are patched versions of what you’re already running, so they are familiar and behave identically (just more secure and compatible) - Our software contains no tracking, license enforcement mechanisms, nor 'phone home' functionality of any kind. We never receive information about your users, products, development practices, systems, environments, or any other sensitive information. - Our deliverables are neither On Premise nor Software As A Service and thus do not require a runtime environment. True to our love of Open Source, the source code is included for all products making security reviews a breeze. - Other than standard sales and procurement information (contact details, quotes, etc) our organization never receives nor retains sensitive information about your company. As such, we typically do not engage in NDAs or Data Sharing Agreements as there is simply no confidential information to protect.

Do I pay extra for development, staging, etc. environments?

No! You never pay an additional fee for any additional environment.

How does intellectual property for NES libraries work?

All NES libraries are offered for free with an active Support Agreement. This license is perpetual, meaning even after your Support Term ends you can continue using the latest version – no rollbacks required.

How does a license work?

When you buy a commercial license to one of our Never-Ending Support (NES) products, you choose the number of users that your team will need on that license. A user is any person committing code to the project repo. Users are unnamed and transferrable across team members.

Do you have multi-year license options?

Yes, we do offer multi-year terms if you need more than 12 months to migrate.

Get a Custom Quote
to Secure your End-of-Life Open Source

Angular NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Angular beyond end-of-life:

v4 - v17

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Angular code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Get security updates for the following versions of Angular beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

v4 - v17

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

If your requirements go beyond what’s included in NES for Spring: Foundations, our Essentials Add-On offers the flexibility to customize your support package.
This allows you to select only the additional Spring packages you need, ensuring that your applications get the right level of security without paying for features you won’t use.

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Angular

dependencies:

RxJS
NgRX
Angular Material
Ngx-translate
Ngx-Bootstrap

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Angular code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Angular NES

Our latest version of

Angular NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Angular

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Drupal 7 NES

Core

Basic Edition

Foundations

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Get Security Updates for Drupal 7 Core, Core Modules, and Core Themes as well as All Contributed Modules for Drupal 7 - with the guarantees of an Enterprise Grade SLA other high value features.

Our Drupal 7 NES Basic Edition covers all community-contributed (contrib) modules*

Installs within minutes
Compatible with all modern browsers
Email Support Only

‍

_{*Exclusions apply: Custom modules, modules that break due to third-party API changes, and closed-source or proprietary (closed-license) modules are not covered.}

‍

What is a “Site”?

A “site” means, (i) an individual dedicated website, and/or (ii) multiple websites co-located in a shared environment, and/or (iii) a deployment target, for which Subscription Services are deployed.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Get Security Updates for Drupal 7 Core, Core Modules, and Core Themes as well as All Contributed Modules for Drupal 7 - with the guarantees of an Enterprise Grade SLA other high value features.

Get security updates for common

Drupal 7

dependencies:

Our Drupal Essentials support coverage includes all contrib modules*.

*This excludes custom-modules, modules which break due to 3rd party APIs, closed-source / closed-license modules.

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “Site”?

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Drupal 7 NES

Our latest version of

Drupal 7 NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Drupal 7

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

jQuery NES

Core

Basic Edition

Foundations

Get security updates for the following versions of jQuery beyond end-of-life:

1.3.x, 1.5.x, 1.6.x, 1.7.x, 1.12.x, 2.2.x, 3.5.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing jQuery code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Compatible with Core Versions of jQuery

Custom Pricing

Billed annually. Multi-year options available.

