activestorage vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-33658Lowactivestorage: Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requestsCVE-2026-33202Mediumactivestorage: Rails Active Storage has possible glob injection in its DiskServiceCVE-2026-33195Highactivestorage: Rails Active Storage has possible Path Traversal in DiskServiceCVE-2026-33174Mediumactivestorage: Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requestsCVE-2026-33173Mediumactivestorage: Rails Active Storage has possible content type bypass via metadata in direct uploadsCVE-2025-24293Criticalactivestorage: Active Storage allowed transformation methods that were potentially unsafeCVE-2024-26144Mediumactivestorage: Rails has possible Sensitive Session Information Leak in Active StorageCVE-2022-21831Criticalactivestorage: Possible code injection vulnerability in Rails / Active StorageCVE-2020-8162Highactivestorage: Circumvention of file size limits in ActiveStorageCVE-2018-16477Mediumactivestorage: Exposure of Sensitive Information to an Unauthorized Actor in activestorage

Stop the waste.
Protect your environment with Kodem.