Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/activerecord@4.0.10.rc1

Type gem

Namespace

Name activerecord

Version 4.0.10.rc1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.1.5.2

Latest_non_vulnerable_version 8.0.2.1

Affected_by_vulnerabilities

url VCID-1ua6-6a16-9fde

vulnerability_id VCID-1ua6-6a16-9fde

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55193

reference_id

reference_type

scores

value	0.01019
scoring_system	epss
scoring_elements	0.77644
published_at	2026-06-11T12:55:00Z

value	0.01019
scoring_system	epss
scoring_elements	0.77726
published_at	2026-06-13T12:55:00Z

value	0.01019
scoring_system	epss
scoring_elements	0.77712
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55193

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-55193

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-55193

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106
reference_id	1111106
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2388446
reference_id	2388446
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2388446

reference_url

https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290

reference_id

3beef20013736fd52c5dcfdf061f7999ba318290

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290

reference_url

https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b

reference_id

568c0bc2f1e74c65d150a84b89a080949bf9eb9b

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b

reference_url

https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202

reference_id

6a944ca4805e72050a0fbb1a461534eb760d3202

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202

reference_url	https://github.com/advisories/GHSA-76r7-hhxj-r776
reference_id	GHSA-76r7-hhxj-r776
reference_type
scores
url	https://github.com/advisories/GHSA-76r7-hhxj-r776

reference_url

https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776

reference_id

GHSA-76r7-hhxj-r776

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/

url

https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776

fixed_packages

url	pkg:gem/activerecord@7.1.5.2
purl	pkg:gem/activerecord@7.1.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.1.5.2

url pkg:gem/activerecord@7.2.0.beta1

purl pkg:gem/activerecord@7.2.0.beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.0.beta1

url	pkg:gem/activerecord@7.2.2.2
purl	pkg:gem/activerecord@7.2.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.2.2.2

url pkg:gem/activerecord@8.0.0.beta1

purl pkg:gem/activerecord@8.0.0.beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.0.beta1

url	pkg:gem/activerecord@8.0.2.1
purl	pkg:gem/activerecord@8.0.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@8.0.2.1

aliases CVE-2025-55193, GHSA-76r7-hhxj-r776

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ua6-6a16-9fde

url VCID-2b1z-1k24-kfb8

vulnerability_id VCID-2b1z-1k24-kfb8

summary The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.

references

reference_url

http://openwall.com/lists/oss-security/2013/02/06/7

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/02/06/7

reference_url

http://openwall.com/lists/oss-security/2013/04/24/7

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/04/24/7

reference_url

http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-3221

reference_id

reference_type

scores

value	0.00483
scoring_system	epss
scoring_elements	0.65651
published_at	2026-06-11T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65749
published_at	2026-06-12T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65763
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-3221

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml

reference_url

https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-3221

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-3221

reference_url

https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=954365
reference_id	954365
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=954365

reference_url

https://github.com/advisories/GHSA-f57c-hx33-hvh8

reference_id

GHSA-f57c-hx33-hvh8

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f57c-hx33-hvh8

fixed_packages

url pkg:gem/activerecord@4.2.0

purl pkg:gem/activerecord@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-3qsf-qm7w-y7be

vulnerability	VCID-8ajf-ebxr-7bgf

vulnerability	VCID-a78m-qhav-13dm

vulnerability	VCID-c7qj-hcu8-p7hc

vulnerability	VCID-cgfh-yfn7-7ke9

vulnerability	VCID-cvs8-ejdv-uqhy

vulnerability	VCID-fbrw-bbm6-fbhp

vulnerability	VCID-nex8-cvgj-f7bc

vulnerability	VCID-rd4z-yncp-qkfu

vulnerability	VCID-runz-vm7e-a3fs

vulnerability	VCID-sfaa-e8am-x7gn

vulnerability	VCID-u2gv-wvdc-tfbs

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.0

aliases CVE-2013-3221, GHSA-f57c-hx33-hvh8

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2b1z-1k24-kfb8

url VCID-3qsf-qm7w-y7be

vulnerability_id VCID-3qsf-qm7w-y7be

summary

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7577

reference_id

reference_type

scores

value	0.01209
scoring_system	epss
scoring_elements	0.79462
published_at	2026-06-13T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.7938
published_at	2026-06-11T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.79447
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

reference_url

http://www.openwall.com/lists/oss-security/2016/01/25/10

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/10

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1301957
reference_id	1301957
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1301957