1.3.x, 1.5.x, 1.6.x, 1.7.x, 1.12.x, 2.2.x, 3.5.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

jQuery

dependencies:

jQueryUI
jQuery-validation
jQuery Mobile

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing jQuery code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

jQuery NES

Our latest version of

jQuery NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

jQuery

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

AngularJS NES

Core

Basic Edition

Foundations

Get security updates for the following versions of AngularJS beyond end-of-life:

1.5.x, 1.8.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing AngularJS code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Get security updates for the following versions of AngularJS beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

1.5.x, 1.8.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

AngularJS

dependencies:

angular-filter
angular-local-storage
angular-material
angular-moment
angular-moment-picker
protractor
angular-translate
angular-translate-loader-static-files
ui-select
angular-ui-bootstrap
angular-ui-sortable
angular-ui-router
uirouter-core

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing AngularJS code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

AngularJS NES

Our latest version of

AngularJS NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

AngularJS

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Vue 2 NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Vue 2 beyond end-of-life:

2.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Vue 2 code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Get security updates for the following versions of Vue 2 beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

2.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

dependencies:

Nuxt v2
Vue Router
Vuex
Vuetify 2
BootstrapVue 2

‍

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Vue 2 code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Vue 2 NES

Our latest version of

Vue 2 NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Bootstrap NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Bootstrap beyond end-of-life:

2.x, 3.x, 4.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Bootstrap code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

2.x, 3.x, 4.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Bootstrap

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Bootstrap code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Bootstrap NES

Our latest version of

Bootstrap NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Bootstrap

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Nuxt NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Nuxt beyond end-of-life:

2.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Nuxt code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

2.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Nuxt

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Nuxt code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Nuxt NES

Our latest version of

Nuxt NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Nuxt

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Spring

Core

Basic Edition

Foundations

5.3.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Our core subscription aimed at users needing basic, essential security coverage for Spring’s main framework and projects. Ideal for all enterprises needing reliable, core-level protection.

Get security updates on key packages, including but not limited to:

What is a “User”?

A user is any person committing Spring code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

5.3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Our core subscription aimed at users needing basic, essential security coverage for Spring’s main framework and projects. Ideal for all enterprises needing reliable, core-level protection.

Get security updates for common

Spring

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Spring code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Spring

Our latest version of

NES for Spring

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Spring

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Protractor NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Protractor beyond end-of-life:

7.0.0

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Protractor code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

7.0.0

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Protractor

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Protractor code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Protractor NES

Our latest version of

Protractor NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Protractor

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

ESLint NES

Core

Basic Edition

Foundations

Get security updates for the following versions of ESLint beyond end-of-life:

8.57.0

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing ESLint code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

8.57.0

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

ESLint

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing ESLint code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

ESLint NES

Our latest version of

ESLint NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

ESLint

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Express NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Express beyond end-of-life:

3.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Express code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Express

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Express code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Express NES

Our latest version of

Express NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Express

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Node.js NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Node.js beyond end-of-life:

12, 14, 16, 18

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across essential platforms and technologies

What is a “User”?

A user is any person committing Node.js code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

12, 14, 16, 18

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Node.js

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Node.js code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Node.js NES

Our latest version of

Node.js NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Node.js

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Rails NES

Core

Basic Edition

Foundations

Get security updates for the following versions Rails beyond end-of-life:

2.3, 3.2, 4.2, 5.2, and 6.1

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing Rails code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

2.3, 3.2, 4.2, 5.2, and 6.1

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Rails

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Rails code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Rails NES

Our latest version of

Rails NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Rails

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for .NET

Core

Basic Edition

Foundations

Get security updates for the following versions of .NET beyond end-of-life:

6, 8

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Includes 200 Endpoints
4 Developer Seats
Continuous vulnerability scanning
24/7 Support

What is a “User”?

A user is any person committing .NET code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Get security updates for essential frameworks of .NET beyond end-of-life

Custom Pricing

Billed annually. Multi-year options available.

6, 8

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

.NET

dependencies:

Get Never-Ending Support for:

Entity Framework
WPF
WinForms

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing .NET code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for .NET

Our latest version of

NES for .NET

include fixes for the vulnerabilities below. Our secure drop-in replacement for

.NET

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

PHP

Core

Basic Edition

Foundations

Get security updates for the following versions of PHP beyond end-of-life:

7.2, 7.3, 7.4, 8.0

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible with all modern browsers

What is a “User”?

