[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-8264":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":54,"duplicate_of":9,"upstream":55,"downstream":56,"duplicates":85,"related":86,"reserved_at":9,"published_at":100,"modified_at":101,"state":102,"summary":103,"references_raw":111,"kevs":125,"epss":126,"epss_history":129,"metrics":386,"affected":397},"CVE-2020-8264","In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_1B11AA76C3B05A9A","Exploit Reference (hackerone.com)","reference","https://hackerone.com/reports/904059","unknown",0.2,false,[],[],[],[57,59,61,63,65,67,69,71,73,75,77,79,81,83],{"_key":58},"OPENSUSE-SU-2024:11818-1",{"_key":60},"OPENSUSE-SU-2024:11819-1",{"_key":62},"OPENSUSE-SU-2024:11820-1",{"_key":64},"OPENSUSE-SU-2024:11821-1",{"_key":66},"OPENSUSE-SU-2024:11822-1",{"_key":68},"OPENSUSE-SU-2024:11823-1",{"_key":70},"OPENSUSE-SU-2024:11824-1",{"_key":72},"OPENSUSE-SU-2024:11825-1",{"_key":74},"OPENSUSE-SU-2024:11826-1",{"_key":76},"OPENSUSE-SU-2024:11827-1",{"_key":78},"OPENSUSE-SU-2024:11828-1",{"_key":80},"OPENSUSE-SU-2024:11831-1",{"_key":82},"OPENSUSE-SU-2024:11832-1",{"_key":84},"DEBIAN-CVE-2020-8264",[],[87,88,89,90,91,92,93,94,95,96,97,98,99],{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":72},{"_key":74},{"_key":76},{"_key":78},{"_key":80},{"_key":82},"2021-01-06T21:02:35.000Z","2024-08-04T09:56:28.149Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":104,"epss_score":105,"severity":106,"severity_score":107,"severity_version":108,"severity_source":109,"severity_vector":110,"severity_status":102},"low",0.0205,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[112,120],{"url":49,"sources":113,"tags":115},[114,109],"cve.org",[116,117,118,119],"X Refsource MISC","Exploit","Patch","Third Party Advisory",{"url":121,"sources":122,"tags":123},"https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ",[114,109],[116,124,119],"Mailing List",[],{"date":127,"score":105,"percentile":128},"2026-06-04",0.84187,[130,134,137,140,143,146,149,152,155,158,161,163,166,169,171,175,178,181,184,187,190,193,196,198,201,204,207,210,214,217,220,223,226,229,231,233,236,239,242,245,248,251,254,256,259,262,265,268,271,274,277,280,283,286,289,292,295,298,301,304,307,310,313,316,319,322,325,327,330,333,336,339,342,344,346,348,350,352,355,357,359,362,364,367,370,373,376,378,380,383],{"date":131,"score":132,"percentile":133},"2025-11-04",0.00346,0.5653,{"date":135,"score":132,"percentile":136},"2025-11-05",0.56507,{"date":138,"score":132,"percentile":139},"2025-11-06",0.5651,{"date":141,"score":132,"percentile":142},"2025-11-07",0.56524,{"date":144,"score":132,"percentile":145},"2025-11-08",0.56527,{"date":147,"score":132,"percentile":148},"2025-11-09",0.56515,{"date":150,"score":132,"percentile":151},"2025-11-10",0.56489,{"date":153,"score":132,"percentile":154},"2025-11-11",0.56503,{"date":156,"score":132,"percentile":157},"2025-11-12",0.56529,{"date":159,"score":132,"percentile":160},"2025-11-13",0.56534,{"date":162,"score":132,"percentile":160},"2025-11-14",{"date":164,"score":132,"percentile":165},"2025-11-15",0.56526,{"date":167,"score":132,"percentile":168},"2025-11-16",0.56509,{"date":170,"score":132,"percentile":154},"2025-11-17",{"date":172,"score":173,"percentile":174},"2025-11-18",0.00252,0.45214,{"date":176,"score":173,"percentile":177},"2025-11-19",0.45221,{"date":179,"score":173,"percentile":180},"2025-11-20",0.45228,{"date":182,"score":132,"percentile":183},"2025-11-21",0.56517,{"date":185,"score":132,"percentile":186},"2025-11-22",0.56513,{"date":188,"score":132,"percentile":189},"2025-11-23",0.56486,{"date":191,"score":132,"percentile":192},"2025-11-24",0.5648,{"date":194,"score":132,"percentile":195},"2025-11-25",0.56485,{"date":197,"score":132,"percentile":151},"2025-11-26",{"date":199,"score":132,"percentile":200},"2025-11-27",0.5649,{"date":202,"score":132,"percentile":203},"2025-11-28",0.56465,{"date":205,"score":132,"percentile":206},"2025-11-29",0.56452,{"date":208,"score":132,"percentile":209},"2025-11-30",0.56444,{"date":211,"score":212,"percentile":213},"2025-12-01",0.0045,0.62972,{"date":215,"score":212,"percentile":216},"2025-12-02",0.6299,{"date":218,"score":212,"percentile":219},"2025-12-03",0.62994,{"date":221,"score":132,"percentile":222},"2025-12-04",0.56446,{"date":224,"score