Search for packages
| purl | pkg:gem/activerecord@4.2.11.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-dp3h-z1zs-ufba
Aliases: CVE-2022-32224 GHSA-3hhc-qp5v-9p2j |
activerecord: Possible RCE escalation bug with Serialized Columns in Active Record |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. |
|
VCID-enf4-jrzh-nyac
Aliases: CVE-2021-22880 GHSA-8hc4-xxm3-5ppp |
Active Record subject to Regular Expression Denial-of-Service (ReDoS) The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input. |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-nzb9-vn9k-jbgs
Aliases: CVE-2022-44566 GHSA-579w-22j4-4749 GMS-2023-59 |
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter There is a potential denial of service vulnerability present in ActiveRecord's PostgreSQL adapter. This has been assigned the CVE identifier CVE-2022-44566. Versions Affected: All. Not affected: None. ## Fixed Versions - 2.3.18.47 (Rails LTS, which is a paid service and not part of the rubygem) - 3.2.22.34 (Rails LTS, which is a paid service and not part of the rubygem) - 4.2.11.27 (Rails LTS, which is a paid service and not part of the rubygem) - 5.2.8.15 (Rails LTS, which is a paid service and not part of the rubygem) - 6.1.7.1 - 7.0.4.1 ## Impact In ActiveRecord < 7.0.4.1 and < 6.1.7.1, when a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. ## Releases The fixed releases are available at the normal locations. ## Workarounds Ensure that user supplied input which is provided to ActiveRecord clauses do not contain integers wider than a signed 64bit representation or floats. ## Patches To aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our maintenance policy 1 regarding security issues. They are in git-am format and consist of a single changeset. 6-1-Added-integer-width-check-to-PostgreSQL-Quoting.patch - Patch for 6.1 series 7-0-Added-integer-width-check-to-PostgreSQL-Quoting.patch - Patch for 7.0 series |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-xnj2-tbzn-tff6
Aliases: CVE-2025-55193 GHSA-76r7-hhxj-r776 |
activerecord: Active Record ANSI Injection Vulnerability |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-30T07:35:23.680992+00:00 | GitLab Importer | Affected by | VCID-xnj2-tbzn-tff6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2025-55193.yml | 38.6.0 |
| 2026-05-30T05:56:09.658468+00:00 | GitLab Importer | Affected by | VCID-nzb9-vn9k-jbgs | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2022-44566.yml | 38.6.0 |
| 2026-05-30T05:36:34.901727+00:00 | GitLab Importer | Affected by | VCID-dp3h-z1zs-ufba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2022-32224.yml | 38.6.0 |
| 2026-05-30T04:33:51.268556+00:00 | GitLab Importer | Affected by | VCID-enf4-jrzh-nyac | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2021-22880.yml | 38.6.0 |
| 2026-05-30T00:01:45.989125+00:00 | Ruby Importer | Affected by | VCID-xnj2-tbzn-tff6 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml | 38.6.0 |