A user is any person committing PHP code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

7.2, 7.3, 7.4, 8.0

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

PHP

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing PHP code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

PHP

Our latest version of

PHP

include fixes for the vulnerabilities below. Our secure drop-in replacement for

PHP

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Grunt NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Grunt beyond end-of-life:

v0.4 - 1.5

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Grunt code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

v0.4 - 1.5

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Grunt

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Grunt code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Grunt NES

Our latest version of

Grunt NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Grunt

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Fastify NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Fastify beyond end-of-life:

3.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Fastify code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Fastify

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Fastify code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Fastify NES

Our latest version of

Fastify NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Fastify

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

NES for Apache Struts

Core

Basic Edition

Foundations

Get security updates for the following versions of Struts beyond end-of-life:

All versions

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Struts code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

All versions

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Struts

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Struts code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

NES for Apache Struts

Our latest version of

NES for Apache Struts

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Struts

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Apache Solr & Lucene NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Apache Solr &Lucene beyond end-of-life:

8.11.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Solr & Lucene code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

8.11.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Solr & Lucene

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Solr & Lucene code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Apache Solr & Lucene NES

Our latest version of

Apache Solr & Lucene NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Solr & Lucene

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Apache Tapestry NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Apache Tapestry beyond end-of-life:

4.1.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Tapestry code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

4.1.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Tapestry

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Tapestry code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Apache Tapestry NES

Our latest version of

Apache Tapestry NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Tapestry

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Apache Cocoon NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Apache Cocoon beyond end-of-life:

2.3.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Cocoon code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

2.3.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Cocoon

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Cocoon code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Apache Cocoon NES

Our latest version of

Apache Cocoon NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Cocoon

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Apache Camel NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Apache Camel beyond end-of-life:

2.25.x, 3.22.x

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Camel code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

2.25.x, 3.22.x

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Camel

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Camel code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Apache Camel NES

Our latest version of

Apache Camel NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Camel

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Apache Spark NES

Core

Basic Edition

Foundations

Get security updates for the following versions of Apache Spark beyond end-of-life:

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Easy to install
FedRAMP, PCI, HIPAA, SOC 2 compliant
Compatible across all essential platforms and technologies

What is a “User”?

A user is any person committing Apache Spark code to the project repo. Users are unnamed and transferrable across team members.

Essentials Add-On

Essentials

Core

Custom Pricing

Billed annually. Multi-year options available.

Custom Pricing

Billed annually. Multi-year options available.

Add to Quote

Added to Quote

Custom Pricing

Billed annually. Multi-year options available.

Get security updates for common

Apache Spark

dependencies:

Our Drupal 7 NES Core includes everything in the Basic Edition, plus:

FedRAMP, PCI, HIPAA, SOC 2 compliant
PHP Security Support Add-On
Dedicated Email & Phone Support

This is an add-on subscription and cannot be purchased separately.

What is a “User”?

A user is any person committing Apache Spark code to the project repo. Users are unnamed and transferrable across team members.

Talk to sales for full list of supported packages

Fix these Vulnerabilities immediately with

Apache Spark NES

Our latest version of

Apache Spark NES

include fixes for the vulnerabilities below. Our secure drop-in replacement for

Apache Spark

is easy to install and takes only a few minutes to set up.

Severity

Category

Version(s) Affected

Published Date

Education & Non-Profit

Special pricing is available for qualified non-profit or educational organizations.

