Rails security vulnerabilities and threats

This is a list of all official Rails vulnerabilities from the last years with CVE numbers.


Learn to hack a Rails application

A vulnerable Rails app that follows the OWASP Top 10

Vulnerability types

Avoid race conditions with locking

2 processes updating a record may have unexpected results

Command injection in Rails

Injecting parameters or entire Unix commands

JavaScript-based DDoS

A distributed layer-7 (http) attack

Markdown and Textile security

Using another language doesn’t fix XSS

RubyGems security

Keep your gems and RubyGems sources safe