Every CVE whose affected-product data names Heartcombo Devise, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2015-8314 — CVSS 7.5 (high): The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized…
CVE-2026-40295 — CVSS 6.1 (medium): Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in…
CVE-2026-32700 — CVSS 5.3 (medium): Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module…