Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rails@1.2.2
Typegem
Namespace
Namerails
Version1.2.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.1.7.7
Latest_non_vulnerable_version7.1.3.1
Affected_by_vulnerabilities
0
url VCID-2s57-9frf-4qhk
vulnerability_id VCID-2s57-9frf-4qhk
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22904
reference_id
reference_type
scores
0
value 0.03338
scoring_system epss
scoring_elements 0.87617
published_at 2026-06-14T12:55:00Z
1
value 0.03338
scoring_system epss
scoring_elements 0.87621
published_at 2026-06-13T12:55:00Z
2
value 0.03338
scoring_system epss
scoring_elements 0.87615
published_at 2026-06-12T12:55:00Z
3
value 0.03338
scoring_system epss
scoring_elements 0.87573
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22904
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
5
reference_url https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/releases/tag/v5.2.4.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v5.2.4.6
9
reference_url https://github.com/rails/rails/releases/tag/v5.2.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v5.2.6
10
reference_url https://github.com/rails/rails/releases/tag/v6.0.3.7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.0.3.7
11
reference_url https://github.com/rails/rails/releases/tag/v6.1.3.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.3.2
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml
13
reference_url https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
14
reference_url https://hackerone.com/reports/1101125
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1101125
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22904
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22904
16
reference_url https://security.netapp.com/advisory/ntap-20210805-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210805-0009
17
reference_url https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210805-0009/
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1961379
reference_id 1961379
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1961379
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id 988214
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
20
reference_url https://security.archlinux.org/AVG-1920
reference_id AVG-1920
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1920
21
reference_url https://security.archlinux.org/AVG-1921
reference_id AVG-1921
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1921
22
reference_url https://security.archlinux.org/AVG-2090
reference_id AVG-2090
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2090
23
reference_url https://security.archlinux.org/AVG-2223
reference_id AVG-2223
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2223
24
reference_url https://github.com/advisories/GHSA-7wjx-3g7j-8584
reference_id GHSA-7wjx-3g7j-8584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7wjx-3g7j-8584
25
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
fixed_packages
0
url pkg:gem/rails@5.2.4.6
purl pkg:gem/rails@5.2.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3e1p-t61q-xfft
2
vulnerability VCID-aa3d-r7aw-ykcp
3
vulnerability VCID-fnx8-28wd-qqgx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.6
1
url pkg:gem/rails@5.2.6
purl pkg:gem/rails@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3e1p-t61q-xfft
2
vulnerability VCID-aa3d-r7aw-ykcp
3
vulnerability VCID-fnx8-28wd-qqgx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.6
2
url pkg:gem/rails@6.0.3.7
purl pkg:gem/rails@6.0.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3e1p-t61q-xfft
2
vulnerability VCID-4j57-xdw3-a7em
3
vulnerability VCID-aa3d-r7aw-ykcp
4
vulnerability VCID-fnx8-28wd-qqgx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.7
3
url pkg:gem/rails@6.1.3.2
purl pkg:gem/rails@6.1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2uka-fwza-dyfc
1
vulnerability VCID-3e1p-t61q-xfft
2
vulnerability VCID-4j57-xdw3-a7em
3
vulnerability VCID-aa3d-r7aw-ykcp
4
vulnerability VCID-f5mb-arn4-skau
5
vulnerability VCID-fnx8-28wd-qqgx
6
vulnerability VCID-tnty-pw45-4ug3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.3.2
aliases CVE-2021-22904, GHSA-7wjx-3g7j-8584
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2s57-9frf-4qhk
1
url VCID-5426-pjkr-9udh
vulnerability_id VCID-5426-pjkr-9udh
summary 
Several vulnerabilities were found in Ruby on Rails allowing for file
    disclosure and theft of user credentials.
references
0
reference_url http://bugs.gentoo.org/show_bug.cgi?id=195315
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.gentoo.org/show_bug.cgi?id=195315
1
reference_url http://dev.rubyonrails.org/ticket/8371
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://dev.rubyonrails.org/ticket/8371
2
reference_url http://osvdb.org/36378
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://osvdb.org/36378
3
reference_url http://pastie.caboo.se/65550.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://pastie.caboo.se/65550.txt
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-3227
reference_id
reference_type
scores
0
value 0.13946
scoring_system epss
scoring_elements 0.94507
published_at 2026-06-12T12:55:00Z
1
value 0.13946
scoring_system epss
scoring_elements 0.94513
published_at 2026-06-13T12:55:00Z
2
value 0.13946
scoring_system epss
scoring_elements 0.94514
published_at 2026-06-14T12:55:00Z
3
value 0.13946
scoring_system epss
scoring_elements 0.94488
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-3227
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227
6
reference_url http://secunia.com/advisories/25699
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/25699
7
reference_url http://secunia.com/advisories/27657
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/27657
8
reference_url http://secunia.com/advisories/27756
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/27756
9
reference_url http://security.gentoo.org/glsa/glsa-200711-17.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200711-17.xml
10
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
11
reference_url http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release
12
reference_url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
13
reference_url http://www.novell.com/linux/security/advisories/2007_24_sr.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.novell.com/linux/security/advisories/2007_24_sr.html
14
reference_url http://www.securityfocus.com/bid/24161
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/24161
15
reference_url http://www.vupen.com/english/advisories/2007/2216
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2007/2216
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177
reference_id 429177
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-3227
reference_id CVE-2007-3227
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-3227
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt
reference_id CVE-2007-3227;OSVDB-36378
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt
19
reference_url https://www.securityfocus.com/bid/24161/info
reference_id CVE-2007-3227;OSVDB-36378
reference_type exploit
scores
url https://www.securityfocus.com/bid/24161/info
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml
reference_id CVE-2007-3227.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml
21
reference_url https://github.com/advisories/GHSA-gm25-fpmr-43fj
reference_id GHSA-gm25-fpmr-43fj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-gm25-fpmr-43fj
22
reference_url https://security.gentoo.org/glsa/200711-17
reference_id GLSA-200711-17
reference_type
scores
url https://security.gentoo.org/glsa/200711-17
fixed_packages
0
url pkg:gem/rails@1.2.5
purl pkg:gem/rails@1.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-56hv-j97k-w3dr
2
vulnerability VCID-6k5n-qveq-mkhj
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a67r-11ec-zffe
6
vulnerability VCID-a8d2-vazh-gqbz
7
vulnerability VCID-ajy4-eqvj-4ydd
8
vulnerability VCID-akcz-6jhs-7bdq
9
vulnerability VCID-b8tc-n7vg-wkdd
10
vulnerability VCID-bqps-e1sm-xkhe
11
vulnerability VCID-bz3f-a6me-a3hh
12
vulnerability VCID-cgfh-yfn7-7ke9
13
vulnerability VCID-d2nk-gbfb-v3g3
14
vulnerability VCID-dh8c-nqyp-u7b7
15
vulnerability VCID-fnx8-28wd-qqgx
16
vulnerability VCID-fry8-r6k2-auf2
17
vulnerability VCID-gyq7-xde5-sfea
18
vulnerability VCID-j5mt-ph5q-bqa6
19
vulnerability VCID-kqsm-qvtq-4kc6
20
vulnerability VCID-swdv-dnen-r7gw
21
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.5
aliases CVE-2007-3227, GHSA-gm25-fpmr-43fj, OSV-36378
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5426-pjkr-9udh
2
url VCID-56hv-j97k-w3dr
vulnerability_id VCID-56hv-j97k-w3dr
summary 
Multiple vulnerabilities were found in Ruby on Rails, the worst of
    which allowing for execution of arbitrary code.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0446
reference_id
reference_type
scores
0
value 0.0067
scoring_system epss
scoring_elements 0.71925
published_at 2026-06-14T12:55:00Z
1
value 0.0067
scoring_system epss
scoring_elements 0.71928
published_at 2026-06-13T12:55:00Z
2
value 0.0067
scoring_system epss
scoring_elements 0.71915
published_at 2026-06-12T12:55:00Z
3
value 0.0067
scoring_system epss
scoring_elements 0.7183
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0446
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446
6
reference_url http://secunia.com/advisories/43274
reference_id
reference_type
scores
url http://secunia.com/advisories/43274
7
reference_url http://secunia.com/advisories/43666
reference_id
reference_type
scores
url http://secunia.com/advisories/43666
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217
10
reference_url https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2
11
reference_url https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ
12
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274
13
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666
14
reference_url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
15
reference_url https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064
16
reference_url http://www.debian.org/security/2011/dsa-2247
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2247
17
reference_url http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/46291
18
reference_url http://www.securitytracker.com/id?1025064
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1025064
19
reference_url http://www.vupen.com/english/advisories/2011/0587
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0587
20
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
reference_id 614864
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0446
reference_id CVE-2011-0446
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0446
23
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml
reference_id CVE-2011-0446.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml
24
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml
reference_id CVE-2011-0446.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml
25
reference_url https://github.com/advisories/GHSA-75w6-p6mg-vh8j
reference_id GHSA-75w6-p6mg-vh8j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75w6-p6mg-vh8j
26
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:gem/rails@2.3.11
purl pkg:gem/rails@2.3.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-6rc5-9gn7-tbbv
2
vulnerability VCID-94u9-8r8a-rufw
3
vulnerability VCID-a8d2-vazh-gqbz
4
vulnerability VCID-ajy4-eqvj-4ydd
5
vulnerability VCID-akcz-6jhs-7bdq
6
vulnerability VCID-b8tc-n7vg-wkdd
7
vulnerability VCID-bqps-e1sm-xkhe
8
vulnerability VCID-bz3f-a6me-a3hh
9
vulnerability VCID-d2nk-gbfb-v3g3
10
vulnerability VCID-dh8c-nqyp-u7b7
11
vulnerability VCID-fnx8-28wd-qqgx
12
vulnerability VCID-fry8-r6k2-auf2
13
vulnerability VCID-gyq7-xde5-sfea
14
