Audits / Forem

Forem

Platform powering DEV.to. 22k+ stars. · github.com/forem/forem · Audited 2026-05-25
0
/ 100
15mo
Rails version gap
52
Outdated gems
5
Security-critical outdated
5
Known CVEs
Versions
Rails
7.0.8.7
15 months behind latest (8.1.3)
Ruby
3.3.0
Good — Ruby 3.3+
Gem Health
Up to date
168
Outdated (cosmetic)
47
Outdated (security)
5
Total gems in lockfile: 220
Known CVEs in Lockfile
CVE ID Severity Gem Description
CVE-2024-26143 medium actionpack ReDoS in Accept header parsing
CVE-2023-22795 medium actionpack ReDoS in multipart boundary parsing
CVE-2024-28103 medium actionpack CORS policy bypass via Vary header manipulation
CVE-2023-28362 medium actionpack Possible XSS via User Supplied Values to redirect_to
CVE-2024-41128 low railties Log injection with redirect responses
Recommended Next Step
🔧 Action Required

Critical: upgrade from Rails 7.0 → 7.1 to close 3 high-risk CVEs. 52 outdated gems shows stale CI.

Want this for your Rails app?

Keepalive runs this scanner continuously against your private codebase and alerts you when something needs attention.

✓ You're in. We'll reach out when Keepalive opens up.

How this was generated: Keepalive fetched the public Gemfile.lock from github.com/forem/forem and ran its Rails health scanner — checking versions against latest stable releases, counting outdated gems, and cross-referencing CVEs. Audited 2026-05-25. ← View all audits