[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-22794":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":54,"duplicate_of":9,"upstream":55,"downstream":56,"duplicates":71,"related":72,"reserved_at":9,"published_at":76,"modified_at":77,"state":78,"summary":79,"references_raw":87,"kevs":103,"epss":104,"epss_history":107,"metrics":367,"affected":373},"CVE-2023-22794","A vulnerability in ActiveRecord \u003C6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-89","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-109","Object Relational Mapping Injection",[],{"id":29,"name":30,"techniques":31},"CAPEC-110","SQL Injection through SOAP Parameter Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-470","Expanding Control over the Operating System from the Database",[],{"id":37,"name":38,"techniques":39},"CAPEC-66","SQL Injection",[],{"id":41,"name":42,"techniques":43},"CAPEC-7","Blind SQL Injection",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_58FE3092099BBF30","Exploit Reference (discuss.rubyonrails.org)","reference","https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117","unknown",0.2,false,[],[],[],[57,59,61,63,65,67,69],{"_key":58},"OPENSUSE-SU-2024:12766-1",{"_key":60},"OPENSUSE-SU-2024:14069-1",{"_key":62},"OPENSUSE-SU-2025:15112-1",{"_key":64},"DSA-5372-1",{"_key":66},"DEBIAN-CVE-2023-22794",{"_key":68},"UBUNTU-CVE-2023-22794",{"_key":70},"RHSA-2023:6818",[],[73,74,75],{"_key":58},{"_key":60},{"_key":62},"2023-02-09T00:00:00.000Z","2024-08-02T10:20:30.748Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":80,"epss_score":81,"severity":82,"severity_score":83,"severity_version":84,"severity_source":85,"severity_vector":86,"severity_status":78},"low",0.05757,"high",8.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[88,95,99],{"url":49,"sources":89,"tags":91},[90,85],"cve.org",[92,93,94],"Exploit","Patch","Vendor Advisory",{"url":96,"sources":97,"tags":98},"https://www.debian.org/security/2023/dsa-5372",[90,85],[94],{"url":100,"sources":101,"tags":102},"https://security.netapp.com/advisory/ntap-20240202-0008/",[90,85],[],[],{"date":105,"score":81,"percentile":106},"2026-06-04",0.90619,[108,112,115,118,121,124,127,130,133,136,139,142,145,148,150,154,157,160,163,166,168,171,174,176,178,180,183,185,189,192,194,197,200,202,204,206,209,212,215,218,221,224,227,230,233,236,239,241,244,246,249,252,255,258,261,264,267,270,273,277,280,283,285,288,291,294,297,300,303,306,308,311,314,317,320,323,326,328,331,333,336,340,343,346,349,352,355,357,360,363],{"date":109,"score":110,"percentile":111},"2025-11-04",0.05265,0.89517,{"date":113,"score":110,"percentile":114},"2025-11-05",0.89515,{"date":116,"score":110,"percentile":117},"2025-11-06",0.89513,{"date":119,"score":110,"percentile":120},"2025-11-07",0.89519,{"date":122,"score":110,"percentile":123},"2025-11-08",0.89522,{"date":125,"score":110,"percentile":126},"2025-11-09",0.8952,{"date":128,"score":110,"percentile":129},"2025-11-10",0.89518,{"date":131,"score":110,"percentile":132},"2025-11-11",0.89521,{"date":134,"score":110,"percentile":135},"2025-11-12",0.89528,{"date":137,"score":110,"percentile":138},"2025-11-13",0.89531,{"date":140,"score":110,"percentile":141},"2025-11-14",0.89535,{"date":143,"score":110,"percentile":144},"2025-11-15",0.89532,{"date":146,"score":110,"percentile":147},"2025-11-16",0.89533,{"date":149,"score":110,"percentile":144},"2025-11-17",{"date":151,"score":152,"percentile":153},"2025-11-18",0.02312,0.83426,{"date":155,"score":152,"percentile":156},"2025-11-19",0.83428,{"date":158,"score":152,"percentile":159},"2025-11-20",0.83433,{"date":161,"score":110,"percentile":162},"2025-11-21",0.89542,{"date":164,"score":110,"percentile":165},"2025-11-22",0.89544,{"date":167,"score":110,"percentile":162},"2025-11-23",{"date":169,"score":110,"percentile":170},"2025-11-24",0.89546,{"date":172,"score":110,"percentile":173},"2025-11-25",0.8955,{"date":175,"score":110,"percentile":173},"2025-11-26",{"date":177,"score":110,"percentile":173},"2025-11-27",{"date":179,"score":110,"percentile":162},"2025-11-28",{"date":181,"score":110,"percentile":182},"2025-11-29",0.89601,{"date":184,"score":110,"percentile":182},"2025-11-30",{"date":186,"score":187,"percentile":188},"2025-12-01",0.02729,0.8552,{"date":190,"score":187,"percentile":191},"2025-12-02",0.85524,{"date":193,"score":187,"percentile":191},"2025-12-03",{"date":195,"score":110,"percentile":196},"2025-12-04",0.89604,{"date":198,"score":110,"percentile":199},"2025-12-05",0.89605,{"date":201,"score":110,"percentile":199