Audits / Mastodon

Mastodon

Decentralized social network. 47k+ stars. · github.com/mastodon/mastodon · Audited 2026-05-25
84
/ 100
Rails version gap
12
Outdated gems
2
Security-critical outdated
2
Known CVEs
Versions
Rails
8.1.3
✓ Up to date (latest: 8.1.3)
Ruby
4.0.5
Cutting edge Ruby 4
Gem Health
Up to date
168
Outdated (cosmetic)
10
Outdated (security)
2
Total gems in lockfile: 180
Known CVEs in Lockfile
CVE ID Severity Gem Description
CVE-2024-26143 medium actionpack Possible ReDoS vulnerability in Accept header parsing
CVE-2024-41128 low actionpack Possible Log Injection with Redirect Responses
Recommended Next Step
🔧 Action Required

Update 2 security-flagged gems (actionpack, loofah). Lock actioncable to patch version.

Want this for your Rails app?

Keepalive runs this scanner continuously against your private codebase and alerts you when something needs attention.

✓ You're in. We'll reach out when Keepalive opens up.

How this was generated: Keepalive fetched the public Gemfile.lock from github.com/mastodon/mastodon and ran its Rails health scanner — checking versions against latest stable releases, counting outdated gems, and cross-referencing CVEs. Audited 2026-05-25. ← View all audits