Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.
Talk to Our Experts
Get Pricing
Arrow down
Search here
Clear
Filter by Severity
Clear
Filter by Technology
Sign up for the latest vulnerability alerts
Rss feed icon
Subscribe via RSS
or
Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Open in new tab icon
CVE-2019-5418
Rails
Ruby on Rails Framework
Information Exposure
6.0.0 - <= 6.0.0.beta2 5.2.0 - <= 5.2.2.0 All of 4.x prior to HeroDevs 4.2 LTS All of 3.x prior to HeroDevs 3.2 LTS All of 2.x prior to HeroDevs 2.3
Mar 27, 2019
Critical
Open in new tab icon
CVE-2019-5420
Rails
Ruby on Rails Framework
Remote Code Execution
6.0.0.0 - <= 6.0.0.beta2 5.2.0.0 - <= 5.2.2.0
Mar 27, 2019
High
Open in new tab icon
CVE-2019-5418
Rails
Ruby on Rails Framework
No items found.
6.0.0 - <= 6.0.0.beta2 5.2.0 - <= 5.2.2.0 All of 4.x prior to HeroDevs 4.2 LTS All of 3.x prior to HeroDevs 3.2 LTS All of 2.x prior to HeroDevs 2.3
Mar 27, 2019
Medium
Open in new tab icon
CVE-2015-9251
jQuery
jQuery
Cross-Site Scripting
<1.12.2 >=1.12.3 <3.0.0
Jan 18, 2018
Critical
Open in new tab icon
CVE-2017-5638
Struts
Apache Struts 2
Command Injection
>= 2.3.5 - <2.3.31, >=2.5 - <2.5.10
Mar 16, 2017
High
Open in new tab icon
CVE-2016-3081
Struts
Apache Struts
Remote Code Execution
>=2.3.19 <2.3.20.3, >=2.3.21 <2.3.24.3, >=2.3.25 <2.3.28.1
Apr 20, 2016
High
Open in new tab icon
CVE-2016-2098
Rails
Ruby on Rails Framework
Remote Code Execution
<= 3.2.22.1 <= 4.1.14.1 <= 4.2.5.1
Apr 7, 2016
High
Open in new tab icon
CVE-2015-7581
Rails
Ruby on Rails Framework
Cross-Site Scripting
< 5.0.0.beta1 <= 4.2.5.0 <= 4.1.14.0
Feb 15, 2016
High
Open in new tab icon
CVE-2014-3483
Rails
Ruby on Rails Framework
Denial of Service
<=4.0.6 <=4.1.3 Only for instances using PostgreSQL
Jul 7, 2014
High
Open in new tab icon
CVE-2014-0097
Spring
Spring Security
Authorization Bypass
>=3.1.0 <3.1.6, >=3.2.0 <3.2.2
Mar 11, 2014
Medium
Open in new tab icon
CVE-2014-0094
Struts
Apache Struts
Remote Code Execution
>=2.0.0, <2.3.16.2
Mar 6, 2014
Critical
Open in new tab icon
CVE-2013-0277
Rails
Ruby on Rails Framework
Remote Code Execution
3.0.0 - <3.1.0 2.0.0 - <2.3.17
Feb 12, 2013
High
Open in new tab icon
CVE-2013-0156
Rails
Ruby on Rails Framework
Remote Code Execution
<= 2.3.15 <= 3.0.19 <= 3.1.9 <= 3.2.10 Not affected: • applications using the yajl gem
Jan 13, 2013
Medium
Open in new tab icon
CVE-2012-5055
Spring
Spring Security
Authorization Bypass
<2.0.9, >=3.0.0, <3.0.9, >=3.1.0, <3.1.4
Dec 12, 2012
High
Open in new tab icon
CVE-2012-2695
Rails
Ruby on Rails Framework
Command Injection
<=3.2.5 <=3.1.5 <=3.0.13
Jun 22, 2012
Exclamation icon
No results found

Please enter a valid Vulnerability ID number or Technology name.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Manage Consent Preferences by Category
Essentials
Always active

Necessary for the site to function. Always On.

Used for targeted advertising.

Remembers your preferences and provides enhanced features.

Measures usage and improves your experience.

Reject AllAccept All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.