Product
heartcombo devise
6 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-40295
CVE-2026-32700
CVE-2015-8314
CVE-2019-16109
CVE-2019-5421
CVE-2013-0233
< 5.0.4
Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enable
< 5.0.3
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable m
< 3.5.4
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthori
< 4.7.1
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmat
<= 4.5.0
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models:
all versions
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databas