Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/activerecord@6.0.0

Type gem

Namespace

Name activerecord

Version 6.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.0.5.1

Latest_non_vulnerable_version 7.0.4.1

Affected_by_vulnerabilities

url VCID-2bpy-kbwe-zbg8

vulnerability_id VCID-2bpy-kbwe-zbg8

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32224

reference_id

reference_type

scores

value	0.01897
scoring_system	epss
scoring_elements	0.83537
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32224

reference_url	https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
reference_id
reference_type
scores
url	https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

reference_url	https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a

reference_url	https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
reference_id
reference_type
scores
url	https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

reference_url	https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-32224
reference_id	CVE-2022-32224
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-32224

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml
reference_id	CVE-2022-32224.YML
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml

reference_url

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

reference_id

GHSA-3hhc-qp5v-9p2j

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

fixed_packages

url	pkg:gem/activerecord@6.0.5.1
purl	pkg:gem/activerecord@6.0.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.5.1

url	pkg:gem/activerecord@6.1.6.1
purl	pkg:gem/activerecord@6.1.6.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.6.1

url	pkg:gem/activerecord@7.0.3.1
purl	pkg:gem/activerecord@7.0.3.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.3.1

aliases CVE-2022-32224, GHSA-3hhc-qp5v-9p2j

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bpy-kbwe-zbg8

url VCID-rzeh-ft6v-h7bv

vulnerability_id VCID-rzeh-ft6v-h7bv

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22794

reference_id

reference_type

scores

value	0.05757
scoring_system	epss
scoring_elements	0.90598
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22794

reference_url	https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117
reference_id
reference_type
scores
url	https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117

reference_url	https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
url	https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-22794
reference_id	CVE-2023-22794
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-22794

reference_url	https://github.com/advisories/GHSA-hq7p-j377-6v63
reference_id	GHSA-hq7p-j377-6v63
reference_type
scores
url	https://github.com/advisories/GHSA-hq7p-j377-6v63

fixed_packages

url	pkg:gem/activerecord@6.0.6.1
purl	pkg:gem/activerecord@6.0.6.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.6.1

url	pkg:gem/activerecord@6.1.7.1
purl	pkg:gem/activerecord@6.1.7.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.7.1

url	pkg:gem/activerecord@7.0.4.1
purl	pkg:gem/activerecord@7.0.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.4.1

aliases CVE-2023-22794, GHSA-hq7p-j377-6v63, GMS-2023-60

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rzeh-ft6v-h7bv

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.0

Package Instance