actionpack vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-33167Lowactionpack: Rails has a possible XSS vulnerability in its Action Pack debug exceptionsCVE-2024-54133Lowactionpack: Possible Content Security Policy bypass in Action DispatchCVE-2024-47887Mediumactionpack: Possible ReDoS vulnerability in HTTP Token authentication in Action ControllerCVE-2024-41128Mediumactionpack: Possible ReDoS vulnerability in query parameter filtering in Action DispatchCVE-2024-28103Mediumactionpack: Missing security headers in Action Pack on non-HTML responsesCVE-2024-26143Mediumactionpack: Rails has possible XSS Vulnerability in Action ControllerCVE-2024-26142Lowactionpack: Rails has possible ReDoS vulnerability in Accept header parsing in Action DispatchCVE-2023-28362Mediumactionpack: Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_toCVE-2023-22792Lowactionpack: ReDoS based DoS vulnerability in Action DispatchCVE-2023-22797Mediumactionpack: Open Redirect Vulnerability in Action PackCVE-2023-22795Lowactionpack: ReDoS based DoS vulnerability in Action DispatchCVE-2022-22577Mediumactionpack: Cross-site Scripting Vulnerability in Action PackCVE-2011-1497Mediumactionpack: Cross site scripting in actionpack RubygemCVE-2022-23633Highactionpack: Exposure of information in Action PackCVE-2021-44528Mediumactionpack: actionpack Open Redirect in Host Authorization MiddlewareCVE-2021-22942Mediumactionpack: Open Redirect in ActionPackCVE-2021-22904Highactionpack: Possible DoS Vulnerability in Action Controller Token AuthenticationCVE-2021-22885Highactionpack: Action Pack contains Information Disclosure / Unintended Method Execution vulnerabilityCVE-2021-22903Mediumactionpack: Possible Open Redirect Vulnerability in Action PackCVE-2021-22902Highactionpack: Denial of Service in Action DispatchCVE-2020-8264Mediumactionpack: Cross-site scripting in actionpackCVE-2021-22881Mediumactionpack: Actionpack Open Redirect Vulnerability CVE-2020-8185Mediumactionpack: Untrusted users can run pending migrations in production in RailsCVE-2020-8166Mediumactionpack: Ability to forge per-form CSRF tokens in RailsCVE-2020-8164Highactionpack: Possible Strong Parameters Bypass in ActionPack

Stop the waste.
Protect your environment with Kodem.