Security says CSRF token should be a nonce
|
|
1
|
89
|
May 15, 2025
|
Is `accept_nested_attributes_for` considered safe when used with Delegated Types?
|
|
5
|
222
|
March 10, 2025
|
Add salt in user password to make more scure?
|
|
3
|
143
|
February 26, 2025
|
[CVE-2024-47889] Possible ReDoS vulnerability in block_format in Action Mailer
|
|
0
|
686
|
October 15, 2024
|
[CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch
|
|
0
|
1137
|
December 10, 2024
|
How to implement key rotation for deterministic encryption?
|
|
0
|
61
|
December 5, 2024
|
[CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
|
|
0
|
520
|
October 15, 2024
|
[CVE-2024-41128] Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
|
|
0
|
733
|
October 15, 2024
|
[CVE-2024-47887] Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
|
|
0
|
812
|
October 15, 2024
|
How to implement secret rotation?
|
|
4
|
1735
|
November 20, 2023
|
[CVE-2023-38037] Possible File Disclosure of Locally Encrypted Files
|
|
0
|
6128
|
August 22, 2023
|
[CVE-2023-28362] Possible XSS via User Supplied Values to redirect_to
|
|
0
|
12144
|
June 26, 2023
|
[CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID
|
|
0
|
6014
|
January 17, 2023
|
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack's RFC2183 boundary parsing
|
|
0
|
4534
|
January 17, 2023
|
[CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing
|
|
0
|
6804
|
January 17, 2023
|
[CVE-2023-27539] Possible Denial of Service Vulnerability in Rack's header parsing
|
|
0
|
6950
|
March 13, 2023
|
[CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON
|
|
0
|
3948
|
March 13, 2023
|
[CVE-2023-28120] Possible XSS Security Vulnerability in SafeBuffer#bytesplice
|
|
0
|
8338
|
March 13, 2023
|
[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
|
|
0
|
6441
|
March 13, 2023
|
Help Needed: Auto-incrementing ID vulnerability causing database malfunctions
|
|
1
|
1166
|
March 13, 2023
|
[CVE-2023-27530] Possible DoS Vulnerability in Multipart MIME parsing
|
|
0
|
10505
|
March 2, 2023
|
Is It Possible for an Attacker to Parse and Submit Authenticity Token Separately?
|
|
2
|
1369
|
February 17, 2023
|
[CVE-2022-44570] Possible Denial of Service Vulnerability in Rack's Range header parsing
|
|
0
|
7224
|
January 17, 2023
|
[CVE-2023-22794] SQL Injection Vulnerability via ActiveRecord comments
|
|
0
|
31064
|
January 17, 2023
|
[CVE-2023-22795] Possible ReDoS based DoS vulnerability in Action Dispatch
|
|
0
|
7652
|
January 17, 2023
|
[CVE-2022-44566] Possible Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
|
|
0
|
7486
|
January 17, 2023
|
[CVE-2023-22797] Possible Open Redirect Vulnerability in Action Pack
|
|
0
|
5438
|
January 17, 2023
|
[CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support's underscore
|
|
0
|
7632
|
January 17, 2023
|
[CVE-2023-22792] Possible ReDoS based DoS vulnerability in Action Dispatch
|
|
0
|
7550
|
January 17, 2023
|
Add OpenSSF Scorecard GitHub Action
|
|
0
|
1476
|
December 12, 2022
|