Talk to Sales

Quote Summary

Selected (0)

Number of Users

+ Add Technology

Get Custom Quote

No results found

Please clear filter tag to use the search option

Clear tags

Added to Quote

Critical

CVE-2025-29927

Authorization Bypass

>= 11.1.4

Mar 23, 2025

High

CVE-2025-22228

Authorization Bypass

<=5.6.12, >=5.7.0 <5.7.16, >=5.8.0 <5.8.18, >=6.0.0 <=6.0.16, >=6.1.0 <6.1.14, >=6.2.0 <6.2.10, >=6.3.0 <6.3.8, >=6.4.0 <6.4.4

Mar 20, 2025

Medium

CVE-2023-34040

Remote Code Execution

<2.9.11, >=3.0.0 <3.0.10

Mar 3, 2025

Medium

CVE-2019-8331

Cross-Site Scripting

>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.1

Feb 28, 2025

Medium

CVE-2016-10735

Cross-Site Scripting

>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.0.0-beta.2

Feb 28, 2025

Medium

CVE-2018-14042

Cross-Site Scripting

>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2

Feb 28, 2025

Medium

CVE-2018-14040

Cross-Site Scripting

>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2

Feb 28, 2025

Medium

CVE-2025-25184

Improper Output Neutralization for Logs

<2.2.11, <3.0.12, <3.1.10

Feb 14, 2025

High

CVE-2024-29415

Server-Side Request Forgery

<=2.0.1

Jan 27, 2025

High

CVE-2024-21536

Denial of Service

<2.0.7, >=3.0.0 <3.0.3

Jan 27, 2025

High

CVE-2024-29180

Path Traversal

<5.3.4, >=6.0.0 <6.1.2, >=7.0.0 <7.1.0

Jan 27, 2025

High

CVE-2025-23089

Use of Unmaintained Third Party

<= 21.7.3

Jan 21, 2025

High

CVE-2025-23088

Use of Unmaintained Third Party

<= 19.9.0

Jan 21, 2025

High

CVE-2025-23087

Use of Unmaintained Third Party

<= 17.9.1

Jan 21, 2025

Critical

CVE-2024-53677

Remote Code Execution

>=2.0.0 <=2.3.37, >=2.5.0 <=2.5.33, >=6.0.0 <=6.3.0.2

Dec 17, 2024

Low

CVE-2024-38829

Authorization Bypass

<=2.4.3, >=3.0.0 <=3.0.9, >=3.1.0 <=3.1.7, >=3.2.0 <3.2.7

Nov 20, 2024

Medium

CVE-2024-38827

Authorization Bypass

<=5.7.13, >=5.8.0 <=5.8.15, >=6.0.0 <=6.0.13, >=6.1.0 <=6.1.11, >=6.2.0 <=6.2.7, >=6.3.0 <=6.3.4

Nov 19, 2024

Medium

CVE-2024-38828

Denial of Service

<5.3.42

Nov 15, 2024

High

CVE-2024-38819

Path Traversal

<5.3.41, >=6.0.0 <6.0.25, >=6.1.0 <6.1.14

Oct 30, 2024

Medium

CVE-2024-10491

Resource Injection

>=3.0.0-alpha1 <=3.21.2

Oct 29, 2024

Critical

CVE-2024-38821

Authorization Bypass

>=5.7.0 <5.7.13, >=5.8.0 <5.8.15, >=6.0.0 <6.0.13, >=6.1.0 <6.1.11, >=6.2.0 <6.2.7, >=6.3.0 <6.3.4

