| CVE-2013-0233 |
medium |
— |
7.8 |
|
|
|
14y ago |
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing databas… |
| CVE-2026-40295 |
medium |
6.1 |
6.1 |
|
|
|
22d ago |
Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler |
| CVE-2026-32700 |
unknown |
— |
— |
|
|
|
3mo ago |
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own.… |
| CVE-2019-16109 |
unknown |
— |
— |
|
|
|
7y ago |
Authentication Bypass in Devise |
| CVE-2019-5421 |
unknown |
— |
— |
|
|
|
7y ago |
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempt… |
| CVE-2015-8314 |
unknown |
— |
— |
|
|
|
11y ago |
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. |