{"url":"http://public2.vulnerablecode.io/api/packages/12867?format=json","purl":"pkg:gem/activerecord@3.2.13","type":"gem","namespace":"","name":"activerecord","version":"3.2.13","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.1.5.2","latest_non_vulnerable_version":"8.0.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25626?format=json","vulnerability_id":"VCID-1ua6-6a16-9fde","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55193","reference_id":"","reference_type":"","scores":[{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77644","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55193","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55193"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106","reference_id":"1111106","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388446","reference_id":"2388446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388446"},{"reference_url":"https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290","reference_id":"3beef20013736fd52c5dcfdf061f7999ba318290","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290"},{"reference_url":"https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b","reference_id":"568c0bc2f1e74c65d150a84b89a080949bf9eb9b","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b"},{"reference_url":"https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202","reference_id":"6a944ca4805e72050a0fbb1a461534eb760d3202","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202"},{"reference_url":"https://github.com/advisories/GHSA-76r7-hhxj-r776","reference_id":"GHSA-76r7-hhxj-r776","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-76r7-hhxj-r776"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776","reference_id":"GHSA-76r7-hhxj-r776","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377617?format=json","purl":"pkg:gem/activerecord@7.1.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.1.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/823594?format=json","purl":"pkg:gem/activerecord@7.2.0.beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/377616?format=json","purl":"pkg:gem/activerecord@7.2.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/823601?format=json","purl":"pkg:gem/activerecord@8.0.0.beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/377615?format=json","purl":"pkg:gem/activerecord@8.0.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.2.1"}],"aliases":["CVE-2025-55193","GHSA-76r7-hhxj-r776"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ua6-6a16-9fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202850?format=json","vulnerability_id":"VCID-2b1z-1k24-kfb8","summary":"The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the \"typed XML\" feature and a MySQL database.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2013/02/06/7","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2013/02/06/7"},{"reference_url":"http://openwall.com/lists/oss-security/2013/04/24/7","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2013/04/24/7"},{"reference_url":"http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3221","reference_id":"","reference_type":"","scores":[{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65651","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml"},{"reference_url":"https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3221","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3221"},{"reference_url":"https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=954365","reference_id":"954365","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=954365"},{"reference_url":"https://github.com/advisories/GHSA-f57c-hx33-hvh8","reference_id":"GHSA-f57c-hx33-hvh8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f57c-hx33-hvh8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12616?format=json","purl":"pkg:gem/activerecord@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-a78m-qhav-13dm"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-nex8-cvgj-f7bc"},{"vulnerability":"VCID-runz-vm7e-a3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.0"}],"aliases":["CVE-2013-3221","GHSA-f57c-hx33-hvh8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2b1z-1k24-kfb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/493?format=json","vulnerability_id":"VCID-3qsf-qm7w-y7be","summary":"","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7577","reference_id":"","reference_type":"","scores":[{"value":"0.01209","scoring_system":"epss","scoring_elements":"0.7938","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/25/10","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/25/10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301957","reference_id":"1301957","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301957"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7577","reference_id":"CVE-2015-7577","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7577"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml","reference_id":"CVE-2015-7577.YML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml"},{"reference_url":"https://github.com/advisories/GHSA-xrr6-3pc4-m447","reference_id":"GHSA-xrr6-3pc4-m447","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrr6-3pc4-m447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0296","reference_id":"RHSA-2016:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0454","reference_id":"RHSA-2016:0454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0455","reference_id":"RHSA-2016:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12631?format=json","purl":"pkg:gem/activerecord@3.2.22.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.22.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12725?format=json","purl":"pkg:gem/activerecord@4.1.