Activerecord Project Activerecord — known CVE vulnerabilities
Every CVE whose affected-product data names Activerecord Project Activerecord, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-32224 — CVSS 9.8 (critical): A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and…
CVE-2023-22794 — CVSS 8.8 (high): A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed…
CVE-2022-44566 — CVSS 7.5 (high): A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a…