Rails Activesupport
5 CVEs affecting Rails Activesupport. Latest disclosed: 2026-03-23. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-38037 | Medium | 5.5 | 2025-01-09 | ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's curren… |
CVE-2026-33176 | | 2026-03-23 | Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1… | |
CVE-2026-33170 | | 2026-03-23 | Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1… | |
CVE-2026-33169 | | 2026-03-23 | Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToDelimitedConverter` uses a lookahead-bas… | |
CVE-2023-28120 | | 2025-01-09 | There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. |