CVE-2025-25184
Medium
CVE-2025-25184
Improper Output Neutralization for Logs
<2.2.11, <3.0.12, <3.1.10
February 14, 2025
CVE-2024-26142
High
CVE-2024-26142
Denial of Service
7.1.0.0 to 7.1.3.0
February 27, 2024
CVE-2023-22794
High
CVE-2023-22794
Remote Code Execution
<=6.0.6.0 <=6.1.7.0 <=7.0.4.0
February 9, 2023
CVE-2020-8163
High
CVE-2020-8163
Remote Code Execution
<= 5.0.0 Not affected: Applications that do not allow users to control the names of locals. <= 4.2.11.1
July 2, 2020
CVE-2020-8162
High
CVE-2020-8162
Authorization Bypass
<= 5.2.4.1 <= 6.0.3.0 Not affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.
June 19, 2020
CVE-2020-8161
High
CVE-2020-8161
Remote Code Execution
< 2.1.3 < 2.2.0 Applications that do not use Rack::Directory
July 20, 2020
CVE-2019-5418
High
CVE-2019-5418
Information Exposure
6.0.0 - <= 6.0.0.beta2 5.2.0 - <= 5.2.2.0 All of 4.x prior to HeroDevs 4.2 LTS All of 3.x prior to HeroDevs 3.2 LTS All of 2.x prior to HeroDevs 2.3
March 27, 2019
CVE-2016-2098
High
CVE-2016-2098
Remote Code Execution
<= 3.2.22.1 <= 4.1.14.1 <= 4.2.5.1
April 7, 2016
CVE-2015-7581
High
CVE-2015-7581
Cross-Site Scripting
< 5.0.0.beta1 <= 4.2.5.0 <= 4.1.14.0
February 15, 2016
CVE-2014-3483
High
CVE-2014-3483
Denial of Service
<=4.0.6 <=4.1.3 Only for instances using PostgreSQL
July 7, 2014
CVE-2014-3482
High
CVE-2014-3482
Denial of Service
<=3.2.18 Only for instances using PostgreSQL
July 7, 2024
CVE-2013-0156
High
CVE-2013-0156
Remote Code Execution
<= 2.3.15 <= 3.0.19 <= 3.1.9 <= 3.2.10 Not affected: • applications using the yajl gem
January 13, 2013
CVE-2012-2695
High
CVE-2012-2695
Command Injection
<=3.2.5 <=3.1.5 <=3.0.13
June 22, 2012
CVE-2022-30123
Critical
CVE-2022-30123
Remote Code Execution
2.2.0.0 - <=2.2.3.0 2.1.0.0 - <=2.1.4.0 2.0.0.0 - <=2.0.9.0
December 5, 2022
CVE-2022-21831
Critical
CVE-2022-21831
Remote Code Execution
7.0.0.0 - <= 7.0.2.2 6.1.0.0 - <= 6.1.4.6 6.0.0.0 - <= 6.0.4.6 5.2.0.0 - <= 5.2.6.2
May 26, 2022
CVE-2020-8165
Critical
CVE-2020-8165
Remote Code Execution
6.0.0 - <= 6.0.3.0 5.0.0 - <= 5.2.4.2
June 19, 2020
CVE-2020-8159
Critical
CVE-2020-8159
Remote Code Execution
Rails 3.x Rails 2.x Rails > 4.x if using actionpack_page-cache <= 1.2.0
May 12, 2020
CVE-2019-5420
Critical
CVE-2019-5420
Remote Code Execution
6.0.0.0 - <= 6.0.0.beta2 5.2.0.0 - <= 5.2.2.0
March 27, 2019
CVE-2019-5418
High
CVE-2019-5418
Information Exposure
6.0.0 - <= 6.0.0.beta2 5.2.0 - <= 5.2.2.0 All of 4.x prior to HeroDevs 4.2 LTS All of 3.x prior to HeroDevs 3.2 LTS All of 2.x prior to HeroDevs 2.3
March 27, 2019
CVE-2013-0277
Critical
CVE-2013-0277
Remote Code Execution
3.0.0 - <3.1.0 2.0.0 - <2.3.17
February 12, 2013