vulnerability VCID-kqsm-qvtq-4kc6
15
vulnerability VCID-swdv-dnen-r7gw
16
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.11
1
url pkg:gem/rails@3.0.4
purl pkg:gem/rails@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-6rc5-9gn7-tbbv
3
vulnerability VCID-94u9-8r8a-rufw
4
vulnerability VCID-a6dm-ywkf-wkgh
5
vulnerability VCID-a8d2-vazh-gqbz
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-akcz-6jhs-7bdq
8
vulnerability VCID-b8tc-n7vg-wkdd
9
vulnerability VCID-bqps-e1sm-xkhe
10
vulnerability VCID-bz3f-a6me-a3hh
11
vulnerability VCID-d2nk-gbfb-v3g3
12
vulnerability VCID-dh8c-nqyp-u7b7
13
vulnerability VCID-en5b-axpg-eud2
14
vulnerability VCID-fnx8-28wd-qqgx
15
vulnerability VCID-fry8-r6k2-auf2
16
vulnerability VCID-gyq7-xde5-sfea
17
vulnerability VCID-kqsm-qvtq-4kc6
18
vulnerability VCID-mjpw-b5bt-9qgm
19
vulnerability VCID-swdv-dnen-r7gw
20
vulnerability VCID-vazh-rc42-puhy
21
vulnerability VCID-y17b-pzkn-j3c4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.4
aliases CVE-2011-0446, GHSA-75w6-p6mg-vh8j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56hv-j97k-w3dr
3
url VCID-6k5n-qveq-mkhj
vulnerability_id VCID-6k5n-qveq-mkhj
summary rails is vulnerable to CRLF injection
references
0
reference_url http://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/rails/rails
1
reference_url http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-5189
reference_id
reference_type
scores
0
value 0.00341
scoring_system epss
scoring_elements 0.57282
published_at 2026-06-14T12:55:00Z
1
value 0.00341
scoring_system epss
scoring_elements 0.57155
published_at 2026-06-11T12:55:00Z
2
value 0.00341
scoring_system epss
scoring_elements 0.57274
published_at 2026-06-12T12:55:00Z
3
value 0.00341
scoring_system epss
scoring_elements 0.57288
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-5189
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189
6
reference_url http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing
7
reference_url http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=472510
reference_id 472510
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=472510
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-5189
reference_id CVE-2008-5189
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-5189
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml
reference_id CVE-2008-5189.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml
11
reference_url https://github.com/advisories/GHSA-jmgf-p46x-982h
reference_id GHSA-jmgf-p46x-982h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmgf-p46x-982h
fixed_packages
0
url pkg:gem/rails@2.0.5
purl pkg:gem/rails@2.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-56hv-j97k-w3dr
2
vulnerability VCID-6rc5-9gn7-tbbv
3
vulnerability VCID-94u9-8r8a-rufw
4
vulnerability VCID-a67r-11ec-zffe
5
vulnerability VCID-a8d2-vazh-gqbz
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-akcz-6jhs-7bdq
8
vulnerability VCID-b8tc-n7vg-wkdd
9
vulnerability VCID-bqps-e1sm-xkhe
10
vulnerability VCID-bz3f-a6me-a3hh
11
vulnerability VCID-cgfh-yfn7-7ke9
12
vulnerability VCID-d2nk-gbfb-v3g3
13
vulnerability VCID-dh8c-nqyp-u7b7
14
vulnerability VCID-fnx8-28wd-qqgx
15
vulnerability VCID-fry8-r6k2-auf2
16
vulnerability VCID-gyq7-xde5-sfea
17
vulnerability VCID-kqsm-qvtq-4kc6
18
vulnerability VCID-ryyh-3t4j-hygv
19
vulnerability VCID-swdv-dnen-r7gw
20
vulnerability VCID-vazh-rc42-puhy
21
vulnerability VCID-y17b-pzkn-j3c4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.0.5
aliases CVE-2008-5189, GHSA-jmgf-p46x-982h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6k5n-qveq-mkhj
4
url VCID-6rc5-9gn7-tbbv
vulnerability_id VCID-6rc5-9gn7-tbbv
summary security update
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
1
reference_url http://openwall.com/lists/oss-security/2014/02/18/8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/02/18/8
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0215.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0215.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2014-0306.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0306.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0081
reference_id
reference_type
scores
0
value 0.00885
scoring_system epss
scoring_elements 0.75969
published_at 2026-06-14T12:55:00Z
1
value 0.00885
scoring_system epss
scoring_elements 0.75889
published_at 2026-06-11T12:55:00Z
2
value 0.00885
scoring_system epss
scoring_elements 0.75974
published_at 2026-06-13T12:55:00Z
3
value 0.00885
scoring_system epss
scoring_elements 0.75961
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0081
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb
11
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4
12
reference_url https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782
13
reference_url https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647
14
reference_url https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1065520
reference_id 1065520
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1065520
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0081
reference_id CVE-2014-0081
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0081
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml
reference_id CVE-2014-0081.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml
reference_id CVE-2014-0081.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml
19
reference_url https://github.com/advisories/GHSA-m46p-ggm5-5j83
reference_id GHSA-m46p-ggm5-5j83
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m46p-ggm5-5j83
20
reference_url https://access.redhat.com/errata/RHSA-2014:0215
reference_id RHSA-2014:0215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0215
21
reference_url https://access.redhat.com/errata/RHSA-2014:0306
reference_id RHSA-2014:0306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0306
fixed_packages
0
url pkg:gem/rails@3.2.17
purl pkg:gem/rails@3.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-6rc5-9gn7-tbbv
3
vulnerability VCID-94u9-8r8a-rufw
4
vulnerability VCID-a8d2-vazh-gqbz
5
vulnerability VCID-ajy4-eqvj-4ydd
6
vulnerability VCID-akcz-6jhs-7bdq
7
vulnerability VCID-b8tc-n7vg-wkdd
8
vulnerability VCID-bqps-e1sm-xkhe
9
vulnerability VCID-bz3f-a6me-a3hh
10
vulnerability VCID-dh8c-nqyp-u7b7
11
vulnerability VCID-fnx8-28wd-qqgx
12
vulnerability VCID-fry8-r6k2-auf2
13
vulnerability VCID-gyq7-xde5-sfea
14
vulnerability VCID-kqsm-qvtq-4kc6
15
vulnerability VCID-swdv-dnen-r7gw
16
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.17
1
url pkg:gem/rails@4.0.3
purl pkg:gem/rails@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-214c-rjny-9ud4
1
vulnerability VCID-2s57-9frf-4qhk
2
vulnerability VCID-2uka-fwza-dyfc
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a8d2-vazh-gqbz
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-akcz-6jhs-7bdq
8
vulnerability VCID-b8tc-n7vg-wkdd
9
vulnerability VCID-bqps-e1sm-xkhe
10
vulnerability VCID-bz3f-a6me-a3hh
11
vulnerability VCID-dh8c-nqyp-u7b7
12
vulnerability VCID-fnx8-28wd-qqgx
13
vulnerability VCID-fry8-r6k2-auf2
14
vulnerability VCID-gyq7-xde5-sfea
15
vulnerability VCID-hfz8-rhgw-hydt
16
vulnerability VCID-kqsm-qvtq-4kc6
17
vulnerability VCID-swdv-dnen-r7gw
18
vulnerability VCID-tp7w-62cp-2yhr
19
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.0.3
2
url pkg:gem/rails@4.1.0.beta2
purl pkg:gem/rails@4.1.0.beta2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-214c-rjny-9ud4
1
vulnerability VCID-2s57-9frf-4qhk
2
vulnerability VCID-2uka-fwza-dyfc
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a8d2-vazh-gqbz
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-akcz-6jhs-7bdq
8
vulnerability VCID-b8tc-n7vg-wkdd
9
vulnerability VCID-bqps-e1sm-xkhe
10
vulnerability VCID-bz3f-a6me-a3hh
11
vulnerability VCID-dh8c-nqyp-u7b7
12
vulnerability VCID-fnx8-28wd-qqgx
13
vulnerability VCID-fry8-r6k2-auf2
14
vulnerability VCID-hfz8-rhgw-hydt
15
vulnerability VCID-kqsm-qvtq-4kc6
16
vulnerability VCID-swdv-dnen-r7gw
17
vulnerability VCID-tp7w-62cp-2yhr
18
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.0.beta2
3
url pkg:gem/rails@4.1.0
purl pkg:gem/rails@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-214c-rjny-9ud4
1
vulnerability VCID-2s57-9frf-4qhk
2
vulnerability VCID-2uka-fwza-dyfc
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a8d2-vazh-gqbz
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-akcz-6jhs-7bdq
8
vulnerability VCID-b8tc-n7vg-wkdd
9
vulnerability VCID-bqps-e1sm-xkhe
10
vulnerability VCID-bz3f-a6me-a3hh
11
vulnerability VCID-dh8c-nqyp-u7b7
12
vulnerability VCID-fnx8-28wd-qqgx
13
vulnerability VCID-fry8-r6k2-auf2
14
vulnerability VCID-gyq7-xde5-sfea
15
vulnerability VCID-hfz8-rhgw-hydt
16
vulnerability VCID-kqsm-qvtq-4kc6
17
vulnerability VCID-swdv-dnen-r7gw
18
vulnerability VCID-tp7w-62cp-2yhr
19
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.0
aliases CVE-2014-0081, GHSA-m46p-ggm5-5j83, OSV-103439
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6rc5-9gn7-tbbv
5
url VCID-94u9-8r8a-rufw
vulnerability_id VCID-94u9-8r8a-rufw
summary security update
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8162
reference_id
reference_type
scores
0
value 0.01549
scoring_system epss
scoring_elements 0.81881
published_at 2026-06-12T12:55:00Z
1
value 0.01549
scoring_system epss
scoring_elements 0.8182
published_at 2026-06-11T12:55:00Z
2
value 0.01549
scoring_system epss
scoring_elements 0.81883
published_at 2026-06-14T12:55:00Z
3
value 0.01549
scoring_system epss
scoring_elements 0.81891
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8162
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://github.com/aws/aws-sdk-ruby
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-ruby
9
reference_url https://github.com/aws/aws-sdk-ruby/issues/2098
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-ruby/issues/2098
10
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
11
reference_url https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ
12
reference_url https://hackerone.com/reports/789579
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/789579
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843005
reference_id 1843005
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843005
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8162
reference_id CVE-2020-8162
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8162
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml
reference_id CVE-2020-8162.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml
16
reference_url https://github.com/advisories/GHSA-m42x-37p3-fv5w
reference_id GHSA-m42x-37p3-fv5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m42x-37p3-fv5w
17
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/rails@5.2.4.2
purl pkg:gem/rails@5.2.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-8ajf-ebxr-7bgf
4
vulnerability VCID-aa3d-r7aw-ykcp
5
vulnerability VCID-ajy4-eqvj-4ydd
6
vulnerability VCID-b8tc-n7vg-wkdd
7
vulnerability VCID-bqps-e1sm-xkhe
8
vulnerability VCID-fnx8-28wd-qqgx
9
vulnerability VCID-kqsm-qvtq-4kc6
10
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.2
1
url pkg:gem/rails@6.0.3.1
purl pkg:gem/rails@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-4j57-xdw3-a7em
4
vulnerability VCID-8ajf-ebxr-7bgf
5
vulnerability VCID-aa3d-r7aw-ykcp
6
vulnerability VCID-fhjg-crvh-myhd
7
vulnerability VCID-fnx8-28wd-qqgx
8
vulnerability VCID-jyvd-yu2u-rucu
9
vulnerability VCID-m1pe-q2r4-zfap
10
vulnerability VCID-mepe-vuu9-g3gd
11
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1
aliases CVE-2020-8162, GHSA-m42x-37p3-fv5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-94u9-8r8a-rufw
6
url VCID-a3af-9hvh-63b2
vulnerability_id VCID-a3af-9hvh-63b2
summary 
Several vulnerabilities were found in Ruby on Rails allowing for file
    disclosure and theft of user credentials.