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-runz-vm7e-a3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12757?format=json","purl":"pkg:gem/activerecord@4.2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-runz-vm7e-a3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12686?format=json","purl":"pkg:gem/activerecord@5.0.0.beta1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-8ajf-ebxr-7bgf"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.0.0.beta1.1"}],"aliases":["CVE-2015-7577","GHSA-xrr6-3pc4-m447"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qsf-qm7w-y7be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111935?format=json","vulnerability_id":"VCID-74g9-svkp-h3f1","summary":"security update","references":[{"reference_url":"http://openwall.com/lists/oss-security/2014/07/02/5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/07/02/5"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0876.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0876.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3482","reference_id":"","reference_type":"","scores":[{"value":"0.01531","scoring_system":"epss","scoring_elements":"0.8172","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3482"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI"},{"reference_url":"http://www.debian.org/security/2014/dsa-2982","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1114425","reference_id":"1114425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1114425"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3482","reference_id":"CVE-2014-3482","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3482"},{"reference_url":"https://github.com/advisories/GHSA-mhwp-qhpc-h3jm","reference_id":"GHSA-mhwp-qhpc-h3jm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mhwp-qhpc-h3jm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0876","reference_id":"RHSA-2014:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12716?format=json","purl":"pkg:gem/activerecord@3.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.19"}],"aliases":["CVE-2014-3482","GHSA-mhwp-qhpc-h3jm","OSV-108664"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74g9-svkp-h3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12054?format=json","vulnerability_id":"VCID-c7qj-hcu8-p7hc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32224","reference_id":"","reference_type":"","scores":[{"value":"0.01944","scoring_system":"epss","scoring_elements":"0.83831","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a"},{"reference_url":"https://github.com/rails/rails/commits/main/activerecord","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commits/main/activerecord"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140","reference_id":"1016140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2108997","reference_id":"2108997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2108997"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32224","reference_id":"CVE-2022-32224","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32224"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml","reference_id":"CVE-2022-32224.YML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml"},{"reference_url":"https://github.com/advisories/GHSA-3hhc-qp5v-9p2j","reference_id":"GHSA-3hhc-qp5v-9p2j","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/"}],"url":"https://github.com/advisories/GHSA-3hhc-qp5v-9p2j"},{"reference_url":"https://security.gentoo.org/glsa/202408-24","reference_id":"GLSA-202408-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-24"},{"reference_url":"https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U","reference_id":"MmFO3LYQE8U","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/"}],"url":"https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0261","reference_id":"RHSA-2023:0261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1151","reference_id":"RHSA-2023:1151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25300?format=json","purl":"pkg:gem/activerecord@5.2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.2.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/575288?format=json","purl":"pkg:gem/activerecord@6.0.0.beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.0.beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/25292?format=json","purl":"pkg:gem/activerecord@6.0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/575300?format=json","purl":"pkg:gem/activerecord@6.1.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/25298?format=json","purl":"pkg:gem/activerecord@6.1.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/575314?format=json","purl":"pkg:gem/activerecord@7.0.0.alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.0.alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/25295?format=json","purl":"pkg:gem/activerecord@7.0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-ez3g-ygna-jkb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.3.1"}],"aliases":["CVE-2022-32224","GHSA-3hhc-qp5v-9p2j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7qj-hcu8-p7hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12570?format=json","vulnerability_id":"VCID-cvs8-ejdv-uqhy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44566","reference_id":"","reference_type":"","scores":[{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81785","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf"},{"reference_url":"https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b"},{"reference_url":"https://github.com/rails/rails/releases/tag/v6.1.7.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v6.1.7.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/releases/tag/v7.0.4.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml"},{"reference_url":"https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid"},{"reference_url":"https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44566","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44566"},{"reference_url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050","reference_id":"1030050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050"},{"reference_url":"https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html","reference_id":"2022-11-01-forcing-sequential-scans-on-postgresql.