":132,"percentile":225},"2025-12-05",0.56461,{"date":227,"score":132,"percentile":228},"2025-12-06",0.56463,{"date":230,"score":132,"percentile":225},"2025-12-07",{"date":232,"score":132,"percentile":228},"2025-12-08",{"date":234,"score":132,"percentile":235},"2025-12-09",0.56484,{"date":237,"score":132,"percentile":238},"2025-12-10",0.56542,{"date":240,"score":132,"percentile":241},"2025-12-11",0.56566,{"date":243,"score":132,"percentile":244},"2025-12-12",0.56591,{"date":246,"score":132,"percentile":247},"2025-12-13",0.56587,{"date":249,"score":132,"percentile":250},"2025-12-14",0.56584,{"date":252,"score":132,"percentile":253},"2025-12-15",0.56571,{"date":255,"score":132,"percentile":250},"2025-12-16",{"date":257,"score":132,"percentile":258},"2025-12-17",0.56602,{"date":260,"score":132,"percentile":261},"2025-12-18",0.56645,{"date":263,"score":132,"percentile":264},"2025-12-19",0.56653,{"date":266,"score":132,"percentile":267},"2025-12-20",0.56649,{"date":269,"score":132,"percentile":270},"2025-12-21",0.56628,{"date":272,"score":132,"percentile":273},"2025-12-22",0.56608,{"date":275,"score":132,"percentile":276},"2025-12-23",0.56614,{"date":278,"score":132,"percentile":279},"2025-12-24",0.56623,{"date":281,"score":132,"percentile":282},"2025-12-25",0.56667,{"date":284,"score":132,"percentile":285},"2025-12-26",0.56663,{"date":287,"score":132,"percentile":288},"2025-12-27",0.56718,{"date":290,"score":132,"percentile":291},"2025-12-28",0.56633,{"date":293,"score":132,"percentile":294},"2025-12-29",0.56624,{"date":296,"score":132,"percentile":297},"2025-12-30",0.5662,{"date":299,"score":132,"percentile":300},"2025-12-31",0.56638,{"date":302,"score":212,"percentile":303},"2026-01-01",0.63257,{"date":305,"score":212,"percentile":306},"2026-01-02",0.6324,{"date":308,"score":212,"percentile":309},"2026-01-03",0.63239,{"date":311,"score":132,"percentile":312},"2026-01-04",0.56607,{"date":314,"score":132,"percentile":315},"2026-01-05",0.56596,{"date":317,"score":132,"percentile":318},"2026-01-06",0.56606,{"date":320,"score":132,"percentile":321},"2026-01-07",0.56632,{"date":323,"score":132,"percentile":324},"2026-01-08",0.56651,{"date":326,"score":132,"percentile":324},"2026-01-09",{"date":328,"score":132,"percentile":329},"2026-01-10",0.5665,{"date":331,"score":132,"percentile":332},"2026-01-11",0.56627,{"date":334,"score":132,"percentile":335},"2026-01-12",0.5659,{"date":337,"score":132,"percentile":338},"2026-01-13",0.56562,{"date":340,"score":132,"percentile":341},"2026-01-14",0.56604,{"date":343,"score":132,"percentile":312},"2026-01-15",{"date":345,"score":132,"percentile":291},"2026-01-16",{"date":347,"score":132,"percentile":294},"2026-01-17",{"date":349,"score":132,"percentile":294},"2026-01-18",{"date":351,"score":132,"percentile":273},"2026-01-19",{"date":353,"score":132,"percentile":354},"2026-01-20",0.5661,{"date":356,"score":132,"percentile":276},"2026-01-21",{"date":358,"score":132,"percentile":276},"2026-01-22",{"date":360,"score":132,"percentile":361},"2026-01-23",0.56659,{"date":363,"score":132,"percentile":285},"2026-01-24",{"date":365,"score":132,"percentile":366},"2026-01-25",0.56625,{"date":368,"score":132,"percentile":369},"2026-01-26",0.56611,{"date":371,"score":132,"percentile":372},"2026-01-27",0.56621,{"date":374,"score":132,"percentile":375},"2026-01-28",0.56634,{"date":377,"score":132,"percentile":375},"2026-01-29",{"date":379,"score":132,"percentile":300},"2026-01-30",{"date":381,"score":132,"percentile":382},"2026-01-31",0.56639,{"date":384,"score":212,"percentile":385},"2026-02-01",0.63291,[387],{"source":109,"cvss_v2_0":388,"cvss_v3_0":9,"cvss_v3_1":393,"cvss_v4_0":9},{"baseScore":389,"baseSeverity":9,"vectorString":390,"impactScore":391,"exploitabilityScore":392},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":107,"baseSeverity":394,"vectorString":110,"impactScore":395,"exploitabilityScore":396},"MEDIUM",4.5,7.2,[398],{"ecosystem":9,"name":399,"vendor":400,"product":399,"cpe_part":401,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":402},"rails","rubyonrails","a",[403],{"version":404,"is_range":405,"range_type":406,"version_start":407,"version_start_type":408,"version_end":409,"version_end_type":410,"fixed_in":9},"gte6.0.0_lt6.0.3.4",true,"cpe","6.0.0","including","6.0.3.4","excluding"]