references
0
reference_url http://bugs.gentoo.org/show_bug.cgi?id=195315
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.gentoo.org/show_bug.cgi?id=195315
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5380
reference_id
reference_type
scores
0
value 0.06069
scoring_system epss
scoring_elements 0.9098
published_at 2026-06-14T12:55:00Z
1
value 0.06069
scoring_system epss
scoring_elements 0.90975
published_at 2026-06-12T12:55:00Z
2
value 0.06069
scoring_system epss
scoring_elements 0.90981
published_at 2026-06-13T12:55:00Z
3
value 0.06069
scoring_system epss
scoring_elements 0.90945
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5380
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380
3
reference_url http://secunia.com/advisories/27657
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/27657
4
reference_url http://secunia.com/advisories/27965
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/27965
5
reference_url http://security.gentoo.org/glsa/glsa-200711-17.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200711-17.xml
6
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
7
reference_url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
8
reference_url http://www.novell.com/linux/security/advisories/2007_25_sr.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.novell.com/linux/security/advisories/2007_25_sr.html
9
reference_url http://www.securityfocus.com/bid/26096
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/26096
10
reference_url http://www.vupen.com/english/advisories/2007/3508
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2007/3508
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-5380
reference_id CVE-2007-5380
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-5380
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml
reference_id CVE-2007-5380.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml
13
reference_url https://github.com/advisories/GHSA-jwhv-rgqc-fqj5
reference_id GHSA-jwhv-rgqc-fqj5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jwhv-rgqc-fqj5
14
reference_url https://security.gentoo.org/glsa/200711-17
reference_id GLSA-200711-17
reference_type
scores
url https://security.gentoo.org/glsa/200711-17
15
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/rails@1.2.4
purl pkg:gem/rails@1.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-5426-pjkr-9udh
2
vulnerability VCID-56hv-j97k-w3dr
3
vulnerability VCID-6k5n-qveq-mkhj
4
vulnerability VCID-6rc5-9gn7-tbbv
5
vulnerability VCID-94u9-8r8a-rufw
6
vulnerability VCID-a67r-11ec-zffe
7
vulnerability VCID-a8d2-vazh-gqbz
8
vulnerability VCID-ajy4-eqvj-4ydd
9
vulnerability VCID-akcz-6jhs-7bdq
10
vulnerability VCID-b8tc-n7vg-wkdd
11
vulnerability VCID-bqps-e1sm-xkhe
12
vulnerability VCID-bz3f-a6me-a3hh
13
vulnerability VCID-cgfh-yfn7-7ke9
14
vulnerability VCID-d2nk-gbfb-v3g3
15
vulnerability VCID-dh8c-nqyp-u7b7
16
vulnerability VCID-fnx8-28wd-qqgx
17
vulnerability VCID-fry8-r6k2-auf2
18
vulnerability VCID-gyq7-xde5-sfea
19
vulnerability VCID-j5mt-ph5q-bqa6
20
vulnerability VCID-kqsm-qvtq-4kc6
21
vulnerability VCID-psh3-jce4-9kcu
22
vulnerability VCID-swdv-dnen-r7gw
23
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.4
aliases CVE-2007-5380, GHSA-jwhv-rgqc-fqj5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3af-9hvh-63b2
7
url VCID-a67r-11ec-zffe
vulnerability_id VCID-a67r-11ec-zffe
summary 
Multiple vulnerabilities have been discovered in Rails, the worst of which
    leading to the execution of arbitrary SQL statements.
references
0
reference_url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
1
reference_url http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-2422
reference_id
reference_type
scores
0
value 0.00403
scoring_system epss
scoring_elements 0.61434
published_at 2026-06-12T12:55:00Z
1
value 0.00403
scoring_system epss
scoring_elements 0.61438
published_at 2026-06-14T12:55:00Z
2
value 0.00403
scoring_system epss
scoring_elements 0.61442
published_at 2026-06-13T12:55:00Z
3
value 0.00403
scoring_system epss
scoring_elements 0.6133
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-2422
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422
5
reference_url http://secunia.com/advisories/35702
reference_id
reference_type
scores
url http://secunia.com/advisories/35702
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
7
reference_url http://support.apple.com/kb/HT4077
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT4077
8
reference_url https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702
9
reference_url https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579
10
reference_url http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
11
reference_url http://www.securityfocus.com/bid/35579
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/35579
12
reference_url http://www.vupen.com/english/advisories/2009/1802
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2009/1802
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=509564
reference_id 509564
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=509564
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896
reference_id 535896
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-2422
reference_id CVE-2009-2422
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-2422
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml
reference_id CVE-2009-2422.YML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml
17
reference_url https://github.com/advisories/GHSA-rxq3-gm4p-5fj4
reference_id GHSA-rxq3-gm4p-5fj4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rxq3-gm4p-5fj4
18
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/rails@2.3.3
purl pkg:gem/rails@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-56hv-j97k-w3dr
2
vulnerability VCID-58mv-ca6x-ruh8
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a8d2-vazh-gqbz
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-akcz-6jhs-7bdq
8
vulnerability VCID-b8tc-n7vg-wkdd
9
vulnerability VCID-bn9m-pqu3-bffj
10
vulnerability VCID-bqps-e1sm-xkhe
11
vulnerability VCID-bz3f-a6me-a3hh
12
vulnerability VCID-d2nk-gbfb-v3g3
13
vulnerability VCID-dh8c-nqyp-u7b7
14
vulnerability VCID-fnx8-28wd-qqgx
15
vulnerability VCID-fry8-r6k2-auf2
16
vulnerability VCID-gyq7-xde5-sfea
17
vulnerability VCID-kqsm-qvtq-4kc6
18
vulnerability VCID-ryyh-3t4j-hygv
19
vulnerability VCID-swdv-dnen-r7gw
20
vulnerability VCID-vazh-rc42-puhy
21
vulnerability VCID-y17b-pzkn-j3c4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.3
aliases CVE-2009-2422, GHSA-rxq3-gm4p-5fj4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a67r-11ec-zffe
8
url VCID-a8d2-vazh-gqbz
vulnerability_id VCID-a8d2-vazh-gqbz
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5419
reference_id
reference_type
scores
0
value 0.12118
scoring_system epss
scoring_elements 0.93993
published_at 2026-06-14T12:55:00Z
1
value 0.12118
scoring_system epss
scoring_elements 0.93985
published_at 2026-06-12T12:55:00Z
2
value 0.12118
scoring_system epss
scoring_elements 0.93991
published_at 2026-06-13T12:55:00Z
3
value 0.12118
scoring_system epss
scoring_elements 0.93966
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5419
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715
6
reference_url https://github.com/rails/rails/pull/35708
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/pull/35708
7
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
10
reference_url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1689160
reference_id 1689160
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1689160
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
reference_id 924520
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5419
reference_id CVE-2019-5419
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5419
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml
reference_id CVE-2019-5419.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml
15
reference_url https://github.com/advisories/GHSA-m63j-wh5w-c252
reference_id GHSA-m63j-wh5w-c252
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m63j-wh5w-c252
16
reference_url https://access.redhat.com/errata/RHSA-2019:0796
reference_id RHSA-2019:0796
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0796
17
reference_url https://access.redhat.com/errata/RHSA-2019:1147
reference_id RHSA-2019:1147
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1147
18
reference_url https://access.redhat.com/errata/RHSA-2019:1149
reference_id RHSA-2019:1149
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1149
19
reference_url https://access.redhat.com/errata/RHSA-2019:1289
reference_id RHSA-2019:1289
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1289
fixed_packages
0
url pkg:gem/rails@4.2.11.1
purl pkg:gem/rails@4.2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-8ajf-ebxr-7bgf
3
vulnerability VCID-94u9-8r8a-rufw
4
vulnerability VCID-ajy4-eqvj-4ydd
5
vulnerability VCID-b8tc-n7vg-wkdd
6
vulnerability VCID-bqps-e1sm-xkhe
7
vulnerability VCID-fnx8-28wd-qqgx
8
vulnerability VCID-kqsm-qvtq-4kc6
9
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.2.11.1
1
url pkg:gem/rails@5.0.7.2
purl pkg:gem/rails@5.0.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-8ajf-ebxr-7bgf
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-ajy4-eqvj-4ydd
6
vulnerability VCID-b8tc-n7vg-wkdd
7
vulnerability VCID-bqps-e1sm-xkhe
8
vulnerability VCID-fnx8-28wd-qqgx
9
vulnerability VCID-kqsm-qvtq-4kc6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.7.2
2
url pkg:gem/rails@5.1.6.2
purl pkg:gem/rails@5.1.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-8ajf-ebxr-7bgf
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-ajy4-eqvj-4ydd
6
vulnerability VCID-b8tc-n7vg-wkdd
7
vulnerability VCID-bqps-e1sm-xkhe
8
vulnerability VCID-fnx8-28wd-qqgx
9
vulnerability VCID-kqsm-qvtq-4kc6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.1.6.2
3
url pkg:gem/rails@5.2.2.1
purl pkg:gem/rails@5.2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-8ajf-ebxr-7bgf
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-aa3d-r7aw-ykcp
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-b8tc-n7vg-wkdd
8
vulnerability VCID-bqps-e1sm-xkhe
9
vulnerability VCID-fnx8-28wd-qqgx
10
vulnerability VCID-kqsm-qvtq-4kc6
11
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.2.1
aliases CVE-2019-5419, GHSA-m63j-wh5w-c252
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8d2-vazh-gqbz
9
url VCID-ajy4-eqvj-4ydd
vulnerability_id VCID-ajy4-eqvj-4ydd
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8167
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62947
published_at 2026-06-12T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62954
published_at 2026-06-14T12:55:00Z
2
value 0.00427
scoring_system epss
scoring_elements 0.62845
published_at 2026-06-11T12:55:00Z
3
value 0.00427
scoring_system epss
scoring_elements 0.62959
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8167
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
10
reference_url https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0
11
reference_url https://hackerone.com/reports/189878
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/189878
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843084
reference_id 1843084
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843084
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8167
reference_id CVE-2020-8167
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8167
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml
reference_id CVE-2020-8167.YML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml
15
reference_url https://github.com/advisories/GHSA-xq5j-gw7f-jgj8
reference_id GHSA-xq5j-gw7f-jgj8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xq5j-gw7f-jgj8
16
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/rails@5.2.4.3
purl pkg:gem/rails@5.2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-8ajf-ebxr-7bgf
4
vulnerability VCID-aa3d-r7aw-ykcp
5
vulnerability VCID-fnx8-28wd-qqgx
6
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3
1
url pkg:gem/rails@6.0.3.1
purl pkg:gem/rails@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-4j57-xdw3-a7em
4
vulnerability VCID-8ajf-ebxr-7bgf
5
vulnerability VCID-aa3d-r7aw-ykcp
6
vulnerability VCID-fhjg-crvh-myhd
7
vulnerability VCID-fnx8-28wd-qqgx
8
vulnerability VCID-jyvd-yu2u-rucu
9
vulnerability VCID-m1pe-q2r4-zfap
10
vulnerability VCID-mepe-vuu9-g3gd
11
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1
aliases CVE-2020-8167, GHSA-xq5j-gw7f-jgj8
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajy4-eqvj-4ydd
10
url VCID-akcz-6jhs-7bdq
vulnerability_id VCID-akcz-6jhs-7bdq
summary
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2097
reference_id
reference_type
scores
0
value 0.01912
scoring_system epss
scoring_elements 0.83757
published_at 2026-06-14T12:55:00Z
1
value 0.01912
scoring_system epss
scoring_elements 0.8376
published_at 2026-06-13T12:55:00Z
2
value 0.01912
scoring_system epss
scoring_elements 0.83751
published_at 2026-06-12T12:55:00Z
3
value 0.01912
scoring_system epss
scoring_elements 0.83693
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2097
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324
10
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
11
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4
12
