view_component
RubyGems4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting view_componentpage 1 of 1
- CVE-2022-24722HIGHCVSS 8.1EG 8.1✓ Fixed in 2.49.12022-03-02
vulnerable: 2.32.0 ... 2.49.0 (19 versions)
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component…
- CVE-2024-21636MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.83.02024-01-04
vulnerable: 1.16.0 ... 2.9.0 (109 versions)
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone renderin…
- CVE-2026-44836MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.9.02026-05-26
vulnerable: 3.0.0 ... 4.8.0 (54 versions)
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with public_send. The code does not …
- CVE-2026-44837HIGHCVSS 7.5EG 7.5✓ Fixed in 4.9.02026-05-26
vulnerable: 3.0.0 ... 4.8.0 (54 versions)
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whe…
Check whether view_component is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for view_component CVEs against the assets you own.
Start Free Scan →