Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/activerecord@5.2.4.2
Typegem
Namespace
Nameactiverecord
Version5.2.4.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.1.5.2
Latest_non_vulnerable_version8.0.2.1
Affected_by_vulnerabilities
0
url VCID-5qu2-b8gt-7qe3
vulnerability_id VCID-5qu2-b8gt-7qe3
summary 
Active Record subject to Regular Expression Denial-of-Service (ReDoS)
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22880
reference_id
reference_type
scores
0
value 0.02459
scoring_system epss
scoring_elements 0.85168
published_at 2026-04-01T12:55:00Z
1
value 0.02459
scoring_system epss
scoring_elements 0.85229
published_at 2026-04-09T12:55:00Z
2
value 0.02459
scoring_system epss
scoring_elements 0.85221
published_at 2026-04-08T12:55:00Z
3
value 0.02459
scoring_system epss
scoring_elements 0.85199
published_at 2026-04-07T12:55:00Z
4
value 0.02459
scoring_system epss
scoring_elements 0.85197
published_at 2026-04-04T12:55:00Z
5
value 0.02459
scoring_system epss
scoring_elements 0.85179
published_at 2026-04-02T12:55:00Z
6
value 0.02599
scoring_system epss
scoring_elements 0.85636
published_at 2026-04-18T12:55:00Z
7
value 0.02599
scoring_system epss
scoring_elements 0.85616
published_at 2026-04-11T12:55:00Z
8
value 0.02599
scoring_system epss
scoring_elements 0.85612
published_at 2026-04-12T12:55:00Z
9
value 0.02599
scoring_system epss
scoring_elements 0.85608
published_at 2026-04-13T12:55:00Z
10
value 0.02599
scoring_system epss
scoring_elements 0.85631
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22880
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
5
reference_url https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml
9
reference_url https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
10
reference_url https://hackerone.com/reports/1023899
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1023899
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22880
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22880
16
reference_url https://security.netapp.com/advisory/ntap-20210805-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210805-0009
17
reference_url https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210805-0009/
18
reference_url https://www.debian.org/security/2021/dsa-4929
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4929
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1930102
reference_id 1930102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1930102
20
reference_url https://github.com/advisories/GHSA-8hc4-xxm3-5ppp
reference_id GHSA-8hc4-xxm3-5ppp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8hc4-xxm3-5ppp
fixed_packages
0
url pkg:gem/activerecord@5.2.4.5
purl pkg:gem/activerecord@5.2.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n8r7-wthv-fqaj
1
vulnerability VCID-sygb-mygd-s3gb
2
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.2.4.5
1
url pkg:gem/activerecord@6.0.3.5
purl pkg:gem/activerecord@6.0.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n8r7-wthv-fqaj
1
vulnerability VCID-sygb-mygd-s3gb
2
vulnerability VCID-t9yh-ss8z-e3cb
3
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.3.5
2
url pkg:gem/activerecord@6.1.2.1
purl pkg:gem/activerecord@6.1.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n8r7-wthv-fqaj
1
vulnerability VCID-sygb-mygd-s3gb
2
vulnerability VCID-t9yh-ss8z-e3cb
3
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.2.1
aliases CVE-2021-22880, GHSA-8hc4-xxm3-5ppp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qu2-b8gt-7qe3
1
url VCID-n8r7-wthv-fqaj
vulnerability_id VCID-n8r7-wthv-fqaj
summary 
Active Record RCE bug with Serialized Columns
When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE.