reference_url https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122
13
reference_url https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726
14
reference_url https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
15
reference_url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released
16
reference_url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
17
reference_url http://www.debian.org/security/2016/dsa-3509
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3509
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1310043
reference_id 1310043
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1310043
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2097
reference_id CVE-2016-2097
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2097
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml
reference_id CVE-2016-2097.YML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml
reference_id CVE-2016-2097.YML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml
22
reference_url https://github.com/advisories/GHSA-vx9j-46rh-fqr8
reference_id GHSA-vx9j-46rh-fqr8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vx9j-46rh-fqr8
23
reference_url https://access.redhat.com/errata/RHSA-2016:0454
reference_id RHSA-2016:0454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0454
24
reference_url https://access.redhat.com/errata/RHSA-2016:0455
reference_id RHSA-2016:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0455
25
reference_url https://access.redhat.com/errata/RHSA-2016:0456
reference_id RHSA-2016:0456
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0456
fixed_packages
0
url pkg:gem/rails@3.2.22.2
purl pkg:gem/rails@3.2.22.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-6rc5-9gn7-tbbv
3
vulnerability VCID-94u9-8r8a-rufw
4
vulnerability VCID-a8d2-vazh-gqbz
5
vulnerability VCID-ajy4-eqvj-4ydd
6
vulnerability VCID-b8tc-n7vg-wkdd
7
vulnerability VCID-bqps-e1sm-xkhe
8
vulnerability VCID-bz3f-a6me-a3hh
9
vulnerability VCID-dh8c-nqyp-u7b7
10
vulnerability VCID-fnx8-28wd-qqgx
11
vulnerability VCID-fry8-r6k2-auf2
12
vulnerability VCID-kqsm-qvtq-4kc6
13
vulnerability VCID-swdv-dnen-r7gw
14
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.22.2
1
url pkg:gem/rails@4.1.14.2
purl pkg:gem/rails@4.1.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-6rc5-9gn7-tbbv
3
vulnerability VCID-94u9-8r8a-rufw
4
vulnerability VCID-a8d2-vazh-gqbz
5
vulnerability VCID-ajy4-eqvj-4ydd
6
vulnerability VCID-b8tc-n7vg-wkdd
7
vulnerability VCID-bqps-e1sm-xkhe
8
vulnerability VCID-bz3f-a6me-a3hh
9
vulnerability VCID-dh8c-nqyp-u7b7
10
vulnerability VCID-fnx8-28wd-qqgx
11
vulnerability VCID-fry8-r6k2-auf2
12
vulnerability VCID-kqsm-qvtq-4kc6
13
vulnerability VCID-swdv-dnen-r7gw
14
vulnerability VCID-tp7w-62cp-2yhr
15
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.14.2
aliases CVE-2016-2097, GHSA-vx9j-46rh-fqr8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akcz-6jhs-7bdq
11
url VCID-b8tc-n7vg-wkdd
vulnerability_id VCID-b8tc-n7vg-wkdd
summary
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8165
reference_id
reference_type
scores
0
value 0.90128
scoring_system epss
scoring_elements 0.99606
published_at 2026-06-11T12:55:00Z
1
value 0.90128
scoring_system epss
scoring_elements 0.99607
published_at 2026-06-12T12:55:00Z
2
value 0.90128
scoring_system epss
scoring_elements 0.99608
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8165
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
12
reference_url https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c
13
reference_url https://hackerone.com/reports/413388
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/413388
14
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
15
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
16
reference_url https://security.netapp.com/advisory/ntap-20250509-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250509-0002
17
reference_url https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843072
reference_id 1843072
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843072
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8165
reference_id CVE-2020-8165
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8165
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml
reference_id CVE-2020-8165.YML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml
21
reference_url https://github.com/advisories/GHSA-2p68-f74v-9wc6
reference_id GHSA-2p68-f74v-9wc6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2p68-f74v-9wc6
22
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/rails@5.2.4.3
purl pkg:gem/rails@5.2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-8ajf-ebxr-7bgf
4
vulnerability VCID-aa3d-r7aw-ykcp
5
vulnerability VCID-fnx8-28wd-qqgx
6
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3
1
url pkg:gem/rails@6.0.3.1
purl pkg:gem/rails@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-4j57-xdw3-a7em
4
vulnerability VCID-8ajf-ebxr-7bgf
5
vulnerability VCID-aa3d-r7aw-ykcp
6
vulnerability VCID-fhjg-crvh-myhd
7
vulnerability VCID-fnx8-28wd-qqgx
8
vulnerability VCID-jyvd-yu2u-rucu
9
vulnerability VCID-m1pe-q2r4-zfap
10
vulnerability VCID-mepe-vuu9-g3gd
11
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1
aliases CVE-2020-8165, GHSA-2p68-f74v-9wc6
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8tc-n7vg-wkdd
12
url VCID-bqps-e1sm-xkhe
vulnerability_id VCID-bqps-e1sm-xkhe
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8166
reference_id
reference_type
scores
0
value 0.00443
scoring_system epss
scoring_elements 0.63745
published_at 2026-06-11T12:55:00Z
1
value 0.00443
scoring_system epss
scoring_elements 0.63859
published_at 2026-06-14T12:55:00Z
2
value 0.00443
scoring_system epss
scoring_elements 0.63861
published_at 2026-06-13T12:55:00Z
3
value 0.00443
scoring_system epss
scoring_elements 0.63847
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8166
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843152
reference_id 1843152
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843152
12
reference_url https://hackerone.com/reports/732415
reference_id 732415
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/
url https://hackerone.com/reports/732415
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8166
reference_id CVE-2020-8166
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8166
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml
reference_id CVE-2020-8166.YML
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml
15
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id dsa-4766
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/
url https://www.debian.org/security/2020/dsa-4766
16
reference_url https://github.com/advisories/GHSA-jp5v-5gx4-jmj9
reference_id GHSA-jp5v-5gx4-jmj9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jp5v-5gx4-jmj9
17
reference_url https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw
reference_id NOjKiGeXUgw
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:45:41Z/
url https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw
18
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/rails@5.2.4.3
purl pkg:gem/rails@5.2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-8ajf-ebxr-7bgf
4
vulnerability VCID-aa3d-r7aw-ykcp
5
vulnerability VCID-fnx8-28wd-qqgx
6
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3
1
url pkg:gem/rails@6.0.3.1
purl pkg:gem/rails@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-4j57-xdw3-a7em
4
vulnerability VCID-8ajf-ebxr-7bgf
5
vulnerability VCID-aa3d-r7aw-ykcp
6
vulnerability VCID-fhjg-crvh-myhd
7
vulnerability VCID-fnx8-28wd-qqgx
8
vulnerability VCID-jyvd-yu2u-rucu
9
vulnerability VCID-m1pe-q2r4-zfap
10
vulnerability VCID-mepe-vuu9-g3gd
11
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1
aliases CVE-2020-8166, GHSA-jp5v-5gx4-jmj9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bqps-e1sm-xkhe
13
url VCID-bz3f-a6me-a3hh
vulnerability_id VCID-bz3f-a6me-a3hh
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5418
reference_id
reference_type
scores
0
value 0.94318
scoring_system epss
scoring_elements 0.99953
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5418
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
5
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
8
reference_url https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
9
reference_url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released
10
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418
11
reference_url https://www.exploit-db.com/exploits/46585
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46585
12
reference_url http://www.openwall.com/lists/oss-security/2019/03/22/1
reference_id 1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url http://www.openwall.com/lists/oss-security/2019/03/22/1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1689159
reference_id 1689159
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1689159
14
reference_url https://www.exploit-db.com/exploits/46585/
reference_id 46585
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://www.exploit-db.com/exploits/46585/
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
reference_id 924520
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
16
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py
reference_id CVE-2019-5418
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5418
reference_id CVE-2019-5418
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5418
18
reference_url https://github.com/advisories/GHSA-86g5-2wh3-gc9j
reference_id GHSA-86g5-2wh3-gc9j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-86g5-2wh3-gc9j
19
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
reference_id msg00011.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
20
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
reference_id msg00042.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
21
reference_url https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q
reference_id pFRKI96Sm8Q
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q
22
reference_url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
reference_id Rails-4-2-5-1-5-1-6-2-have-been-released
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
23
reference_url http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
reference_id Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
24
reference_url https://access.redhat.com/errata/RHSA-2019:0796
reference_id RHSA-2019:0796
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://access.redhat.com/errata/RHSA-2019:0796
25
reference_url https://access.redhat.com/errata/RHSA-2019:1147
reference_id RHSA-2019:1147
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://access.redhat.com/errata/RHSA-2019:1147
26
reference_url https://access.redhat.com/errata/RHSA-2019:1149
reference_id RHSA-2019:1149
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://access.redhat.com/errata/RHSA-2019:1149
27
reference_url https://access.redhat.com/errata/RHSA-2019:1289
reference_id RHSA-2019:1289
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://access.redhat.com/errata/RHSA-2019:1289
28
reference_url https://usn.ubuntu.com/7646-1/
reference_id USN-7646-1
reference_type
scores
url https://usn.ubuntu.com/7646-1/
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
reference_id Y43636TH4D6T46IC6N2RQVJTRFJAAYGA
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
fixed_packages
0
url pkg:gem/rails@4.2.11.1
purl pkg:gem/rails@4.2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-8ajf-ebxr-7bgf
3
vulnerability VCID-94u9-8r8a-rufw
4
vulnerability VCID-ajy4-eqvj-4ydd
5
vulnerability VCID-b8tc-n7vg-wkdd
6
vulnerability VCID-bqps-e1sm-xkhe
7
vulnerability VCID-fnx8-28wd-qqgx
8
vulnerability VCID-kqsm-qvtq-4kc6
9
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.2.11.1
1
url pkg:gem/rails@5.0.7.2
purl pkg:gem/rails@5.0.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-8ajf-ebxr-7bgf
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-ajy4-eqvj-4ydd
6
vulnerability VCID-b8tc-n7vg-wkdd
7
vulnerability VCID-bqps-e1sm-xkhe
8
vulnerability VCID-fnx8-28wd-qqgx
9
vulnerability VCID-kqsm-qvtq-4kc6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.7.2
2
url pkg:gem/rails@5.1.6.2
purl pkg:gem/rails@5.1.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-8ajf-ebxr-7bgf
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-ajy4-eqvj-4ydd
6
vulnerability VCID-b8tc-n7vg-wkdd
7
vulnerability VCID-bqps-e1sm-xkhe
8
vulnerability VCID-fnx8-28wd-qqgx
9
vulnerability VCID-kqsm-qvtq-4kc6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.1.6.2
3
url pkg:gem/rails@5.2.2.1
purl pkg:gem/rails@5.2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-8ajf-ebxr-7bgf
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-aa3d-r7aw-ykcp
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-b8tc-n7vg-wkdd
8
vulnerability VCID-bqps-e1sm-xkhe
9
vulnerability VCID-fnx8-28wd-qqgx
10
vulnerability VCID-kqsm-qvtq-4kc6
11
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.2.1
aliases CVE-2019-5418, GHSA-86g5-2wh3-gc9j
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bz3f-a6me-a3hh
14
url VCID-cgfh-yfn7-7ke9
vulnerability_id VCID-cgfh-yfn7-7ke9
summary 
Multiple vulnerabilities have been discovered in Rails, the worst of which
    leading to the execution of arbitrary SQL statements.
