Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Rails
Activesupport

rails ActiveSupport Vulnerabilities: CVEs, CISA KEV & Security Advisories

5 CVEs

rails ActiveSupport Vulnerabilities

CVE security advisories and vulnerability history for ActiveSupport by rails.

5

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

0

Public exploits

With known exploit

5.9

Avg CVSS

2025–2026

Last updated March 23, 2026

Overview

rails ActiveSupport has 5 published CVE records since 2025, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 0 have a known public exploit. The average CVSS base score across scored CVEs is 5.9.

This page aggregates every publicly disclosed vulnerability (CVE) affecting rails ActiveSupport, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of rails ActiveSupport's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High0

Medium5

Low0

In CISA’s Known Exploited Vulnerabilities catalog

0

None of rails ActiveSupport's CVEs are currently listed in CISA's KEV catalog.

Public exploits

0

No rails ActiveSupport CVEs currently have a tracked public exploit.

Affected versions and CVEs

Browse every rails ActiveSupport version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

< 7.2.3.13 CVEs
>= 8.0.0.beta1, < 8.0.4.13 CVEs
>= 8.1.0.beta1, < 8.1.2.13 CVEs

Fixed in

>= 5.2.01 CVE
6.1.7.31 CVE
7.0.4.31 CVE

Find a version

5 CVEs

Sort

Rails Active Support has a possible DoS vulnerability in its number helpers
CVE-2026-33176
Patch
CWE-400
Medium · CVSS 6.6
EPSS 0.0% (10th pct)2026-03-23
Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
CVE-2026-33170
Patch
CWE-79
Medium · CVSS 5.3
EPSS 0.0% (2th pct)2026-03-23
Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
CVE-2026-33169
Patch
CWE-400
Medium · CVSS 6.9
EPSS 0.0% (6th pct)2026-03-23
Medium vulnerability · 2025-01-09
CVE-2023-38037
Patch
CWE-732
Medium · CVSS 5.5
EPSS 0.1% (26th pct)2025-01-09
Medium vulnerability · 2025-01-09
CVE-2023-28120
Patch
CWE-79
Medium · CVSS 5.3
EPSS 0.4% (61th pct)2025-01-09

Common weakness types

The CWE weakness categories most often found in rails ActiveSupport CVEs. Follow any weakness for its full explanation.

CWE-400Uncontrolled Resource Consumption2 CVEs
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2 CVEs
CWE-732Incorrect Permission Assignment for Critical Resource1 CVE

Disclosure activity by year

How many rails ActiveSupport CVEs were published each year.

2025

2

2026

3

Other rails products

Browse vulnerabilities for other products by rails.

rails66 CVEs rails-html-sanitizer11 CVEs activestorage6 CVEs actionview3 CVEs https://github.com/rails/rails3 CVEs Action Pack1 CVEs actionpack1 CVEs actionpack-page_caching1 CVEs

All rails vulnerabilities

Frequently asked questions

Common questions about rails ActiveSupport vulnerabilities.

How many CVEs does rails ActiveSupport have?

rails ActiveSupport has 5 published CVE records since 2025.

How many rails ActiveSupport CVEs are in CISA KEV?

None of rails ActiveSupport's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for rails ActiveSupport vulnerabilities?

No rails ActiveSupport CVEs currently have a tracked public exploit in this dataset.

Which versions of rails ActiveSupport are affected?

6 distinct rails ActiveSupport versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in rails ActiveSupport CVEs?

rails ActiveSupport's CVEs most often map to these CWE weakness types: CWE-400 (Uncontrolled Resource Consumption), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-732 (Incorrect Permission Assignment for Critical Resource).

What is the average severity of rails ActiveSupport CVEs?

The average CVSS base score across rails ActiveSupport's scored CVEs is 5.9.

References

All rails vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track rails ActiveSupport vulnerabilities

Monitor new rails ActiveSupport vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References