Rails Admin Project Rails Admin — known CVE vulnerabilities
Every CVE whose affected-product data names Rails Admin Project Rails Admin, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2016-10522 — CVSS 8.8 (high): rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens…
CVE-2017-12098 — CVSS 6.1 (medium): An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0…
CVE-2024-39308 — CVSS 5.4 (medium): RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by…