references
0
reference_url http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
url http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
1
reference_url http://gist.github.com/8946
reference_id
reference_type
scores
url http://gist.github.com/8946
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
3
reference_url http://rails.lighthouseapp.com/projects/8994/tickets/288
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rails.lighthouseapp.com/projects/8994/tickets/288
4
reference_url http://rails.lighthouseapp.com/projects/8994/tickets/964
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rails.lighthouseapp.com/projects/8994/tickets/964
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-4094
reference_id
reference_type
scores
0
value 0.03119
scoring_system epss
scoring_elements 0.8718
published_at 2026-06-14T12:55:00Z
1
value 0.03119
scoring_system epss
scoring_elements 0.87183
published_at 2026-06-13T12:55:00Z
2
value 0.03119
scoring_system epss
scoring_elements 0.87177
published_at 2026-06-12T12:55:00Z
3
value 0.03119
scoring_system epss
scoring_elements 0.87131
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-4094
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094
7
reference_url http://secunia.com/advisories/31875
reference_id
reference_type
scores
url http://secunia.com/advisories/31875
8
reference_url http://secunia.com/advisories/31909
reference_id
reference_type
scores
url http://secunia.com/advisories/31909
9
reference_url http://secunia.com/advisories/31910
reference_id
reference_type
scores
url http://secunia.com/advisories/31910
10
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/45109
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/45109
11
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
12
reference_url https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645
13
reference_url https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
14
reference_url https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch
15
reference_url https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch
16
reference_url https://web.archive.org/web/20081104151751/http://gist.github.com/8946
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081104151751/http://gist.github.com/8946
17
reference_url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875
18
reference_url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
reference_id
reference_type
scores
url https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
19
reference_url https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909
20
reference_url https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910
21
reference_url https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562
22
reference_url https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176
23
reference_url https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871
24
reference_url http://www.openwall.com/lists/oss-security/2008/09/13/2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2008/09/13/2
25
reference_url http://www.openwall.com/lists/oss-security/2008/09/16/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2008/09/16/1
26
reference_url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter
27
reference_url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
reference_id
reference_type
scores
url http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
28
reference_url http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/31176
29
reference_url http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1020871
30
reference_url http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/2562
31
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
reference_id 500791
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-4094
reference_id CVE-2008-4094
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-4094
33
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml
reference_id CVE-2008-4094.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml
34
reference_url https://github.com/advisories/GHSA-xf96-32q2-9rw2
reference_id GHSA-xf96-32q2-9rw2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xf96-32q2-9rw2
35
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/rails@2.1.1
purl pkg:gem/rails@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-56hv-j97k-w3dr
2
vulnerability VCID-58mv-ca6x-ruh8
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a67r-11ec-zffe
6
vulnerability VCID-a8d2-vazh-gqbz
7
vulnerability VCID-ajy4-eqvj-4ydd
8
vulnerability VCID-akcz-6jhs-7bdq
9
vulnerability VCID-b8tc-n7vg-wkdd
10
vulnerability VCID-bn9m-pqu3-bffj
11
vulnerability VCID-bqps-e1sm-xkhe
12
vulnerability VCID-bz3f-a6me-a3hh
13
vulnerability VCID-cab4-yeek-cfcw
14
vulnerability VCID-d2nk-gbfb-v3g3
15
vulnerability VCID-dh8c-nqyp-u7b7
16
vulnerability VCID-fnx8-28wd-qqgx
17
vulnerability VCID-fry8-r6k2-auf2
18
vulnerability VCID-gyq7-xde5-sfea
19
vulnerability VCID-kqsm-qvtq-4kc6
20
vulnerability VCID-ryyh-3t4j-hygv
21
vulnerability VCID-swdv-dnen-r7gw
22
vulnerability VCID-vazh-rc42-puhy
23
vulnerability VCID-y17b-pzkn-j3c4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.1.1
aliases CVE-2008-4094, GHSA-xf96-32q2-9rw2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgfh-yfn7-7ke9
15
url VCID-d2nk-gbfb-v3g3
vulnerability_id VCID-d2nk-gbfb-v3g3
summary Cross site scripting in actionpack Rubygem
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1497
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56218
published_at 2026-06-12T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56098
published_at 2026-06-11T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.56221
published_at 2026-06-14T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.56233
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1497
2
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
3
reference_url https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG
4
reference_url https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
5
reference_url https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6
6
reference_url https://www.openwall.com/lists/oss-security/2011/04/06/13
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2011/04/06/13
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2015262
reference_id 2015262
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2015262
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-1497
reference_id CVE-2011-1497
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-1497
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml
reference_id CVE-2011-1497.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml
10
reference_url https://github.com/advisories/GHSA-q58j-fmvf-9rq6
reference_id GHSA-q58j-fmvf-9rq6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q58j-fmvf-9rq6
fixed_packages
0
url pkg:gem/rails@3.0.6
purl pkg:gem/rails@3.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-6rc5-9gn7-tbbv
3
vulnerability VCID-94u9-8r8a-rufw
4
vulnerability VCID-a6dm-ywkf-wkgh
5
vulnerability VCID-a8d2-vazh-gqbz
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-akcz-6jhs-7bdq
8
vulnerability VCID-b8tc-n7vg-wkdd
9
vulnerability VCID-bqps-e1sm-xkhe
10
vulnerability VCID-bz3f-a6me-a3hh
11
vulnerability VCID-dh8c-nqyp-u7b7
12
vulnerability VCID-en5b-axpg-eud2
13
vulnerability VCID-fnx8-28wd-qqgx
14
vulnerability VCID-fry8-r6k2-auf2
15
vulnerability VCID-gyq7-xde5-sfea
16
vulnerability VCID-kqsm-qvtq-4kc6
17
vulnerability VCID-mjpw-b5bt-9qgm
18
vulnerability VCID-swdv-dnen-r7gw
19
vulnerability VCID-vazh-rc42-puhy
20
vulnerability VCID-y17b-pzkn-j3c4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.6
aliases CVE-2011-1497, GHSA-q58j-fmvf-9rq6
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d2nk-gbfb-v3g3
16
url VCID-dh8c-nqyp-u7b7
vulnerability_id VCID-dh8c-nqyp-u7b7
summary 
Ruby on Rails has some weaknesses potentially allowing a Denial of Service
    and maybe the remote execution of arbitrary Ruby scripts.
references
0
reference_url http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-4111
reference_id
reference_type
scores
0
value 0.03984
scoring_system epss
scoring_elements 0.88669
published_at 2026-06-11T12:55:00Z
1
value 0.03984
scoring_system epss
scoring_elements 0.88712
published_at 2026-06-14T12:55:00Z
2
value 0.03984
scoring_system epss
scoring_elements 0.88714
published_at 2026-06-13T12:55:00Z
3
value 0.03984
scoring_system epss
scoring_elements 0.88707
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-4111
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111
3
reference_url https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
6
reference_url https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
7
reference_url http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits
8
reference_url http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
9
reference_url http://www.novell.com/linux/security/advisories/2006_21_sr.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.novell.com/linux/security/advisories/2006_21_sr.html
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
