- How many CVEs does rubyonrails have?
- rubyonrails has 149 published CVE records since 2006, including 9 in the last two years.
- How many rubyonrails CVEs are in CISA KEV?
- Yes — 3 of rubyonrails's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which rubyonrails products have the most CVEs?
- The rubyonrails products with the most published CVEs are rails, ruby_on_rails, rails html sanitizers, html sanitizer, actionpack.
- What are the most common weakness types in rubyonrails CVEs?
- rubyonrails's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-400 (Uncontrolled Resource Consumption), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).
- Are there public exploits for rubyonrails vulnerabilities?
- Yes — 19 of rubyonrails's CVEs have a known public exploit.
- How many critical rubyonrails vulnerabilities are there?
- rubyonrails has 7 critical and 44 high-severity CVEs.
- What is the average severity of rubyonrails CVEs?
- The average CVSS base score across rubyonrails's scored CVEs is 6.1.