Audits / Discourse

Discourse

Modern discussion forum platform. 43k+ stars. · github.com/discourse/discourse · Audited 2026-05-25
70
/ 100
1mo
Rails version gap
22
Outdated gems
2
Security-critical outdated
2
Known CVEs
Versions
Rails
8.0.5
1 months behind latest (8.1.3)
Ruby
3.3.x
Good — Ruby 3.3+
Gem Health
Up to date
218
Outdated (cosmetic)
20
Outdated (security)
2
Total gems in lockfile: 240
Known CVEs in Lockfile
CVE ID Severity Gem Description
CVE-2024-32464 medium actiontext XSS via content-type bypass in attachments
CVE-2024-41128 low railties Log injection with redirect responses
Recommended Next Step
🔧 Action Required

Upgrade Rails 8.0 → 8.1 (well-maintained, should be straightforward). Patch 2 CVEs first.

Want this for your Rails app?

Keepalive runs this scanner continuously against your private codebase and alerts you when something needs attention.

✓ You're in. We'll reach out when Keepalive opens up.

How this was generated: Keepalive fetched the public Gemfile.lock from github.com/discourse/discourse and ran its Rails health scanner — checking versions against latest stable releases, counting outdated gems, and cross-referencing CVEs. Audited 2026-05-25. ← View all audits