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/"}],"url":"https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164789","reference_id":"2164789","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164789"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119","reference_id":"82119","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119"},{"reference_url":"https://github.com/advisories/GHSA-579w-22j4-4749","reference_id":"GHSA-579w-22j4-4749","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-579w-22j4-4749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379982?format=json","purl":"pkg:gem/activerecord@6.1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/379983?format=json","purl":"pkg:gem/activerecord@7.0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.4.1"}],"aliases":["CVE-2022-44566","GHSA-579w-22j4-4749","GMS-2023-59"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvs8-ejdv-uqhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199866?format=json","vulnerability_id":"VCID-mxkb-wz2d-1kb5","summary":"Array data injection vulnerability in activerecord","references":[{"reference_url":"http://openwall.com/lists/oss-security/2014/02/18/9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2014/02/18/9"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0080","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48338","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0080"},{"reference_url":"https://github.com/rails/rails/tree/main/activerecord","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/tree/main/activerecord"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s"},{"reference_url":"https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065517","reference_id":"1065517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1065517"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0080","reference_id":"CVE-2014-0080","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0080"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml","reference_id":"CVE-2014-0080.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml"},{"reference_url":"https://github.com/advisories/GHSA-hqf9-rc9j-5fmj","reference_id":"GHSA-hqf9-rc9j-5fmj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hqf9-rc9j-5fmj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12652?format=json","purl":"pkg:gem/activerecord@4.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-34kh-7cbr-s7b9"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-runz-vm7e-a3fs"},{"vulnerability":"VCID-sth3-da79-67bt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/12723?format=json","purl":"pkg:gem/activerecord@4.1.0.beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-runz-vm7e-a3fs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.0.beta2"}],"aliases":["CVE-2014-0080","GHSA-hqf9-rc9j-5fmj","OSV-103438"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxkb-wz2d-1kb5"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178549?format=json","vulnerability_id":"VCID-rhyd-xbpb-wufa","summary":"Multiple vulnerabilities were found in Ruby on Rails, the worst of\n    which allowing for execution of arbitrary code.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0699.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0699.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0699","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1863","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1863"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1854","reference_id":"","reference_type":"","scores":[{"value":"0.01795","scoring_system":"epss","scoring_elements":"0.83171","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1854"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=921329","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=921329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854"},{"reference_url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE"},{"reference_url":"https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released"},{"reference_url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-1854","reference_id":"CVE-2013-1854","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-1854"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1854","reference_id":"CVE-2013-1854","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1854"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml","reference_id":"CVE-2013-1854.YML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml"},{"reference_url":"https://github.com/advisories/GHSA-3crr-9vmg-864v","reference_id":"GHSA-3crr-9vmg-864v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3crr-9vmg-864v"},{"reference_url":"https://security.gentoo.org/glsa/201412-28","reference_id":"GLSA-201412-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12774?format=json","purl":"pkg:gem/activerecord@2.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@2.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/12811?format=json","purl":"pkg:gem/activerecord@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18n5-8cur-m7ae"},{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-39m4-12ms-skh2"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-3ser-nhqn-mbar"},{"vulnerability":"VCID-72jm-58dq-mub5"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-a78m-qhav-13dm"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-fbrw-bbm6-fbhp"},{"vulnerability":"VCID-pbgu-3zaj-ukay"},{"vulnerability":"VCID-rd4z-yncp-qkfu"},{"vulnerability":"VCID-sfaa-e8am-x7gn"},{"vulnerability":"VCID-u2gv-wvdc-tfbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12780?format=json","purl":"pkg:gem/activerecord@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/12867?format=json","purl":"pkg:gem/activerecord@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ua6-6a16-9fde"},{"vulnerability":"VCID-2b1z-1k24-kfb8"},{"vulnerability":"VCID-3qsf-qm7w-y7be"},{"vulnerability":"VCID-74g9-svkp-h3f1"},{"vulnerability":"VCID-c7qj-hcu8-p7hc"},{"vulnerability":"VCID-cvs8-ejdv-uqhy"},{"vulnerability":"VCID-mxkb-wz2d-1kb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13"}],"aliases":["CVE-2013-1854","GHSA-3crr-9vmg-864v","OSV-91453"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhyd-xbpb-wufa"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@3.2.13"}