There are no feasible workarounds for this issue, but other coders (such as JSON) are not impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-32224
reference_id
reference_type
scores
0
value 0.01864
scoring_system epss
scoring_elements 0.83096
published_at 2026-04-18T12:55:00Z
1
value 0.01864
scoring_system epss
scoring_elements 0.83009
published_at 2026-04-02T12:55:00Z
2
value 0.01864
scoring_system epss
scoring_elements 0.83023
published_at 2026-04-04T12:55:00Z
3
value 0.01864
scoring_system epss
scoring_elements 0.8302
published_at 2026-04-07T12:55:00Z
4
value 0.01864
scoring_system epss
scoring_elements 0.83045
published_at 2026-04-08T12:55:00Z
5
value 0.01864
scoring_system epss
scoring_elements 0.83052
published_at 2026-04-09T12:55:00Z
6
value 0.01864
scoring_system epss
scoring_elements 0.83068
published_at 2026-04-11T12:55:00Z
7
value 0.01864
scoring_system epss
scoring_elements 0.83062
published_at 2026-04-12T12:55:00Z
8
value 0.01864
scoring_system epss
scoring_elements 0.83057
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-32224
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224
3
reference_url https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/
url https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
6
reference_url https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a
7
reference_url https://github.com/rails/rails/commits/main/activerecord
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commits/main/activerecord
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml
9
reference_url https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/
url https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-32224
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-32224
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140
reference_id 1016140
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2108997
reference_id 2108997
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2108997
13
reference_url https://security.gentoo.org/glsa/202408-24
reference_id GLSA-202408-24
reference_type
scores
url https://security.gentoo.org/glsa/202408-24
14
reference_url https://access.redhat.com/errata/RHSA-2023:0261
reference_id RHSA-2023:0261
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0261
15
reference_url https://access.redhat.com/errata/RHSA-2023:1151
reference_id RHSA-2023:1151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1151
16
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
fixed_packages
0
url pkg:gem/activerecord@5.2.8.1
purl pkg:gem/activerecord@5.2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sygb-mygd-s3gb
1
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.2.8.1
1
url pkg:gem/activerecord@6.0.5.1
purl pkg:gem/activerecord@6.0.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sygb-mygd-s3gb
1
vulnerability VCID-t9yh-ss8z-e3cb
2
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.5.1
2
url pkg:gem/activerecord@6.1.6.1
purl pkg:gem/activerecord@6.1.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sygb-mygd-s3gb
1
vulnerability VCID-t9yh-ss8z-e3cb
2
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.6.1
3
url pkg:gem/activerecord@7.0.3.1
purl pkg:gem/activerecord@7.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sygb-mygd-s3gb
1
vulnerability VCID-t9yh-ss8z-e3cb
2
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.3.1
aliases CVE-2022-32224, GHSA-3hhc-qp5v-9p2j, GMS-2022-3029
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8r7-wthv-fqaj
2
url VCID-sygb-mygd-s3gb
vulnerability_id VCID-sygb-mygd-s3gb
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44566
reference_id
reference_type
scores
0
value 0.02421
scoring_system epss
scoring_elements 0.85153
published_at 2026-04-18T12:55:00Z
1
value 0.02421
scoring_system epss
scoring_elements 0.8515
published_at 2026-04-16T12:55:00Z
2
value 0.02421
scoring_system epss
scoring_elements 0.85129
published_at 2026-04-13T12:55:00Z
3
value 0.02421
scoring_system epss
scoring_elements 0.85132
published_at 2026-04-12T12:55:00Z
4
value 0.02421
scoring_system epss
scoring_elements 0.85134
published_at 2026-04-11T12:55:00Z
5
value 0.02421
scoring_system epss
scoring_elements 0.8512
published_at 2026-04-09T12:55:00Z
6
value 0.02421
scoring_system epss
scoring_elements 0.85113
published_at 2026-04-08T12:55:00Z
7
value 0.02421
scoring_system epss
scoring_elements 0.85091
published_at 2026-04-07T12:55:00Z
8
value 0.02421
scoring_system epss
scoring_elements 0.8507
published_at 2026-04-02T12:55:00Z
9
value 0.02421
scoring_system epss
scoring_elements 0.85087
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44566
2
reference_url https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/
url https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566
4
reference_url https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/
url https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
7
reference_url https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf
8
reference_url https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b
9
reference_url https://github.com/rails/rails/releases/tag/v6.1.7.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.7.1
10
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
11
reference_url https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid
12
reference_url https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15
13
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164789
reference_id 2164789
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164789
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44566
reference_id CVE-2022-44566
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44566
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml
reference_id CVE-2022-44566.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml
18
reference_url https://github.com/advisories/GHSA-579w-22j4-4749
reference_id GHSA-579w-22j4-4749
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-579w-22j4-4749
19
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/activerecord@6.1.7.1
purl pkg:gem/activerecord@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.7.1
1
url pkg:gem/activerecord@7.0.4.1
purl pkg:gem/activerecord@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.4.1
aliases CVE-2022-44566, GHSA-579w-22j4-4749, GMS-2023-59
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sygb-mygd-s3gb
3
url VCID-zqzx-avvt-wkhm
vulnerability_id VCID-zqzx-avvt-wkhm
summary 
Active Record logging vulnerable to ANSI escape injection
This vulnerability has been assigned the CVE identifier CVE-2025-55193

### Impact
The ID passed to `find` or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences.

### Releases
The fixed releases are available at the normal locations.

### Credits

Thanks to [lio346](https://hackerone.com/lio346) from Unit 515 of OPSWAT for reporting this vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55193
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33396
published_at 2026-04-09T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.33363
published_at 2026-04-08T12:55:00Z
2
value 0.00136
scoring_system epss
scoring_elements 0.33317
published_at 2026-04-07T12:55:00Z
3
value 0.00136
scoring_system epss
scoring_elements 0.33475
published_at 2026-04-04T12:55:00Z
4
value 0.00136
scoring_system epss
scoring_elements 0.33444
published_at 2026-04-02T12:55:00Z
5
value 0.00136
scoring_system epss
scoring_elements 0.3337
published_at 2026-04-16T12:55:00Z
6
value 0.00136
scoring_system epss
scoring_elements 0.33335
published_at 2026-04-13T12:55:00Z
7
value 0.00136
scoring_system epss
scoring_elements 0.33358
published_at 2026-04-12T12:55:00Z
8
value 0.00136
scoring_system epss
scoring_elements 0.334
published_at 2026-04-11T12:55:00Z
9
value 0.00148
scoring_system epss
scoring_elements 0.35258
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55193
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
6
reference_url https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b
7
reference_url https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
8
reference_url https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/
url https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55193
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55193
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106
reference_id 1111106
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2388446
reference_id 2388446
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2388446
13
reference_url https://github.com/advisories/GHSA-76r7-hhxj-r776
reference_id GHSA-76r7-hhxj-r776
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76r7-hhxj-r776
fixed_packages
0
url pkg:gem/activerecord@7.1.5.2
purl pkg:gem/activerecord@7.1.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.1.5.2
1
url pkg:gem/activerecord@7.2.0.beta1
purl pkg:gem/activerecord@7.2.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.0.beta1
2
url pkg:gem/activerecord@7.2.2.2
purl pkg:gem/activerecord@7.2.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.2.2
3
url pkg:gem/activerecord@8.0.0.beta1
purl pkg:gem/activerecord@8.0.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zqzx-avvt-wkhm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.0.beta1
4
url pkg:gem/activerecord@8.0.2.1
purl pkg:gem/activerecord@8.0.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.2.1
aliases CVE-2025-55193, GHSA-76r7-hhxj-r776
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqzx-avvt-wkhm
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.2.4.2