rubygems actionpack Vulnerabilities: CVEs, CISA KEV & Security Advisories

rubygems actionpack has 63 published CVE records since 2009, of which 2 are in CISA's Known Exploited Vulnerabilities catalog and 9 have a known public exploit. The average CVSS base score across scored CVEs is 5.7.

Affected versions and CVEs

Browse every rubygems actionpack version named in a CVE, then pick one to see only the CVEs that affect it.

Fixed in

4.0.25 CVEs
3.2.164 CVEs
6.1.3.24 CVEs
2.3.133 CVEs
3.0.43 CVEs
3.2.22.13 CVEs
4.1.14.13 CVEs
4.2.5.13 CVEs
6.0.3.73 CVEs
7.0.4.13 CVEs
2.2.32 CVEs
2.3.112 CVEs
2.3.162 CVEs
2.3.182 CVEs
2.3.42 CVEs
3.0.102 CVEs
3.0.172 CVEs
3.1.122 CVEs
3.1.82 CVEs
3.2.132 CVEs
3.2.172 CVEs
3.2.22.22 CVEs
3.2.82 CVEs
4.1.14.22 CVEs
5.2.4.32 CVEs
5.2.4.62 CVEs
5.2.62 CVEs
6.0.3.12 CVEs
6.1.7.12 CVEs
6.1.7.92 CVEs
7.0.8.52 CVEs
7.1.3.12 CVEs
7.1.4.12 CVEs
7.2.1.12 CVEs
2.1.31 CVE
2.2.21 CVE
2.3.121 CVE
2.3.151 CVE
2.3.51 CVE
3.0.111 CVE
3.0.121 CVE
3.0.131 CVE
3.0.141 CVE
3.0.161 CVE
3.0.191 CVE
3.0.61 CVE
3.0.81 CVE
3.1.101 CVE
3.1.21 CVE
3.1.41 CVE
3.1.51 CVE
3.1.61 CVE
3.1.71 CVE
3.2.111 CVE
3.2.181 CVE
3.2.21 CVE
3.2.201 CVE
3.2.211 CVE
3.2.41 CVE
3.2.61 CVE
3.2.71 CVE
4.0.111 CVE
4.0.121 CVE
4.0.31 CVE
4.0.51 CVE
4.1.11 CVE
4.1.71 CVE
4.1.81 CVE
4.2.0.beta31 CVE
4.2.0.beta41 CVE
4.2.5.21 CVE
5.2.6.21 CVE
5.2.7.11 CVE
5.2.8.151 CVE
6.0.3.21 CVE
6.0.3.41 CVE
6.0.3.51 CVE
6.0.4.11 CVE
6.0.4.21 CVE
6.0.4.61 CVE
6.0.4.81 CVE
6.1.2.11 CVE
6.1.4.11 CVE
6.1.4.21 CVE
6.1.4.61 CVE
6.1.5.11 CVE
6.1.7.41 CVE
6.1.7.81 CVE
7.0.2.21 CVE
7.0.2.41 CVE
7.0.5.11 CVE
7.0.8.11 CVE
7.0.8.41 CVE
7.0.8.71 CVE
7.1.3.41 CVE
7.1.5.11 CVE
7.2.0.beta21 CVE
7.2.2.11 CVE
8.0.0.11 CVE
8.1.2.11 CVE

