Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/actionview@8.0.0.beta1
purl pkg:gem/actionview@8.0.0.beta1
Next non-vulnerable version 8.0.4.1
Latest non-vulnerable version 8.1.2.1
Risk 2.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-96qr-hdbp-p7ff
Aliases:
CVE-2026-33168
GHSA-v55j-83pf-r9cq
Rails has a possible XSS vulnerability in its Action View tag helpers ### Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Applications that allow users to specify custom HTML attributes are affected. ### Releases The fixed releases are available at the normal locations.
8.0.4.1
Affected by 0 other vulnerabilities.
8.1.2.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-02T17:01:20.644101+00:00 GHSA Importer Affected by VCID-96qr-hdbp-p7ff https://github.com/advisories/GHSA-v55j-83pf-r9cq 38.1.0