All activerecord CVEs — Complete Vulnerability History
activerecord is Rails' ORM layer. SQL injection CVEs here are critical — they affect any Rails app using the database query interface with user input.
Ruby
3M+ weekly downloads
2 CVEs total
1 CRITICAL
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2021-22880 | 2021 | HIGH | ReDoS via specially crafted PostgreSQL range | Fixed 6.1.2.1 |
| CVE-2022-32224 | 2022 | CRITICAL | RCE via YAML deserialization in PostgreSQL adapter | Fixed 7.0.3.1 |
Current safe version: 7.1.3
# Before gem 'activerecord', '6.1.0'
# After gem 'activerecord', '7.1.3'
Then run: bundle install
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
How do I prevent SQL injection in Rails?
Always use parameterized queries: Model.where('name = ?', name) not Model.where("name = '#{name}'"). Never interpolate user input directly into query strings.