reference_id 382255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2006-4111
reference_id CVE-2006-4111
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2006-4111
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml
reference_id CVE-2006-4111.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml
13
reference_url https://github.com/advisories/GHSA-rvpq-5xqx-pfpp
reference_id GHSA-rvpq-5xqx-pfpp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rvpq-5xqx-pfpp
14
reference_url https://security.gentoo.org/glsa/200608-20
reference_id GLSA-200608-20
reference_type
scores
url https://security.gentoo.org/glsa/200608-20
fixed_packages
aliases CVE-2006-4111, GHSA-rvpq-5xqx-pfpp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dh8c-nqyp-u7b7
17
url VCID-fnx8-28wd-qqgx
vulnerability_id VCID-fnx8-28wd-qqgx
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
reference_id
reference_type
scores
0
value 0.01304
scoring_system epss
scoring_elements 0.80176
published_at 2026-06-11T12:55:00Z
1
value 0.01304
scoring_system epss
scoring_elements 0.80246
published_at 2026-06-14T12:55:00Z
2
value 0.01304
scoring_system epss
scoring_elements 0.80254
published_at 2026-06-13T12:55:00Z
3
value 0.01304
scoring_system epss
scoring_elements 0.80238
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22795
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
12
reference_url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
15
reference_url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f
16
reference_url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0
17
reference_url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592
18
reference_url https://github.com/rails/rails/releases/tag/v6.1.7.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.7.1
19
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22795
22
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
reference_id 2164799
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164799
25
reference_url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
reference_id GHSA-8xww-x3g3-6jcv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8xww-x3g3-6jcv
26
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:gem/rails@6.1.7.1
purl pkg:gem/rails@6.1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-aa3d-r7aw-ykcp
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.1.7.1
1
url pkg:gem/rails@7.0.4.1
purl pkg:gem/rails@7.0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6hkq-y2fb-skgq
1
vulnerability VCID-aa3d-r7aw-ykcp
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@7.0.4.1
aliases CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnx8-28wd-qqgx
18
url VCID-fry8-r6k2-auf2
vulnerability_id VCID-fry8-r6k2-auf2
summary 
Multiple vulnerabilities have been discovered in Rails, the worst of which
    leading to the execution of arbitrary SQL statements.
references
0
reference_url http://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/rails/rails
1
reference_url http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5
2
reference_url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
3
reference_url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-4214
reference_id
reference_type
scores
0
value 0.01632
scoring_system epss
scoring_elements 0.82383
published_at 2026-06-14T12:55:00Z
1
value 0.01632
scoring_system epss
scoring_elements 0.82389
published_at 2026-06-13T12:55:00Z
2
value 0.01632
scoring_system epss
scoring_elements 0.82379
published_at 2026-06-12T12:55:00Z
3
value 0.01632
scoring_system epss
scoring_elements 0.82318
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-4214
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214
7
reference_url http://secunia.com/advisories/37446
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/37446
8
reference_url http://support.apple.com/kb/HT4077
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT4077
9
reference_url http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released
10
reference_url http://www.debian.org/security/2011/dsa-2260
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2260
11
reference_url http://www.debian.org/security/2011/dsa-2301
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2301
12
reference_url http://www.openwall.com/lists/oss-security/2009/11/27/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/11/27/2
13
reference_url http://www.openwall.com/lists/oss-security/2009/12/08/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2009/12/08/3
14
reference_url http://www.securityfocus.com/bid/37142
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/37142
15
reference_url http://www.securitytracker.com/id?1023245
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id?1023245
16
reference_url http://www.vupen.com/english/advisories/2009/3352
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2009/3352
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=542786
reference_id 542786
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=542786
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
reference_id 558685
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-4214
reference_id CVE-2009-4214
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2009-4214
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml
reference_id CVE-2009-4214.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml
21
reference_url https://github.com/advisories/GHSA-9p3v-wf2w-v29c
reference_id GHSA-9p3v-wf2w-v29c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9p3v-wf2w-v29c
22
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/rails@2.2.2
purl pkg:gem/rails@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-56hv-j97k-w3dr
2
vulnerability VCID-58mv-ca6x-ruh8
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a67r-11ec-zffe
6
vulnerability VCID-a8d2-vazh-gqbz
7
vulnerability VCID-ajy4-eqvj-4ydd
8
vulnerability VCID-akcz-6jhs-7bdq
9
vulnerability VCID-b8tc-n7vg-wkdd
10
vulnerability VCID-bn9m-pqu3-bffj
11
vulnerability VCID-bqps-e1sm-xkhe
12
vulnerability VCID-bz3f-a6me-a3hh
13
vulnerability VCID-d2nk-gbfb-v3g3
14
vulnerability VCID-dh8c-nqyp-u7b7
15
vulnerability VCID-fnx8-28wd-qqgx
16
vulnerability VCID-fry8-r6k2-auf2
17
vulnerability VCID-gyq7-xde5-sfea
18
vulnerability VCID-kqsm-qvtq-4kc6
19
vulnerability VCID-ryyh-3t4j-hygv
20
vulnerability VCID-swdv-dnen-r7gw
21
vulnerability VCID-vazh-rc42-puhy
22
vulnerability VCID-y17b-pzkn-j3c4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.2.2
1
url pkg:gem/rails@2.3.5
purl pkg:gem/rails@2.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-56hv-j97k-w3dr
2
vulnerability VCID-58mv-ca6x-ruh8
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a8d2-vazh-gqbz
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-akcz-6jhs-7bdq
8
vulnerability VCID-b8tc-n7vg-wkdd
9
vulnerability VCID-bqps-e1sm-xkhe
10
vulnerability VCID-bz3f-a6me-a3hh
11
vulnerability VCID-d2nk-gbfb-v3g3
12
vulnerability VCID-dh8c-nqyp-u7b7
13
vulnerability VCID-fnx8-28wd-qqgx
14
vulnerability VCID-fry8-r6k2-auf2
15
vulnerability VCID-gyq7-xde5-sfea
16
vulnerability VCID-kqsm-qvtq-4kc6
17
vulnerability VCID-swdv-dnen-r7gw
18
vulnerability VCID-vazh-rc42-puhy
19
vulnerability VCID-y17b-pzkn-j3c4
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@2.3.5
aliases CVE-2009-4214, GHSA-9p3v-wf2w-v29c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fry8-r6k2-auf2
19
url VCID-gyq7-xde5-sfea
vulnerability_id VCID-gyq7-xde5-sfea
summary
references
0
reference_url http://osvdb.org/show/osvdb/106704
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/106704
1
reference_url https://access.redhat.com/errata/RHSA-2014:0510
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:0510
2
reference_url https://access.redhat.com/errata/RHSA-2014:0816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:0816
3
reference_url https://access.redhat.com/errata/RHSA-2014:1863
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1863
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0130.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0130
reference_id
reference_type
scores
0
value 0.5271
scoring_system epss
scoring_elements 0.98002
published_at 2026-06-11T12:55:00Z
1
value 0.5271
scoring_system epss
scoring_elements 0.9801
published_at 2026-06-13T12:55:00Z
2
value 0.5271
scoring_system epss
scoring_elements 0.98011
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0130
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1095105
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1095105
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
12
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/PyJo7_m-Ehk
13
reference_url https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140518192004/http://www.securityfocus.com/bid/67244
14
reference_url https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150319054505/http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
15
reference_url https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210411041816/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
16
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130
17
reference_url http://www.securityfocus.com/bid/67244
