Audits / Chatwoot

Chatwoot

Open source customer support platform. 22k+ stars. · github.com/chatwoot/chatwoot · Audited 2026-05-25
49
/ 100
6mo
Rails version gap
31
Outdated gems
3
Security-critical outdated
3
Known CVEs
Versions
Rails
7.1.5.2
6 months behind latest (8.1.3)
Ruby
3.4.4
Good — Ruby 3.3+
Gem Health
Up to date
164
Outdated (cosmetic)
28
Outdated (security)
3
Total gems in lockfile: 195
Known CVEs in Lockfile
CVE ID Severity Gem Description
CVE-2024-26143 medium actionpack ReDoS in Accept header parsing
CVE-2023-22795 medium actionpack Possible ReDoS in multipart boundary parsing
CVE-2024-41128 low actionmailer Log injection with redirect responses
Recommended Next Step
🔧 Action Required

Upgrade from Rails 7.1 → 7.2 first (smaller jump), then plan 8.0 migration. Fix 3 CVEs now.

Want this for your Rails app?

Keepalive runs this scanner continuously against your private codebase and alerts you when something needs attention.

✓ You're in. We'll reach out when Keepalive opens up.

How this was generated: Keepalive fetched the public Gemfile.lock from github.com/chatwoot/chatwoot and ran its Rails health scanner — checking versions against latest stable releases, counting outdated gems, and cross-referencing CVEs. Audited 2026-05-25. ← View all audits