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7577

reference_id

CVE-2015-7577

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7577

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml

reference_id

CVE-2015-7577.YML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml

reference_url

https://github.com/advisories/GHSA-xrr6-3pc4-m447

reference_id

GHSA-xrr6-3pc4-m447

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xrr6-3pc4-m447

reference_url	https://access.redhat.com/errata/RHSA-2016:0296
reference_id	RHSA-2016:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0296

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

fixed_packages

url pkg:gem/activerecord@4.1.14.1

purl pkg:gem/activerecord@4.1.14.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-2b1z-1k24-kfb8

vulnerability	VCID-c7qj-hcu8-p7hc

vulnerability	VCID-cgfh-yfn7-7ke9

vulnerability	VCID-cvs8-ejdv-uqhy

vulnerability	VCID-fbrw-bbm6-fbhp

vulnerability	VCID-rd4z-yncp-qkfu

vulnerability	VCID-runz-vm7e-a3fs

vulnerability	VCID-sfaa-e8am-x7gn

vulnerability	VCID-u2gv-wvdc-tfbs

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.14.1

url pkg:gem/activerecord@4.2.5.1

purl pkg:gem/activerecord@4.2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-8ajf-ebxr-7bgf

vulnerability	VCID-c7qj-hcu8-p7hc

vulnerability	VCID-cgfh-yfn7-7ke9

vulnerability	VCID-cvs8-ejdv-uqhy

vulnerability	VCID-fbrw-bbm6-fbhp

vulnerability	VCID-rd4z-yncp-qkfu

vulnerability	VCID-runz-vm7e-a3fs

vulnerability	VCID-sfaa-e8am-x7gn

vulnerability	VCID-u2gv-wvdc-tfbs

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.5.1

url pkg:gem/activerecord@5.0.0.beta1.1

purl pkg:gem/activerecord@5.0.0.beta1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-8ajf-ebxr-7bgf

vulnerability	VCID-c7qj-hcu8-p7hc

vulnerability	VCID-cgfh-yfn7-7ke9

vulnerability	VCID-cvs8-ejdv-uqhy

vulnerability	VCID-fbrw-bbm6-fbhp

vulnerability	VCID-rd4z-yncp-qkfu

vulnerability	VCID-sfaa-e8am-x7gn

vulnerability	VCID-u2gv-wvdc-tfbs

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.0.0.beta1.1

aliases CVE-2015-7577, GHSA-xrr6-3pc4-m447

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qsf-qm7w-y7be

url VCID-c7qj-hcu8-p7hc

vulnerability_id VCID-c7qj-hcu8-p7hc

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32224

reference_id

reference_type

scores

value	0.01944
scoring_system	epss
scoring_elements	0.83831
published_at	2026-06-11T12:55:00Z

value	0.01944
scoring_system	epss
scoring_elements	0.83896
published_at	2026-06-13T12:55:00Z

value	0.01944
scoring_system	epss
scoring_elements	0.83887
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32224

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224

reference_url

https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a

reference_url

https://github.com/rails/rails/commits/main/activerecord

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commits/main/activerecord

reference_url

https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140
reference_id	1016140
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2108997
reference_id	2108997
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2108997

