This is a list of all official Rails vulnerabilities from the last years with CVE numbers.
Learn
Learn to hack a Rails application
A vulnerable Rails app that follows the OWASP Top 10
Vulnerability types
Avoid race conditions with locking
2 processes updating a record may have unexpected results
Command injection in Rails
Injecting parameters or entire Unix commands
JavaScript-based DDoS
A distributed layer-7 (http) attack
Markdown and Textile security
Using another language doesn’t fix XSS
RubyGems security
Keep your gems and RubyGems sources safe
