Browse all 45 CVE security advisories affecting Rails. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rails is a widely adopted web application framework designed to accelerate development through convention over configuration, primarily powering dynamic websites and APIs. Its extensive ecosystem has historically exposed it to diverse security challenges, with recorded vulnerabilities frequently involving remote code execution, cross-site scripting, and SQL injection. Privilege escalation and mass assignment issues also appear commonly due to the framework’s automatic parameter binding mechanisms. While recent versions have significantly hardened default configurations, legacy applications remain susceptible to injection attacks and insecure deserialization. Notable incidents often stem from misconfigured generators or outdated dependencies rather than core framework flaws. The sheer volume of forty-five CVEs reflects its long market presence and complexity. Developers must prioritize regular dependency updates and strict input validation to mitigate risks, ensuring that the framework’s convenience does not compromise application integrity against evolving threat landscapes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33167 | Rails has a possible XSS vulnerability in its Action Pack debug exceptions — actionpackCWE-79 | 6.1 | - | 2026-03-23 |
This page lists every published CVE security advisory associated with Rails. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.