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-32224

reference_id

CVE-2022-32224

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-32224

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml

reference_id

CVE-2022-32224.YML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml

reference_url

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

reference_id

GHSA-3hhc-qp5v-9p2j

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/

url

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

reference_url	https://security.gentoo.org/glsa/202408-24
reference_id	GLSA-202408-24
reference_type
scores
url	https://security.gentoo.org/glsa/202408-24

reference_url

https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

reference_id

MmFO3LYQE8U

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/

url

https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

reference_url	https://access.redhat.com/errata/RHSA-2023:0261
reference_id	RHSA-2023:0261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0261

reference_url	https://access.redhat.com/errata/RHSA-2023:1151
reference_id	RHSA-2023:1151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1151

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

fixed_packages

url pkg:gem/activerecord@5.2.8.1

purl pkg:gem/activerecord@5.2.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-cvs8-ejdv-uqhy

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@5.2.8.1

url pkg:gem/activerecord@6.0.0.beta1

purl pkg:gem/activerecord@6.0.0.beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-c7qj-hcu8-p7hc

vulnerability	VCID-cvs8-ejdv-uqhy

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.0.beta1

url pkg:gem/activerecord@6.0.5.1

purl pkg:gem/activerecord@6.0.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-cvs8-ejdv-uqhy

vulnerability	VCID-ez3g-ygna-jkb8

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.0.5.1

url pkg:gem/activerecord@6.1.0.rc1

purl pkg:gem/activerecord@6.1.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-c7qj-hcu8-p7hc

vulnerability	VCID-cvs8-ejdv-uqhy

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.0.rc1

url pkg:gem/activerecord@6.1.6.1

purl pkg:gem/activerecord@6.1.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-cvs8-ejdv-uqhy

vulnerability	VCID-ez3g-ygna-jkb8

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.6.1

url pkg:gem/activerecord@7.0.0.alpha1

purl pkg:gem/activerecord@7.0.0.alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-c7qj-hcu8-p7hc

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.0.alpha1

url pkg:gem/activerecord@7.0.3.1

purl pkg:gem/activerecord@7.0.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-cvs8-ejdv-uqhy

vulnerability	VCID-ez3g-ygna-jkb8

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.3.1

aliases CVE-2022-32224, GHSA-3hhc-qp5v-9p2j, GMS-2022-3029

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c7qj-hcu8-p7hc

url

VCID-cgfh-yfn7-7ke9

vulnerability_id

VCID-cgfh-yfn7-7ke9

summary

Multiple vulnerabilities have been discovered in Rails, the worst of which
    leading to the execution of arbitrary SQL statements.

references

reference_url	http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
url	http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_url	http://gist.github.com/8946
reference_id
reference_type
scores
url	http://gist.github.com/8946

reference_url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_url

http://rails.lighthouseapp.com/projects/8994/tickets/288

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rails.lighthouseapp.com/projects/8994/tickets/288

reference_url

http://rails.lighthouseapp.com/projects/8994/tickets/964

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rails.lighthouseapp.com/projects/8994/tickets/964

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-4094

reference_id

reference_type

scores

value	0.03119
scoring_system	epss
scoring_elements	0.87177
published_at	2026-06-12T12:55:00Z

value	0.03119
scoring_system	epss
scoring_elements	0.87131
published_at	2026-06-11T12:55:00Z

value	0.03119
scoring_system	epss
scoring_elements	0.87183
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-4094

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094

reference_url	http://secunia.com/advisories/31875
reference_id
reference_type
scores
url	http://secunia.com/advisories/31875

reference_url	http://secunia.com/advisories/31909
reference_id
reference_type
scores
url	http://secunia.com/advisories/31909

reference_url	http://secunia.com/advisories/31910
reference_id
reference_type
scores
url	http://secunia.com/advisories/31910

