All actionpack CVEs — Complete Vulnerability History
actionpack is Rails' routing and controller layer. CVEs here affect request handling and URL parsing across all Rails applications.
Ruby
3M+ weekly downloads
2 CVEs total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2022-23633 | 2022 | HIGH | Possible exposure of data in streamed responses | Fixed 7.0.2.3 |
| CVE-2023-28362 | 2023 | HIGH | XSS via redirect URLs with crafted query params | Fixed 7.0.5 |
Current safe version: 7.1.3
# Before gem 'actionpack', '6.1.0'
# After gem 'actionpack', '7.1.3'
Then run: bundle install
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Is actionpack updated separately from Rails?
actionpack is a component of Rails. Updating Rails updates actionpack automatically — you don't need to manage them separately.