Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Ruby Framework

Ruby on Rails

Ruby on Rails or Rails is a server-side web application framework written in Ruby under the MIT License. Rails is a model-view-controller (MVC) framework providing default structures for a database a web service and web pages.

Official Site:

http://rubyonrails.org/

Severity Summary:

Critical: 7 High: 37 Medium: 73 Low: 1
Reference
Title
Severity
CVE-2019-5420
Ruby on Rails Improper Input Validation Vulnerability
Critical
CVE-2026-33202
Ruby on Rails Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Critical
CVE-2020-8165
Ruby on Rails Deserialization of Untrusted Data Vulnerability
Critical
CVE-2024-28103
Ruby on Rails Vulnerability
Critical
CVE-2009-2422
Ruby on Rails Improper Authentication Vulnerability
Critical
CVE-2026-33195
Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Critical
CVE-2013-0277
Ruby on Rails Vulnerability
Critical
CVE-2013-0333
Ruby on Rails Other Vulnerability
High
CVE-2008-4094
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2013-0156
Ruby on Rails Improper Input Validation Vulnerability
High
CVE-2017-17919
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2012-2695
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2011-2930
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2014-3482
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2011-0449
Ruby on Rails Permissions Privileges and Access Controls Vulnerability
High
CVE-2011-0448
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2017-17920
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-22904
Ruby on Rails Other Vulnerability
High
CVE-2006-4111
Ruby on Rails Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2006-4112
Ruby on Rails Vulnerability
High
CVE-2014-3514
Ruby on Rails Permissions Privileges and Access Controls Vulnerability
High
CVE-2021-22902
Ruby on Rails Vulnerability
High
CVE-2021-22885
Ruby on Rails Generation of Error Message Containing Sensitive Information Vulnerability
High
CVE-2023-22795
Ruby on Rails Inefficient Regular Expression Complexity Vulnerability
High
CVE-2023-22792
Ruby on Rails Inefficient Regular Expression Complexity Vulnerability
High
CVE-2024-26142
Ruby on Rails Inefficient Regular Expression Complexity Vulnerability
High
CVE-2026-33176
Ruby on Rails Uncontrolled Resource Consumption Vulnerability
High
CVE-2026-33174
Ruby on Rails Memory Allocation with Excessive Size Value Vulnerability
High
CVE-2014-3483
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2012-6496
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High