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/45109

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/45109

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645

reference_url

https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_url

https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch

reference_url

https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch

reference_url

https://web.archive.org/web/20081104151751/http://gist.github.com/8946

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081104151751/http://gist.github.com/8946

reference_url

https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875

reference_url	https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
reference_id
reference_type
scores
url	https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/

reference_url

https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909

reference_url

https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910

reference_url

https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562

reference_url

https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176

reference_url

https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871

reference_url

http://www.openwall.com/lists/oss-security/2008/09/13/2

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2008/09/13/2

reference_url

http://www.openwall.com/lists/oss-security/2008/09/16/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2008/09/16/1

reference_url

http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter

reference_url	http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
reference_id
reference_type
scores
url	http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/

reference_url	http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/31176

reference_url	http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1020871

reference_url	http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2562

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
reference_id	500791
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-4094

reference_id

CVE-2008-4094

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-4094

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml

reference_id

CVE-2008-4094.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml

reference_url

https://github.com/advisories/GHSA-xf96-32q2-9rw2

reference_id

GHSA-xf96-32q2-9rw2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xf96-32q2-9rw2

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

aliases

CVE-2008-4094, GHSA-xf96-32q2-9rw2

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-cgfh-yfn7-7ke9

url VCID-cvs8-ejdv-uqhy

vulnerability_id VCID-cvs8-ejdv-uqhy

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-44566

reference_id

reference_type

scores

value	0.01543
scoring_system	epss
scoring_elements	0.81785
published_at	2026-06-11T12:55:00Z

value	0.01543
scoring_system	epss
scoring_elements	0.81854
published_at	2026-06-13T12:55:00Z

value	0.01543
scoring_system	epss
scoring_elements	0.81846
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-44566

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf

reference_url

https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b

reference_url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml

reference_url

https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid

reference_url

https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-44566

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-44566

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url

https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html

reference_id

2022-11-01-forcing-sequential-scans-on-postgresql.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/

url

https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164789
reference_id	2164789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164789

reference_url

https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119

reference_id

82119

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/

url

https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119

reference_url

https://github.com/advisories/GHSA-579w-22j4-4749

reference_id

GHSA-579w-22j4-4749

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-579w-22j4-4749

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url pkg:gem/activerecord@6.1.7.1

purl pkg:gem/activerecord@6.1.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@6.1.7.1

url pkg:gem/activerecord@7.0.4.1

purl pkg:gem/activerecord@7.0.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@7.0.4.1

aliases CVE-2022-44566, GHSA-579w-22j4-4749, GMS-2023-59

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cvs8-ejdv-uqhy

url

VCID-fbrw-bbm6-fbhp

vulnerability_id

VCID-fbrw-bbm6-fbhp

summary

Multiple vulnerabilities were found in Ruby on Rails, the worst of
    which allowing for execution of arbitrary code.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

reference_id

reference_type

scores

value	0.00689
scoring_system	epss
scoring_elements	0.72247
published_at	2026-06-11T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.72343
published_at	2026-06-13T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.7233
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

reference_url	http://secunia.com/advisories/43278
reference_id
reference_type
scores
url	http://secunia.com/advisories/43278

reference_url	http://securitytracker.com/id?1025063
reference_id
reference_type
scores
url	http://securitytracker.com/id?1025063

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474

reference_url

https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063

reference_url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_url	http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0877

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-0448

reference_id

CVE-2011-0448

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0448

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml

reference_id

CVE-2011-0448.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml

reference_url

https://github.com/advisories/GHSA-jmm9-2p29-vh2w

reference_id

GHSA-jmm9-2p29-vh2w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jmm9-2p29-vh2w

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

aliases

CVE-2011-0448, GHSA-jmm9-2p29-vh2w

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-fbrw-bbm6-fbhp

url

VCID-rd4z-yncp-qkfu

vulnerability_id

VCID-rd4z-yncp-qkfu

summary

activerecord vulnerable to SQL Injection

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0154.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2695

reference_id

reference_type

scores

value	0.00637
scoring_system	epss
scoring_elements	0.7107
published_at	2026-06-13T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.71058
published_at	2026-06-12T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70968
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2695

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/62f81f4d6b3ee40e9887ffd92ab14714bad93f18

reference_url

https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/aee3413fb038bf56?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/l4L0TEVAz1k/m/Vr84sD9B464J

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=831573
reference_id	831573
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=831573