Oct 25, 2024

Low

CVE-2024-38820

Authorization Bypass

<5.3.41, >=6.0.0 <6.0.25, >=6.1.0 <6.1.14

Oct 23, 2024

Medium

HD-2024-1410

Resource Injection

>=3.0.0-alpha1 <=3.21.2, >=4.0.0-rc1 <4.21.1, >=5.0.0-alpha.1 <5.0.1

Oct 17, 2024

High

HD-2024-1407

HTTP Request Smuggling

>=16.0.0 <16.20.1, >=18.0.0 <18.16.1, >=20.0.0 <20.3.1

Oct 16, 2024

Low

HD-2024-1408

Information Exposure

>=16.0.0 <=16.20.2

Oct 15, 2024

Medium

HD-2024-1409

Denial of Service

>=14.0.0 <=14.21.3, >=16.0.0 <=16.20.2

Oct 15, 2024

Low

CVE-2024-9506

ReDoS Vulnerability

>=2.0.0 <3.0.0

Oct 14, 2024

High

HD-2024-2201

Command Injection

Vue 2.6, Vue 2.7, and Nuxt 2

Oct 8, 2024

Medium

CVE-2024-9266

URL Redirect/Open Redirect

>=3.4.5 <4.0.0

Oct 3, 2024

Critical

CVE-2024-4577

Content Spoofing

>=8.1.0 <8.1.29, >=8.2.0 <8.2.20, >=8.3.0 <8.3.8

Sep 30, 2024

High

CVE-2024-38816

Path Traversal

>=5.3.0 <=5.3.39, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.12

Sep 12, 2024

Medium

CVE-2024-43796

Cross-Site Scripting

>=3.0.0-alpha1, <=3.21.2, >=4.0.0-rc1, <4.20.0, >=5.0.0-alpha.1 <5.0.0

Sep 10, 2024

Medium

CVE-2024-8372

Content Spoofing

>=1.3.0-rc.4

Sep 9, 2024

Medium

CVE-2024-8373

Content Spoofing

>=0.0.0

Sep 9, 2024

Medium

CVE-2024-38809

Denial of Service

>=4.3.0 <=4.3.30, >=5.3.0 <5.3.38, >=6.0.0 <6.0.23, >=6.1.0 <6.1.12

Aug 27, 2024

Medium

CVE-2024-38807

Signature Forgery

>=2.7.0 <=2.7.21, >=3.0.0 <=3.0.16, >=3.1.0 <=3.1.12, >=3.2.0 <=3.2.8, >=3.3.0 <=3.3.2