reference_id 67244
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url http://www.securityfocus.com/bid/67244
18
reference_url http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
reference_id AnatomyOfRailsVuln-CVE-2014-0130.pdf
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf
19
reference_url https://access.redhat.com/security/cve/CVE-2014-0130
reference_id CVE-2014-0130
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-0130
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0130
reference_id CVE-2014-0130
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0130
21
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml
reference_id CVE-2014-0130.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0130.yml
22
reference_url https://github.com/advisories/GHSA-6x85-j5j2-27jx
reference_id GHSA-6x85-j5j2-27jx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6x85-j5j2-27jx
23
reference_url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
reference_id NxW_PDBSG3AJ
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ
24
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id RHSA-2014-1863.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
fixed_packages
0
url pkg:gem/rails@3.2.18
purl pkg:gem/rails@3.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-6rc5-9gn7-tbbv
3
vulnerability VCID-94u9-8r8a-rufw
4
vulnerability VCID-a8d2-vazh-gqbz
5
vulnerability VCID-ajy4-eqvj-4ydd
6
vulnerability VCID-akcz-6jhs-7bdq
7
vulnerability VCID-b8tc-n7vg-wkdd
8
vulnerability VCID-bqps-e1sm-xkhe
9
vulnerability VCID-bz3f-a6me-a3hh
10
vulnerability VCID-dh8c-nqyp-u7b7
11
vulnerability VCID-fnx8-28wd-qqgx
12
vulnerability VCID-fry8-r6k2-auf2
13
vulnerability VCID-kqsm-qvtq-4kc6
14
vulnerability VCID-swdv-dnen-r7gw
15
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.2.18
1
url pkg:gem/rails@4.0.5
purl pkg:gem/rails@4.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-214c-rjny-9ud4
1
vulnerability VCID-2s57-9frf-4qhk
2
vulnerability VCID-2uka-fwza-dyfc
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a8d2-vazh-gqbz
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-akcz-6jhs-7bdq
8
vulnerability VCID-b8tc-n7vg-wkdd
9
vulnerability VCID-bqps-e1sm-xkhe
10
vulnerability VCID-bz3f-a6me-a3hh
11
vulnerability VCID-dh8c-nqyp-u7b7
12
vulnerability VCID-fnx8-28wd-qqgx
13
vulnerability VCID-fry8-r6k2-auf2
14
vulnerability VCID-hfz8-rhgw-hydt
15
vulnerability VCID-kqsm-qvtq-4kc6
16
vulnerability VCID-swdv-dnen-r7gw
17
vulnerability VCID-tp7w-62cp-2yhr
18
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.0.5
2
url pkg:gem/rails@4.1.1
purl pkg:gem/rails@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-214c-rjny-9ud4
1
vulnerability VCID-2s57-9frf-4qhk
2
vulnerability VCID-2uka-fwza-dyfc
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a8d2-vazh-gqbz
6
vulnerability VCID-ajy4-eqvj-4ydd
7
vulnerability VCID-akcz-6jhs-7bdq
8
vulnerability VCID-b8tc-n7vg-wkdd
9
vulnerability VCID-bqps-e1sm-xkhe
10
vulnerability VCID-bz3f-a6me-a3hh
11
vulnerability VCID-dh8c-nqyp-u7b7
12
vulnerability VCID-fnx8-28wd-qqgx
13
vulnerability VCID-fry8-r6k2-auf2
14
vulnerability VCID-hfz8-rhgw-hydt
15
vulnerability VCID-kqsm-qvtq-4kc6
16
vulnerability VCID-swdv-dnen-r7gw
17
vulnerability VCID-tp7w-62cp-2yhr
18
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@4.1.1
aliases CVE-2014-0130, GHSA-6x85-j5j2-27jx
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gyq7-xde5-sfea
20
url VCID-j5mt-ph5q-bqa6
vulnerability_id VCID-j5mt-ph5q-bqa6
summary 
Multiple vulnerabilities have been discovered in Rails, the worst of which
    leading to the execution of arbitrary SQL statements.
references
0
reference_url http://dev.rubyonrails.org/changeset/8177
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://dev.rubyonrails.org/changeset/8177
1
reference_url http://dev.rubyonrails.org/ticket/10048
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://dev.rubyonrails.org/ticket/10048
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-6077
reference_id
reference_type
scores
0
value 0.03262
scoring_system epss
scoring_elements 0.87485
published_at 2026-06-13T12:55:00Z
1
value 0.03262
scoring_system epss
scoring_elements 0.87479
published_at 2026-06-12T12:55:00Z
2
value 0.03262
scoring_system epss
scoring_elements 0.87482
published_at 2026-06-14T12:55:00Z
3
value 0.03262
scoring_system epss
scoring_elements 0.87436
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-6077
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077
4
reference_url http://secunia.com/advisories/27781
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/27781
5
reference_url https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
6
reference_url http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
7
reference_url http://www.securityfocus.com/bid/26598
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/26598
8
reference_url http://www.vupen.com/english/advisories/2007/4009
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2007/4009
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748
reference_id 452748
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-6077
reference_id CVE-2007-6077
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-6077
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml
reference_id CVE-2007-6077.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml
12
reference_url https://github.com/advisories/GHSA-p4c6-77gc-694x
reference_id GHSA-p4c6-77gc-694x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p4c6-77gc-694x
13
reference_url https://security.gentoo.org/glsa/200912-02
reference_id GLSA-200912-02
reference_type
scores
url https://security.gentoo.org/glsa/200912-02
fixed_packages
0
url pkg:gem/rails@1.2.6
purl pkg:gem/rails@1.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-56hv-j97k-w3dr
2
vulnerability VCID-6k5n-qveq-mkhj
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a67r-11ec-zffe
6
vulnerability VCID-a8d2-vazh-gqbz
7
vulnerability VCID-ajy4-eqvj-4ydd
8
vulnerability VCID-akcz-6jhs-7bdq
9
vulnerability VCID-b8tc-n7vg-wkdd
10
vulnerability VCID-bqps-e1sm-xkhe
11
vulnerability VCID-bz3f-a6me-a3hh
12
vulnerability VCID-cgfh-yfn7-7ke9
13
vulnerability VCID-d2nk-gbfb-v3g3
14
vulnerability VCID-dh8c-nqyp-u7b7
15
vulnerability VCID-fnx8-28wd-qqgx
16
vulnerability VCID-fry8-r6k2-auf2
17
vulnerability VCID-gyq7-xde5-sfea
18
vulnerability VCID-kqsm-qvtq-4kc6
19
vulnerability VCID-swdv-dnen-r7gw
20
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.6
aliases CVE-2007-6077, GHSA-p4c6-77gc-694x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j5mt-ph5q-bqa6
21
url VCID-kqsm-qvtq-4kc6
vulnerability_id VCID-kqsm-qvtq-4kc6
summary
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8164
reference_id
reference_type
scores
0
value 0.07389
scoring_system epss
scoring_elements 0.91945
published_at 2026-06-14T12:55:00Z
1
value 0.07389
scoring_system epss
scoring_elements 0.91948
published_at 2026-06-13T12:55:00Z
2
value 0.07389
scoring_system epss
scoring_elements 0.9194
published_at 2026-06-12T12:55:00Z
3
value 0.07389
scoring_system epss
scoring_elements 0.91913
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
13
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
14
reference_url https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
15
reference_url https://hackerone.com/reports/292797
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/292797
16
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
17
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1842634
reference_id 1842634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1842634
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8164
reference_id CVE-2020-8164
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8164
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml
reference_id CVE-2020-8164.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml
21
reference_url https://github.com/advisories/GHSA-8727-m6gj-mc37
reference_id GHSA-8727-m6gj-mc37
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8727-m6gj-mc37
22
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:gem/rails@5.2.4.3
purl pkg:gem/rails@5.2.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-8ajf-ebxr-7bgf
4
vulnerability VCID-aa3d-r7aw-ykcp
5
vulnerability VCID-fnx8-28wd-qqgx
6
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.4.3
1
url pkg:gem/rails@6.0.3.1
purl pkg:gem/rails@6.0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-4j57-xdw3-a7em
4
vulnerability VCID-8ajf-ebxr-7bgf
5
vulnerability VCID-aa3d-r7aw-ykcp
6
vulnerability VCID-fhjg-crvh-myhd
7
vulnerability VCID-fnx8-28wd-qqgx
8
vulnerability VCID-jyvd-yu2u-rucu
9
vulnerability VCID-m1pe-q2r4-zfap
10
vulnerability VCID-mepe-vuu9-g3gd
11
vulnerability VCID-uzrf-6puc-kygc
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.3.1
aliases CVE-2020-8164, GHSA-8727-m6gj-mc37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqsm-qvtq-4kc6
22
url VCID-psh3-jce4-9kcu
vulnerability_id VCID-psh3-jce4-9kcu
summary 
Several vulnerabilities were found in Ruby on Rails allowing for file
    disclosure and theft of user credentials.
