Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/activerecord@4.0.11.1
purl pkg:gem/activerecord@4.0.11.1
Next non-vulnerable version 7.1.5.2
Latest non-vulnerable version 8.0.2.1
Risk
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-dbvw-1xvz-63b8
Aliases:
CVE-2012-2695
GHSA-76wq-xw4h-f8wj
activerecord vulnerable to SQL Injection The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. There are no reported fixed by versions.
VCID-er3j-4ygz-kqdx
Aliases:
CVE-2011-2930
GHSA-h6w6-xmqv-7q78
activerecord vulnerable to SQL Injection Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. There are no reported fixed by versions.
VCID-wz1m-798r-8yez
Aliases:
CVE-2008-4094
GHSA-xf96-32q2-9rw2
Rails ActiveRecord gem vulnerable to SQL injection Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) `:limit` and (2) `:offset` parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. There are no reported fixed by versions.
VCID-xmwx-eqjn-pba9
Aliases:
CVE-2010-3933
GHSA-gjxw-5w2q-7grf
Rails activerecord gem has Improper Input Validation vulnerability Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. There are no reported fixed by versions.
VCID-xnj2-tbzn-tff6
Aliases:
CVE-2025-55193
GHSA-76r7-hhxj-r776
activerecord: Active Record ANSI Injection Vulnerability
7.1.5.2
Affected by 0 other vulnerabilities.
7.2.2.2
Affected by 0 other vulnerabilities.
8.0.2.1
Affected by 0 other vulnerabilities.
VCID-y922-r53a-rke5
Aliases:
CVE-2011-0448
GHSA-jmm9-2p29-vh2w
activerecord vulnerable to SQL Injection Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-30T00:01:45.671492+00:00 Ruby Importer Affected by VCID-xnj2-tbzn-tff6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml 38.6.0
2026-05-29T23:57:32.590406+00:00 Ruby Importer Affected by VCID-y922-r53a-rke5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml 38.6.0
2026-05-29T23:57:21.282312+00:00 Ruby Importer Affected by VCID-xmwx-eqjn-pba9 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml 38.6.0
2026-05-29T23:57:05.180538+00:00 Ruby Importer Affected by VCID-dbvw-1xvz-63b8 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2012-2695.yml 38.6.0
2026-05-29T23:56:57.226581+00:00 Ruby Importer Affected by VCID-er3j-4ygz-kqdx https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml 38.6.0
2026-05-29T23:56:35.790946+00:00 Ruby Importer Affected by VCID-wz1m-798r-8yez https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml 38.6.0