Aug 23, 2024

Medium

CVE-2024-38808

Denial of Service

<5.3.39

Aug 20, 2024

Medium

CVE-2024-6783

Cross-Site Scripting

>=2.0.0 <3.0.0

Jul 23, 2024

Medium

CVE-2024-6485

Cross-Site Scripting

>=1.4.0 <=3.4.1

Jul 11, 2024

Medium

CVE-2024-6484

Cross-Site Scripting

>=3.2.0 <=3.4.1

Jul 11, 2024

Medium

CVE-2024-6531

Cross-Site Scripting

>=4.0.0 <=4.6.2

Jul 11, 2024

High

CVE-2014-3482

Denial of Service

<=3.2.18 Only for instances using PostgreSQL

Jul 7, 2024

Medium

CVE-2024-27982

HTTP Request Smuggling

<21.7.2, <20.12.1, <v18.20.1, <= 16.20.2, <=v14.21.3, <= v12.22.12

May 1, 2024

Medium

CVE-2024-33665

Cross-Site Scripting

>=2.19.1

Apr 25, 2024

High

CVE-2024-22262

URL Redirect/Open Redirect

>=4.3.0, >=5.3.0 <5.3.34, >=6.0.0 <6.0.19, >=6.1.0 <6.1.6

Apr 16, 2024

High

CVE-2024-22259

URL Redirect/Open Redirect

<=4.3.31, >=5.3.0 <5.3.33, >=6.0.0 <6.0.17, >=6.1.0 <6.1.5

Mar 16, 2024

High

CVE-2024-26142

Denial of Service

7.1.0.0 to 7.1.3.0

Feb 27, 2024

High

CVE-2024-22243

URL Redirect/Open Redirect

>=4.3.0 <=4.3.30, >=5.3.0 <5.3.32, >=6.0.0 <6.0.17, >=6.1.0 <6.1.4

Feb 23, 2024

High

CVE-2024-22234

Authorization Bypass

<6.1.7, >=6.2.0 <6.2.2

Feb 19, 2024

Medium

CVE-2024-22025

Denial of Service

<21.6.2, <20.11.1, <v18.19.1, <= 16.20.2

Feb 14, 2024

High

CVE-2024-22019

Denial of Service

<21.6.2, <20.11.1, <v18.19.1, <= 16.20.2, <=v14.21.3, <= v12.22.12

Feb 14, 2024

High

CVE-2024-21490

ReDoS Vulnerability

>=1.3.0

Feb 10, 2024

High

CVE-2014-0114

Remote Code Execution

<=1.9.2

Feb 1, 2024

High

CVE-2016-1182

Cross-Site Scripting

>=1.0.0 <=1.3.10

Feb 1, 2024

High

CVE-2016-1181

Authorization Bypass

>=1.0.0 <=1.3.10

Feb 1, 2024

High

CVE-2015-0899

Authorization Bypass

>=1.1.0 <=1.3.10

Feb 1, 2024

Low

CVE-2012-1007

Cross-Site Scripting

<=1.3.10

Feb 1, 2024

High

CVE-2023-20883

Denial of Service

>=1.5.0 <=1.5.22, >=2.5.0 <2.5.15, >=2.6.0 <2.6.15, >=2.7.0 <2.7.12 >=3.0.0 <3.0.7

May 19, 2023

High

CVE-2023-20862

Improper Session Handling

>=5.7.0 <5.7.8, >=5.8.0 <5.8.3, >=6.0.0 <6.0.3

Apr 19, 2023

Medium

CVE-2023-20863

Denial of Service

<5.2.24, >=5.3.0 <5.3.27, >=6.0.0 <6.0.8

Apr 13, 2023

High

CVE-2022-27772

Resource Injection

<2.2.11

Mar 30, 2023

Medium

CVE-2023-26118

ReDoS Vulnerability

>=1.4.9

Mar 30, 2023

Medium

CVE-2023-26117

ReDoS Vulnerability

>=1.0.0

Mar 30, 2023

Medium

CVE-2023-26116

ReDoS Vulnerability

>=1.2.21

Mar 30, 2023

Medium

CVE-2023-20861

Denial of Service

<5.2.23, >=5.3.0 <5.3.26, >=6.0.0 <6.0.7

Mar 23, 2023

High

CVE-2023-22794

Remote Code Execution

<=6.0.6.0 <=6.1.7.0 <=7.0.4.0

Feb 9, 2023

Critical

CVE-2022-30123

Remote Code Execution

2.2.0.0 - <=2.2.3.0 2.1.0.0 - <=2.1.4.0 2.0.0.0 - <=2.0.9.0

Dec 5, 2022

High

CVE-2022-31692

Authorization Bypass

>=5.6.0 <5.6.9, >=5.7.0 <5.7.5

Oct 31, 2022

Critical

CVE-2018-11776

Remote Code Execution

>=2.3.0 <2.3.35, >=2.5.0 <2.5.17

Aug 18, 2022

Medium

CVE-2022-25869

Cross-Site Scripting

>=0.0.0

Jul 15, 2022

Critical

CVE-2022-21831

Remote Code Execution

7.0.0.0 - <= 7.0.2.2 6.1.0.0 - <= 6.1.4.6 6.0.0.0 - <= 6.0.4.6 5.2.0.0 - <= 5.2.6.2