},"2025-12-06",{"date":203,"score":110,"percentile":182},"2025-12-07",{"date":205,"score":110,"percentile":182},"2025-12-08",{"date":207,"score":110,"percentile":208},"2025-12-09",0.89606,{"date":210,"score":110,"percentile":211},"2025-12-10",0.89618,{"date":213,"score":110,"percentile":214},"2025-12-11",0.89621,{"date":216,"score":110,"percentile":217},"2025-12-12",0.89627,{"date":219,"score":110,"percentile":220},"2025-12-13",0.8963,{"date":222,"score":110,"percentile":223},"2025-12-14",0.89632,{"date":225,"score":110,"percentile":226},"2025-12-15",0.89633,{"date":228,"score":110,"percentile":229},"2025-12-16",0.89624,{"date":231,"score":110,"percentile":232},"2025-12-17",0.89629,{"date":234,"score":110,"percentile":235},"2025-12-18",0.89635,{"date":237,"score":110,"percentile":238},"2025-12-19",0.89634,{"date":240,"score":110,"percentile":223},"2025-12-20",{"date":242,"score":110,"percentile":243},"2025-12-21",0.89639,{"date":245,"score":110,"percentile":243},"2025-12-22",{"date":247,"score":110,"percentile":248},"2025-12-23",0.89641,{"date":250,"score":110,"percentile":251},"2025-12-24",0.89648,{"date":253,"score":110,"percentile":254},"2025-12-25",0.8966,{"date":256,"score":110,"percentile":257},"2025-12-26",0.89659,{"date":259,"score":110,"percentile":260},"2025-12-27",0.89707,{"date":262,"score":110,"percentile":263},"2025-12-28",0.89654,{"date":265,"score":110,"percentile":266},"2025-12-29",0.89651,{"date":268,"score":110,"percentile":269},"2025-12-30",0.89657,{"date":271,"score":110,"percentile":272},"2025-12-31",0.89664,{"date":274,"score":275,"percentile":276},"2026-01-01",0.02756,0.8564,{"date":278,"score":275,"percentile":279},"2026-01-02",0.85643,{"date":281,"score":275,"percentile":282},"2026-01-03",0.85641,{"date":284,"score":110,"percentile":272},"2026-01-04",{"date":286,"score":110,"percentile":287},"2026-01-05",0.89661,{"date":289,"score":110,"percentile":290},"2026-01-06",0.89665,{"date":292,"score":110,"percentile":293},"2026-01-07",0.89668,{"date":295,"score":110,"percentile":296},"2026-01-08",0.89672,{"date":298,"score":110,"percentile":299},"2026-01-09",0.89674,{"date":301,"score":110,"percentile":302},"2026-01-10",0.89676,{"date":304,"score":110,"percentile":305},"2026-01-11",0.89667,{"date":307,"score":110,"percentile":290},"2026-01-12",{"date":309,"score":110,"percentile":310},"2026-01-13",0.89662,{"date":312,"score":110,"percentile":313},"2026-01-14",0.89677,{"date":315,"score":110,"percentile":316},"2026-01-15",0.89678,{"date":318,"score":110,"percentile":319},"2026-01-16",0.89682,{"date":321,"score":110,"percentile":322},"2026-01-17",0.89683,{"date":324,"score":110,"percentile":325},"2026-01-18",0.89679,{"date":327,"score":110,"percentile":325},"2026-01-19",{"date":329,"score":110,"percentile":330},"2026-01-20",0.8968,{"date":332,"score":110,"percentile":322},"2026-01-21",{"date":334,"score":110,"percentile":335},"2026-01-22",0.89686,{"date":337,"score":338,"percentile":339},"2026-01-23",0.0599,0.90409,{"date":341,"score":338,"percentile":342},"2026-01-24",0.90416,{"date":344,"score":338,"percentile":345},"2026-01-25",0.90417,{"date":347,"score":338,"percentile":348},"2026-01-26",0.90418,{"date":350,"score":338,"percentile":351},"2026-01-27",0.9042,{"date":353,"score":338,"percentile":354},"2026-01-28",0.90426,{"date":356,"score":338,"percentile":354},"2026-01-29",{"date":358,"score":338,"percentile":359},"2026-01-30",0.90424,{"date":361,"score":338,"percentile":362},"2026-01-31",0.90434,{"date":364,"score":365,"percentile":366},"2026-02-01",0.031,0.86509,[368],{"source":85,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":369,"cvss_v4_0":9},{"baseScore":83,"baseSeverity":370,"vectorString":86,"impactScore":371,"exploitabilityScore":372},"HIGH",9.8,7.2,[374],{"ecosystem":9,"name":375,"vendor":376,"product":375,"cpe_part":377,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":378},"activerecord","activerecord_project","a",[379,387,391],{"version":380,"is_range":381,"range_type":382,"version_start":383,"version_start_type":384,"version_end":385,"version_end_type":386,"fixed_in":9},"gte6.0.0_lt6.0.6.1",true,"cpe","6.0.0","including","6.0.6.1","excluding",{"version":388,"is_range":381,"range_type":382,"version_start":389,"version_start_type":384,"version_end":390,"version_end_type":386,"fixed_in":9},"gte6.1.0_lt6.1.7.1","6.1.0","6.1.7.1",{"version":392,"is_range":381,"range_type":382,"version_start":393,"version_start_type":384,"version_end":394,"version_end_type":386,"fixed_in":9},"gte7.0.0_lt7.0.4.1","7.0.0","7.0.4.1"]