Search for packages
| purl | pkg:gem/activerecord@4.1 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2efj-tf8d-dfck
Aliases: CVE-2014-3514 GHSA-9rf5-jm6f-2fmm |
Strong Parameter bypass with create_with The `create_with` functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection. |
Affected by 12 other vulnerabilities. |
|
VCID-3m2y-wy1w-n7h1
Aliases: CVE-2014-3483 GHSA-r8fh-hq2p-7qhq OSV-108665 |
SQL Injection Vulnerabilities Affecting PostgreSQL SQLi vulnerability in activerecord. |
Affected by 14 other vulnerabilities. |
|
VCID-n5fx-u6fs-vydu
Aliases: CVE-2014-0080 GHSA-hqf9-rc9j-5fmj OSV-103438 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:18:32.824074+00:00 | Ruby Importer | Affected by | VCID-2efj-tf8d-dfck | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml | 38.0.0 |
| 2026-04-01T15:18:32.551601+00:00 | Ruby Importer | Affected by | VCID-n5fx-u6fs-vydu | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml | 38.0.0 |
| 2026-04-01T15:18:32.383995+00:00 | Ruby Importer | Affected by | VCID-3m2y-wy1w-n7h1 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml | 38.0.0 |