references
0
reference_url http://bugs.gentoo.org/show_bug.cgi?id=195315
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.gentoo.org/show_bug.cgi?id=195315
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-5379
reference_id
reference_type
scores
0
value 0.06784
scoring_system epss
scoring_elements 0.91548
published_at 2026-06-12T12:55:00Z
1
value 0.06784
scoring_system epss
scoring_elements 0.91518
published_at 2026-06-11T12:55:00Z
2
value 0.06784
scoring_system epss
scoring_elements 0.91553
published_at 2026-06-14T12:55:00Z
3
value 0.06784
scoring_system epss
scoring_elements 0.91556
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-5379
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379
3
reference_url http://security.gentoo.org/glsa/glsa-200711-17.xml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-200711-17.xml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
6
reference_url https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453
7
reference_url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
8
reference_url http://www.vupen.com/english/advisories/2007/3508
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vupen.com/english/advisories/2007/3508
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-5379
reference_id CVE-2007-5379
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2007-5379
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml
reference_id CVE-2007-5379.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml
11
reference_url https://github.com/advisories/GHSA-fjfg-q662-gm6j
reference_id GHSA-fjfg-q662-gm6j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fjfg-q662-gm6j
12
reference_url https://security.gentoo.org/glsa/200711-17
reference_id GLSA-200711-17
reference_type
scores
url https://security.gentoo.org/glsa/200711-17
fixed_packages
0
url pkg:gem/rails@1.2.4
purl pkg:gem/rails@1.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-5426-pjkr-9udh
2
vulnerability VCID-56hv-j97k-w3dr
3
vulnerability VCID-6k5n-qveq-mkhj
4
vulnerability VCID-6rc5-9gn7-tbbv
5
vulnerability VCID-94u9-8r8a-rufw
6
vulnerability VCID-a67r-11ec-zffe
7
vulnerability VCID-a8d2-vazh-gqbz
8
vulnerability VCID-ajy4-eqvj-4ydd
9
vulnerability VCID-akcz-6jhs-7bdq
10
vulnerability VCID-b8tc-n7vg-wkdd
11
vulnerability VCID-bqps-e1sm-xkhe
12
vulnerability VCID-bz3f-a6me-a3hh
13
vulnerability VCID-cgfh-yfn7-7ke9
14
vulnerability VCID-d2nk-gbfb-v3g3
15
vulnerability VCID-dh8c-nqyp-u7b7
16
vulnerability VCID-fnx8-28wd-qqgx
17
vulnerability VCID-fry8-r6k2-auf2
18
vulnerability VCID-gyq7-xde5-sfea
19
vulnerability VCID-j5mt-ph5q-bqa6
20
vulnerability VCID-kqsm-qvtq-4kc6
21
vulnerability VCID-psh3-jce4-9kcu
22
vulnerability VCID-swdv-dnen-r7gw
23
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.4
1
url pkg:gem/rails@1.2.5
purl pkg:gem/rails@1.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-56hv-j97k-w3dr
2
vulnerability VCID-6k5n-qveq-mkhj
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-94u9-8r8a-rufw
5
vulnerability VCID-a67r-11ec-zffe
6
vulnerability VCID-a8d2-vazh-gqbz
7
vulnerability VCID-ajy4-eqvj-4ydd
8
vulnerability VCID-akcz-6jhs-7bdq
9
vulnerability VCID-b8tc-n7vg-wkdd
10
vulnerability VCID-bqps-e1sm-xkhe
11
vulnerability VCID-bz3f-a6me-a3hh
12
vulnerability VCID-cgfh-yfn7-7ke9
13
vulnerability VCID-d2nk-gbfb-v3g3
14
vulnerability VCID-dh8c-nqyp-u7b7
15
vulnerability VCID-fnx8-28wd-qqgx
16
vulnerability VCID-fry8-r6k2-auf2
17
vulnerability VCID-gyq7-xde5-sfea
18
vulnerability VCID-j5mt-ph5q-bqa6
19
vulnerability VCID-kqsm-qvtq-4kc6
20
vulnerability VCID-swdv-dnen-r7gw
21
vulnerability VCID-vazh-rc42-puhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.5
aliases CVE-2007-5379, GHSA-fjfg-q662-gm6j, OSV-40717
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-psh3-jce4-9kcu
23
url VCID-swdv-dnen-r7gw
vulnerability_id VCID-swdv-dnen-r7gw
summary 
Ruby on Rails has some weaknesses potentially allowing a Denial of Service
    and maybe the remote execution of arbitrary Ruby scripts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-4112
reference_id
reference_type
scores
0
value 0.07371
scoring_system epss
scoring_elements 0.91932
published_at 2026-06-12T12:55:00Z
1
value 0.07371
scoring_system epss
scoring_elements 0.91905
published_at 2026-06-11T12:55:00Z
2
value 0.07371
scoring_system epss
scoring_elements 0.91936
published_at 2026-06-14T12:55:00Z
3
value 0.07371
scoring_system epss
scoring_elements 0.9194
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-4112
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/28364
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/28364
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454
5
reference_url https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded
6
reference_url https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673
7
reference_url http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure
8
reference_url http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml
9
reference_url http://www.kb.cert.org/vuls/id/699540
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.kb.cert.org/vuls/id/699540
10
reference_url http://www.novell.com/linux/security/advisories/2006_21_sr.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.novell.com/linux/security/advisories/2006_21_sr.html
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
reference_id 382255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2006-4112
reference_id CVE-2006-4112
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2006-4112
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml
reference_id CVE-2006-4112.YML
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml
14
reference_url https://github.com/advisories/GHSA-9wrq-xvmp-xjc8
reference_id GHSA-9wrq-xvmp-xjc8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9wrq-xvmp-xjc8
15
reference_url https://security.gentoo.org/glsa/200608-20
reference_id GLSA-200608-20
reference_type
scores
url https://security.gentoo.org/glsa/200608-20
fixed_packages
aliases CVE-2006-4112, GHSA-9wrq-xvmp-xjc8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swdv-dnen-r7gw
24
url VCID-vazh-rc42-puhy
vulnerability_id VCID-vazh-rc42-puhy
summary
references
0
reference_url http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8163
reference_id
reference_type
scores
0
value 0.91071
scoring_system epss
scoring_elements 0.9966
published_at 2026-06-12T12:55:00Z
1
value 0.91071
scoring_system epss
scoring_elements 0.99662
published_at 2026-06-13T12:55:00Z
2
value 0.91071
scoring_system epss
scoring_elements 0.99661
published_at 2026-06-14T12:55:00Z
3
value 0.91071
scoring_system epss
scoring_elements 0.99659
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8163
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
6
reference_url https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0
7
reference_url https://hackerone.com/reports/304805
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/304805
8
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1848724
reference_id 1848724
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1848724
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb
reference_id CVE-2020-8163
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8163
reference_id CVE-2020-8163
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8163
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml
reference_id CVE-2020-8163.YML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml
13
reference_url https://github.com/advisories/GHSA-cr3x-7m39-c6jq
reference_id GHSA-cr3x-7m39-c6jq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr3x-7m39-c6jq
fixed_packages
0
url pkg:gem/rails@5.0.1
purl pkg:gem/rails@5.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s57-9frf-4qhk
1
vulnerability VCID-2uka-fwza-dyfc
2
vulnerability VCID-3e1p-t61q-xfft
3
vulnerability VCID-6rc5-9gn7-tbbv
4
vulnerability VCID-8ajf-ebxr-7bgf
5
vulnerability VCID-94u9-8r8a-rufw
6
vulnerability VCID-a8d2-vazh-gqbz
7
vulnerability VCID-ajy4-eqvj-4ydd
8
vulnerability VCID-b8tc-n7vg-wkdd
9
vulnerability VCID-bqps-e1sm-xkhe
10
vulnerability VCID-bz3f-a6me-a3hh
11
vulnerability VCID-dh8c-nqyp-u7b7
12
vulnerability VCID-fnx8-28wd-qqgx
13
vulnerability VCID-fry8-r6k2-auf2
14
vulnerability VCID-kqsm-qvtq-4kc6
15
vulnerability VCID-swdv-dnen-r7gw
16
vulnerability VCID-usqn-hb81-pyf6
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.0.1
aliases CVE-2020-8163, GHSA-cr3x-7m39-c6jq
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vazh-rc42-puhy
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rails@1.2.2