Vulnerabilities > Plataformatec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-30 | CVE-2019-16676 | Improper Input Validation vulnerability in Plataformatec Simple Form Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call. | 9.8 |
| 2019-09-08 | CVE-2019-16109 | Unspecified vulnerability in Plataformatec Devise An issue was discovered in Plataformatec Devise before 4.7.1. | 5.3 |
| 2019-04-03 | CVE-2019-5421 | Improper Restriction of Excessive Authentication Attempts vulnerability in Plataformatec Devise Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. | 9.8 |