Find a version

63 CVEs

Sort

Rails has a possible XSS vulnerability in its Action Pack debug exceptions
CVE-2026-33167
Patch
CWE-79
Low · CVSS 1.3
EPSS 0.0% (6th pct)2026-03-23
Medium vulnerability · 2025-01-09
CVE-2023-28362
Patch
CWE-116
Medium · CVSS 4.0
EPSS 0.2% (43th pct)2025-01-09
Low vulnerability · 2024-12-10
CVE-2024-54133
Patch
CWE-79
Low · CVSS 2.3
EPSS 0.2% (41th pct)2024-12-10
Medium vulnerability · 2024-10-16
CVE-2024-47887
Patch
CWE-1333
Medium · CVSS 6.6
EPSS 0.3% (51th pct)2024-10-16
Medium vulnerability · 2024-10-16
CVE-2024-41128
Patch
CWE-770
Medium · CVSS 6.6
EPSS 0.6% (69th pct)2024-10-16
Action Pack is missing security headers on non-HTML responses
CVE-2024-28103
Patch
CWE-20
Medium · CVSS 5.4
EPSS 0.8% (75th pct)2024-06-04
Medium vulnerability · 2024-02-27
CVE-2024-26143
Patch
CWE-79
Medium · CVSS 6.1
EPSS 2.1% (84th pct)2024-02-27
High vulnerability · 2024-02-27
CVE-2024-26142
Public exploit
Patch
CWE-1333
High · CVSS 7.5
EPSS 3.5% (88th pct)2024-02-27
Medium vulnerability · 2023-02-09
CVE-2023-22797
Patch
CWE-601
Medium · CVSS 6.1
EPSS 0.2% (37th pct)2023-02-09
Vulnerability · 2023-02-09
CVE-2023-22795
Patch
CWE-400
Unscored
EPSS 1.3% (80th pct)2023-02-09
High vulnerability · 2023-02-09
CVE-2023-22792
Patch
CWE-400
High · CVSS 7.5
EPSS 2.3% (85th pct)2023-02-09
Low vulnerability · 2022-10-26
CVE-2022-3704
Public exploit
Patch
CWE-707
Low · CVSS 3.5
EPSS 0.3% (52th pct)2022-10-26
Vulnerability · 2022-05-26
CVE-2022-22577
Patch
CWE-79
Unscored
EPSS 0.5% (66th pct)2022-05-26
High vulnerability · 2022-02-11
CVE-2022-23633
Patch
CWE-200
High · CVSS 7.4
EPSS 0.2% (40th pct)2022-02-11
Vulnerability · 2022-01-07
CVE-2021-44528
Patch
CWE-601
Unscored
EPSS 28.6% (97th pct)2022-01-07
Vulnerability · 2021-10-19
CVE-2011-1497
Patch
CWE-79
Unscored
EPSS 0.3% (56th pct)2021-10-19
Vulnerability · 2021-10-18
CVE-2021-22942
Patch
CWE-601
Unscored
EPSS 0.5% (68th pct)2021-10-18
Vulnerability · 2021-06-11
CVE-2021-22904
Patch
CWE-400
Unscored
EPSS 3.3% (88th pct)2021-06-11
Vulnerability · 2021-06-11
CVE-2021-22903
Patch
CWE-601
Unscored
EPSS 0.1% (27th pct)2021-06-11
Vulnerability · 2021-06-11
CVE-2021-22902
Patch
CWE-400
Unscored
EPSS 0.7% (72th pct)2021-06-11
Vulnerability · 2021-05-27
CVE-2021-22885
Patch
CWE-209
Unscored
EPSS 1.3% (80th pct)2021-05-27
Vulnerability · 2021-02-11
CVE-2021-22881
Patch
CWE-601
Unscored
EPSS 15.5% (95th pct)2021-02-11
Vulnerability · 2021-01-06
CVE-2020-8264
Patch
CWE-79
Unscored
EPSS 2.1% (84th pct)2021-01-06
Medium vulnerability · 2020-07-02
CVE-2020-8166
Public exploit
Patch
CWE-352
Medium · CVSS 4.3
EPSS 0.4% (64th pct)2020-07-02
Vulnerability · 2020-07-02
CVE-2020-8185
Patch
CWE-400
Unscored
EPSS 0.7% (72th pct)2020-07-02
Vulnerability · 2020-06-19
CVE-2020-8164
Patch
CWE-502
Unscored
EPSS 7.4% (92th pct)2020-06-19
Vulnerability · 2016-04-07
CVE-2016-2098
Public exploit
Patch
Unscored
EPSS 86.7% (99th pct)2016-04-07
Vulnerability · 2016-04-07
CVE-2016-2097
Patch
Unscored
EPSS 1.9% (84th pct)2016-04-07
High vulnerability · 2016-02-16
CVE-2016-0752
CISA KEV
Public exploit
Patch
CWE-22
Added to CISA KEV 2022-03-25
High · CVSS 8.7
EPSS 90.5% (100th pct)2016-02-16
Vulnerability · 2016-02-16
CVE-2016-0751
Patch
Unscored
EPSS 8.9% (93th pct)2016-02-16

Showing 30 of 63

rubygems actionpack Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Fixed in

Common weakness types

Disclosure activity by year

Other rubygems products

Frequently asked questions

How many CVEs does rubygems actionpack have?

How many rubygems actionpack CVEs are in CISA KEV?

Are there public exploits for rubygems actionpack vulnerabilities?

Which versions of rubygems actionpack are affected?

What are the most common weakness types in rubygems actionpack CVEs?

What is the average severity of rubygems actionpack CVEs?

References

Track rubygems actionpack vulnerabilities