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2695

reference_id

CVE-2012-2695

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2695

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml

reference_id

CVE-2012-2695.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml

reference_url

https://github.com/advisories/GHSA-76wq-xw4h-f8wj

reference_id

GHSA-76wq-xw4h-f8wj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-76wq-xw4h-f8wj

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

aliases

CVE-2012-2695, GHSA-76wq-xw4h-f8wj

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rd4z-yncp-qkfu

url VCID-runz-vm7e-a3fs

vulnerability_id VCID-runz-vm7e-a3fs

summary

references

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1855.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1855.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6317

reference_id

reference_type

scores

value	0.00381
scoring_system	epss
scoring_elements	0.60041
published_at	2026-06-13T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59921
published_at	2026-06-11T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.60029
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA

reference_url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

reference_url

http://www.openwall.com/lists/oss-security/2016/08/11/4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/08/11/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1365017
reference_id	1365017
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1365017

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154
reference_id	834154
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6317

reference_id

CVE-2016-6317

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6317

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml

reference_id

CVE-2016-6317.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml

reference_url

https://github.com/advisories/GHSA-pr3r-4wrp-r2pv

reference_id

GHSA-pr3r-4wrp-r2pv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pr3r-4wrp-r2pv

reference_url	https://access.redhat.com/errata/RHSA-2016:1855
reference_id	RHSA-2016:1855
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1855

fixed_packages

url pkg:gem/activerecord@4.2.7.1

purl pkg:gem/activerecord@4.2.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ua6-6a16-9fde

vulnerability	VCID-8ajf-ebxr-7bgf

vulnerability	VCID-c7qj-hcu8-p7hc

vulnerability	VCID-cgfh-yfn7-7ke9

vulnerability	VCID-cvs8-ejdv-uqhy

vulnerability	VCID-fbrw-bbm6-fbhp

vulnerability	VCID-rd4z-yncp-qkfu

vulnerability	VCID-sfaa-e8am-x7gn

vulnerability	VCID-u2gv-wvdc-tfbs

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.2.7.1

aliases CVE-2016-6317, GHSA-pr3r-4wrp-r2pv

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-runz-vm7e-a3fs

url

VCID-sfaa-e8am-x7gn

vulnerability_id

VCID-sfaa-e8am-x7gn

summary

Multiple vulnerabilities were found in Ruby on Rails, the worst of
    which allowing for execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-3933

reference_id

reference_type

scores

value	0.00712
scoring_system	epss
scoring_elements	0.72837
published_at	2026-06-12T12:55:00Z

value	0.00712
scoring_system	epss
scoring_elements	0.72761
published_at	2026-06-11T12:55:00Z

value	0.00712
scoring_system	epss
scoring_elements	0.72853
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-3933

reference_url	http://secunia.com/advisories/41930
reference_id
reference_type
scores
url	http://secunia.com/advisories/41930

reference_url	http://securitytracker.com/id?1024624
reference_id
reference_type
scores
url	http://securitytracker.com/id?1024624

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae

reference_url

https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585

reference_url

https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html

reference_url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930

reference_url

https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624

reference_url

http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0

reference_url	http://www.vupen.com/english/advisories/2010/2719
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2010/2719

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-3933

reference_id

CVE-2010-3933

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2010-3933

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml

reference_id

CVE-2010-3933.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml

reference_url

https://github.com/advisories/GHSA-gjxw-5w2q-7grf

reference_id

GHSA-gjxw-5w2q-7grf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gjxw-5w2q-7grf

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

aliases

CVE-2010-3933, GHSA-gjxw-5w2q-7grf

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-sfaa-e8am-x7gn

url

VCID-u2gv-wvdc-tfbs

vulnerability_id

VCID-u2gv-wvdc-tfbs

summary

Multiple vulnerabilities were found in Ruby on Rails, the worst of
    which allowing for execution of arbitrary code.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2930

reference_id

reference_type

scores

value	0.00955
scoring_system	epss
scoring_elements	0.7686
published_at	2026-06-11T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76944
published_at	2026-06-13T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76929
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2930

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731438

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731438

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930