May 26, 2022

Medium

CVE-2021-4231

Cross-Site Scripting

<=11.1.0

May 26, 2022

Medium

CVE-2022-22976

Authorization Bypass

<5.5.7, >=5.6.0 <5.6.4

May 17, 2022

High

CVE-2022-22978

Authorization Bypass

<5.4.11, >=5.5.0 <5.5.7, >=5.6.x <5.6.4

May 16, 2022

Medium

CVE-2022-22970

Denial of Service

<5.2.22, >=5.3.0 <5.3.20

May 11, 2022

Medium

CVE-2022-22971

Denial of Service

<5.2.22, >=5.3.0 <5.3.20

May 11, 2022

Medium

CVE-2022-25844

ReDoS Vulnerability

>=1.7.0

May 1, 2022

Medium

CVE-2022-22968

Authorization Bypass

<5.2.21, >=5.3.0 <5.3.19

Apr 14, 2022

Critical

CVE-2022-22965

Remote Code Execution

<5.2.20, >=5.3.0 <5.3.18

Apr 1, 2022

Medium

CVE-2022-22950

Denial of Service

<5.2.20, >=5.3.0 <5.3.17

Apr 1, 2022

Low

CVE-2021-22112

Denial of Service

<5.2.9.RELEASE, >=5.3.0 <5.3.9.RELEASE, >=5.4.0 <5.4.4

Feb 19, 2021

High

CVE-2020-8161

Remote Code Execution

< 2.1.3 < 2.2.0 Applications that do not use Rack::Directory

Jul 20, 2020

High

CVE-2020-8163

Remote Code Execution

<= 5.0.0 Not affected: Applications that do not allow users to control the names of locals. <= 4.2.11.1

Jul 2, 2020

High

CVE-2020-8162

Authorization Bypass

<= 5.2.4.1 <= 6.0.3.0 Not affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.

Jun 19, 2020

Critical

CVE-2020-8165

Remote Code Execution

6.0.0 - <= 6.0.3.0 5.0.0 - <= 5.2.4.2

Jun 19, 2020

Medium

CVE-2020-7676

Cross-Site Scripting

<1.8.0

Jun 8, 2020

Medium

CVE-2020-7656

Cross-Site Scripting

<1.9.0

May 19, 2020

Critical

CVE-2020-8159

Remote Code Execution

Rails 3.x Rails 2.x Rails > 4.x if using actionpack_page-cache <= 1.2.0

May 12, 2020

Medium

CVE-2020-5408

Information Exposure

<4.2.16, >=5.0.0 <5.0.16, >=5.1.0 <5.1.10, >=5.2.0 <5.2.4, >=5.3.0 <5.3.2

May 7, 2020

Medium

CVE-2020-11023

Cross-Site Scripting

>=1.0.3 <3.5.0

Apr 29, 2020

Medium

CVE-2020-11022

Cross-Site Scripting

>=1.2.0 <3.5.0

Apr 29, 2020

Critical

CVE-2016-1000027

Remote Code Execution

<6.0.0

Jan 2, 2020

Critical

CVE-2019-10768

Cross-Site Scripting

<1.7.9

Nov 19, 2019

Low

CVE-2019-11272

Authorization Bypass

<4.2.13

Jun 19, 2019

Low

CVE-2019-3795

Information Exposure

<4.2.12, >=5.0.0 <5.0.12, >=5.1.0 <5.1.5

Apr 19, 2019

Medium

CVE-2019-11358

Cross-Site Scripting

>=1.1.4 <3.4.0

Apr 19, 2019

High

CVE-2019-5418

Information Exposure

6.0.0 - <= 6.0.0.beta2 5.2.0 - <= 5.2.2.0 All of 4.x prior to HeroDevs 4.2 LTS All of 3.x prior to HeroDevs 3.2 LTS All of 2.x prior to HeroDevs 2.3

Mar 27, 2019

Critical

CVE-2019-5420

Remote Code Execution

6.0.0.0 - <= 6.0.0.beta2 5.2.0.0 - <= 5.2.2.0

Mar 27, 2019

High

CVE-2019-5418

Information Exposure

6.0.0 - <= 6.0.0.beta2 5.2.0 - <= 5.2.2.0 All of 4.x prior to HeroDevs 4.2 LTS All of 3.x prior to HeroDevs 3.2 LTS All of 2.x prior to HeroDevs 2.3

Mar 27, 2019

Medium

CVE-2015-9251

Cross-Site Scripting

<1.12.2 >=1.12.3 <3.0.0

Jan 18, 2018

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Trusted by 600+ companies

Frequently Asked Questions

Get answers to some of our most commonly asked questions.
Of course, if you can't find the answer you're looking for, feel free to contact us.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Preferences Reject Accept

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Get a Custom Quote to Secure your End-of-Life Open Source

How can we reach out to you to send your custom quote?

Frequently Asked Questions

Get a Custom Quote
to Secure your End-of-Life Open Source