Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

activerecord vulnerabilities and exploits

(subscribe to this query)
8.8
CVSSv3

CVE-2023-22794

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds ann...
* Https //github.com/rails/railsActiverecord Project Activerecord
7.5
CVSSv3

CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing ...
* Https //github.com/rails/railsActiverecord Project Activerecord
9.8
CVSSv3

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to esca...
* Https //github.com/rails/railsActiverecord Project Activerecord
9.8
CVSSv3

CVE-2022-35956

This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to ...
Camilova Activerecord-update-by-caseUpdate By Case Project Update By Case
5
CVSSv2

CVE-2013-1854

The Active Record component in Ruby on Rails 2.3.x prior to 2.3.18, 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote malicious users to cause a denial of service via crafted input to a where method.
Rubyonrails Rails 2.3.0Rubyonrails Rails 2.3.1Rubyonrails Rails 2.3.2Rubyonrails Rails 2.3.3Rubyonrails Rails 2.3.4Rubyonrails Rails 2.3.9Rubyonrails Rails 2.3.10Rubyonrails Rails 2.3.11Rubyonrails Rails 2.3.12Rubyonrails Rails 2.3.13Rubyonrails Rails 2.3.14Rubyonrails Rails 2.3.15
4.3
CVSSv2

CVE-2007-3227

Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote malicious users to inject arbitrary web script via the input values.
Rubyonrails Rails 1.1.5
7.5
CVSSv2

CVE-2008-4094

Multiple SQL injection vulnerabilities in Ruby on Rails prior to 2.1.1 allow remote malicious users to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
Rubyonrails Rails 0.9.1Rubyonrails Rails 0.9.2Rubyonrails Rails 0.9.3Rubyonrails Rails 0.9.4Rubyonrails Rails 0.9.4.1Rubyonrails Rails 0.10.0Rubyonrails Rails 0.10.1Rubyonrails Rails 0.11.0Rubyonrails Rails 0.11.1Rubyonrails Rails 0.12.0Rubyonrails Rails 0.12.1Rubyonrails Rails 0.13.0
6.8
CVSSv2

CVE-2014-0080

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x prior to 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote malicious users to execute "add data" SQL commands via ve...
Rubyonrails Rails 4.0.0Rubyonrails Rails 4.0.1Rubyonrails Rails 4.0.2Rubyonrails Rails 4.1.0
4.3
CVSSv2

CVE-2013-0276

ActiveRecord in Ruby on Rails prior to 2.3.17, 3.1.x prior to 3.1.11, and 3.2.x prior to 3.2.12 allows remote malicious users to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
Rubyonrails Rails 3.2.0Rubyonrails Rails 3.2.1Rubyonrails Rails 3.2.2Rubyonrails Rails 3.2.3Rubyonrails Rails 3.2.4Rubyonrails Rails 3.2.5Rubyonrails Rails 3.2.6Rubyonrails Rails 3.2.7Rubyonrails Rails 3.2.8Rubyonrails Rails 3.2.9Rubyonrails Rails 3.2.10Rubyonrails Rails 3.2.11
10
CVSSv2

CVE-2013-0277

ActiveRecord in Ruby on Rails prior to 2.3.17 and 3.x prior to 3.1.0 allows remote malicious users to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
Rubyonrails Rails 3.0.0Rubyonrails Rails 3.0.1Rubyonrails Rails 3.0.2Rubyonrails Rails 3.0.3Rubyonrails Rails 3.0.4Rubyonrails Rails 3.0.5Rubyonrails Rails 3.0.6Rubyonrails Rails 3.0.7Rubyonrails Rails 3.0.8Rubyonrails Rails 3.0.9Rubyonrails Rails 3.0.10Rubyonrails Rails 3.0.11
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-49820firefoxnet/httpCVE-2025-49816konsolefile inclusionCVE-2025-33053theeventscalendarCVE-2025-49822CVE-2025-3052XXEHTML injectionCVE-2025-5959
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook