Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/activesupport@8.1.2.1
purl pkg:gem/activesupport@8.1.2.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-4tzv-1t1b-t3g3 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited ### Impact `NumberToDelimitedConverter` used a regular expression with `gsub!` to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. ### Releases The fixed releases are available at the normal locations. CVE-2026-33169
GHSA-cg4j-q9v8-6v38
VCID-5tky-d2en-u7c7 Rails Active Support has a possible XSS vulnerability in SafeBuffer#% ### Impact `SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly created buffer. If a `SafeBuffer` is mutated in place (e.g. via `gsub!`) and then formatted with `%` using untrusted arguments, the result incorrectly reports `html_safe? == true`, bypassing ERB auto-escaping and possibly leading to XSS. ### Releases The fixed releases are available at the normal locations. CVE-2026-33170
GHSA-89vf-4333-qx8v
VCID-sarm-n22v-akcm Rails Active Support has a possible DoS vulnerability in its number helpers ### Impact Active Support number helpers accept strings containing scientific notation (e.g. `1e10000`), which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted, possibly resulting in a DoS vulnerability. ### Releases The fixed releases are available at the normal locations. CVE-2026-33176
GHSA-2j26-frm8-cmj9

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-09T22:49:50.916391+00:00 GithubOSV Importer Fixing VCID-5tky-d2en-u7c7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-89vf-4333-qx8v/GHSA-89vf-4333-qx8v.json 38.1.0
2026-04-08T12:46:29.422532+00:00 GithubOSV Importer Fixing VCID-sarm-n22v-akcm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-2j26-frm8-cmj9/GHSA-2j26-frm8-cmj9.json 38.1.0
2026-04-02T17:01:21.261259+00:00 GHSA Importer Fixing VCID-sarm-n22v-akcm https://github.com/advisories/GHSA-2j26-frm8-cmj9 38.1.0
2026-04-02T17:01:20.931148+00:00 GHSA Importer Fixing VCID-5tky-d2en-u7c7 https://github.com/advisories/GHSA-89vf-4333-qx8v 38.1.0
2026-04-02T17:01:20.753127+00:00 GHSA Importer Fixing VCID-4tzv-1t1b-t3g3 https://github.com/advisories/GHSA-cg4j-q9v8-6v38 38.1.0
2026-04-01T12:54:09.130504+00:00 GithubOSV Importer Fixing VCID-4tzv-1t1b-t3g3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-cg4j-q9v8-6v38/GHSA-cg4j-q9v8-6v38.json 38.0.0
2026-04-01T12:54:06.360209+00:00 GithubOSV Importer Fixing VCID-sarm-n22v-akcm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-2j26-frm8-cmj9/GHSA-2j26-frm8-cmj9.json 38.0.0
2026-04-01T12:53:16.582620+00:00 GithubOSV Importer Fixing VCID-5tky-d2en-u7c7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-89vf-4333-qx8v/GHSA-89vf-4333-qx8v.json 38.0.0