-
Notifications
You must be signed in to change notification settings - Fork 22k
Security: rails/rails
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Active Storage allowed transformation methods potentially unsafeGHSA-r4mg-4433-c7g3 published
Aug 13, 2025 by jhawthornHigh -
ANSI escape injection in Active Record loggingGHSA-76r7-hhxj-r776 published
Aug 13, 2025 by jhawthornLow -
Possible Content Security Policy bypass in Action DispatchGHSA-vfm5-rmrh-j26v published
Dec 10, 2024 by jhawthornLow -
Possible ReDoS vulnerability in block_format in Action MailerGHSA-h47h-mwp9-c6q6 published
Oct 15, 2024 by jhawthornLow -
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action TextGHSA-wwhv-wxv9-rpgw published
Oct 15, 2024 by jhawthornLow -
Possible ReDoS vulnerability in HTTP Token authentication in Action ControllerGHSA-vfg9-r3fq-jvx4 published
Oct 15, 2024 by jhawthornLow -
Possible ReDoS vulnerability in query parameter filtering in Action DispatchGHSA-x76w-6vjr-8xgj published
Oct 15, 2024 by jhawthornLow -
ActionText ContentAttachment can contain unsanitized HTMLGHSA-prjp-h48f-jgf6 published
Jun 4, 2024 by jhawthornModerate -
Missing security headers in Action Pack on non-HTML responsesGHSA-fwhr-88qx-h9g7 published
Jun 4, 2024 by jhawthornLow -
Possible Sensitive Session Information Leak in Active StorageGHSA-8h22-8cf7-hq6g published
Feb 26, 2024 by jhawthornHigh