Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/activerecord@3.2
purl pkg:gem/activerecord@3.2
Tags Ghost
Next non-vulnerable version 7.1.5.2
Latest non-vulnerable version 8.0.2.1
Risk 4.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-18n5-8cur-m7ae
Aliases:
CVE-2012-2661
GHSA-fh39-v733-mxfr
OSV-82403
Active Record vulnerable to SQL Injection via nested query parameters
3.2.4
Affected by 19 other vulnerabilities.
VCID-3ser-nhqn-mbar
Aliases:
CVE-2013-0155
GHSA-gppp-5xc5-wfpx
OSV-89025
Multiple vulnerabilities were found in Ruby on Rails, the worst of which allowing for execution of arbitrary code.
3.2.11
Affected by 17 other vulnerabilities.
VCID-72jm-58dq-mub5
Aliases:
CVE-2012-2660
GHSA-hgpp-pp89-4fgf
OSV-82610
Action Pack contains database-query restrictions bypass
3.2.4
Affected by 19 other vulnerabilities.
VCID-hh3w-dxkg-8ygx
Aliases:
CVE-2013-0276
GHSA-gr44-7grc-37vq
OSV-90072
Multiple vulnerabilities were found in Ruby on Rails, the worst of which allowing for execution of arbitrary code.
3.2.12
Affected by 15 other vulnerabilities.
VCID-pbgu-3zaj-ukay
Aliases:
CVE-2012-6496
GHSA-gh2w-j7cx-2664
OSV-88661
A vulnerability in Active Record could allow a remote attacker to inject SQL commands.
3.2.10
Affected by 18 other vulnerabilities.
VCID-rd4z-yncp-qkfu
Aliases:
CVE-2012-2695
GHSA-76wq-xw4h-f8wj
activerecord vulnerable to SQL Injection
3.2.6
Affected by 19 other vulnerabilities.
VCID-rhyd-xbpb-wufa
Aliases:
CVE-2013-1854
GHSA-3crr-9vmg-864v
OSV-91453
Multiple vulnerabilities were found in Ruby on Rails, the worst of which allowing for execution of arbitrary code.
3.2.13
Affected by 15 other vulnerabilities.
VCID-u2gv-wvdc-tfbs
Aliases:
CVE-2011-2930
GHSA-h6w6-xmqv-7q78
Multiple vulnerabilities were found in Ruby on Rails, the worst of which allowing for execution of arbitrary code. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T03:52:08.839919+00:00 Ruby Importer Affected by VCID-pbgu-3zaj-ukay https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-6496.yml 38.6.0
2026-06-12T03:52:08.561681+00:00 Ruby Importer Affected by VCID-72jm-58dq-mub5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2660.yml 38.6.0
2026-06-12T03:52:08.532256+00:00 Ruby Importer Affected by VCID-hh3w-dxkg-8ygx https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml 38.6.0
2026-06-12T03:52:08.500450+00:00 Ruby Importer Affected by VCID-rd4z-yncp-qkfu https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml 38.6.0
2026-06-12T03:52:08.419467+00:00 Ruby Importer Affected by VCID-18n5-8cur-m7ae https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2661.yml 38.6.0
2026-06-12T03:52:08.387657+00:00 Ruby Importer Affected by VCID-u2gv-wvdc-tfbs https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml 38.6.0
2026-06-12T03:52:08.252165+00:00 Ruby Importer Affected by VCID-rhyd-xbpb-wufa https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml 38.6.0
2026-06-12T03:52:08.221121+00:00 Ruby Importer Affected by VCID-3ser-nhqn-mbar https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml 38.6.0