activestorage (RubyGems) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the RubyGems package activestorage, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2022-21831 — CVSS 9.8 (critical): A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing…
CVE-2026-33195 — CVSS 9.8 (critical): Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active…
CVE-2026-33202 — CVSS 9.1 (critical): Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active…
CVE-2025-24293 — CVSS 8.1 (high): # Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image…
CVE-2026-33174 — CVSS 7.5 (high): Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when…
CVE-2020-8162 — CVSS 7.5 (high): A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter…
CVE-2018-16477 — CVSS 6.5 (medium): A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the…
CVE-2026-33658 — CVSS 6.5 (medium): Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active…
CVE-2024-26144 — CVSS 5.3 (medium): Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active…
CVE-2026-33173 — CVSS 5.3 (medium): Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1…