Security Announcements

Topic	Replies	Views	Activity
About the Security Announcements category	1	4580	February 10, 2021
[CVE-2026-33167] Possible XSS vulnerability in Action Pack debug exceptions announcement , security	0	546	March 23, 2026
[CVE-2026-33168] Possible XSS vulnerability in Action View tag helpers announcement , security	0	334	March 23, 2026
[CVE-2026-33169] Possible ReDoS vulnerability in number_to_delimited in Active Support announcement , security	0	289	March 23, 2026
[CVE-2026-33170] Possible XSS vulnerability in SafeBuffer#% in Active Support announcement , security	0	269	March 23, 2026
[CVE-2026-33173] Insufficient filtering of metadata in Active Storage direct uploads announcement , security	0	239	March 23, 2026
[CVE-2026-33174] Possible DoS vulnerability in Active Storage proxy mode via Range requests announcement , security	0	238	March 23, 2026
[CVE-2026-33176] Possible DoS vulnerability in Active Support number helpers announcement , security	0	269	March 23, 2026
[CVE-2026-33658] Possible DoS vulnerability in Active Storage proxy mode via multi-range requests announcement , security	0	328	March 23, 2026
This was a previous vulnerability re-published by mistake. Please ignore CVE-2026-33178 announcement , security	0	68	March 23, 2026
[CVE-2026-33195] Possible path traversal in Active Storage DiskService announcement , security	0	250	March 23, 2026
[CVE-2026-33202] Possible glob injection in Active Storage DiskService announcement , security	0	250	March 23, 2026
[CVE-2025-24293] Active Storage allowed transformation methods potentially unsafe announcement , security	0	1812	August 13, 2025
[CVE-2025-55193] ANSI escape injection in Active Record logging announcement , security	0	1055	August 13, 2025
[CVE-2024-47889] Possible ReDoS vulnerability in block_format in Action Mailer security	0	904	October 15, 2024
[CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch announcement , security	0	1370	December 10, 2024
Rails-html-sanitizer v1.6.1 addresses multiple CVEs	0	576	December 2, 2024
[CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text security	0	585	October 15, 2024
[CVE-2024-41128] Possible ReDoS vulnerability in query parameter filtering in Action Dispatch security	0	815	October 15, 2024
[CVE-2024-47887] Possible ReDoS vulnerability in HTTP Token authentication in Action Controller security	0	905	October 15, 2024
[CVE-2024-32464] ActionText ContentAttachment's can Contain Unsanitized HTML	0	2327	June 4, 2024
[CVE-2024-28103] Permissions-Policy is Only Served on HTML Content-Type	0	1921	June 4, 2024
XSS Vulnerabilities in Trix Editor announcement	0	1843	May 17, 2024
Possible XSS Vulnerability in Action Controller announcement , patch	2	8099	February 27, 2024
Possible Denial of Service Vulnerability in Rack Header Parsing announcement , rack	0	4669	February 21, 2024
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch announcement , patch	0	3943	February 21, 2024
Denial of Service Vulnerability in Rack Content-Type Parsing announcement , rack	0	5027	February 21, 2024
Possible Sensitive Session Information Leak in Active Storage announcement , patch	0	5513	February 21, 2024
Possible DoS Vulnerability with Range Header in Rack announcement , rack	0	4735	February 21, 2024
[CVE-2023-38037] Possible File Disclosure of Locally Encrypted Files announcement , security	0	6210	August 22, 2023