Audits / Solidus

Solidus

Open source eCommerce framework. 5k+ stars. · github.com/solidusio/solidus · Audited 2026-05-25
36
/ 100
8mo
Rails version gap
29
Outdated gems
3
Security-critical outdated
3
Known CVEs
Versions
Rails
7.2.0
8 months behind latest (8.1.3)
Ruby
3.2.6
Aging — consider upgrading to 3.4
Gem Health
Up to date
169
Outdated (cosmetic)
26
Outdated (security)
3
Total gems in lockfile: 198
Known CVEs in Lockfile
CVE ID Severity Gem Description
CVE-2024-26143 medium actionpack ReDoS vulnerability in Accept header parsing
CVE-2024-28103 medium actionpack CORS policy bypass via Vary header manipulation
CVE-2024-41128 low railties Log injection with redirect responses
Recommended Next Step
🔧 Action Required

Upgrade from Rails 7.2 → 8.0 (Solidus v4.7 supports < 8.2). Fixes 2 actionpack CVEs immediately. Ruby 3.2 → 3.4 next.

Want this for your Rails app?

Keepalive runs this scanner continuously against your private codebase and alerts you when something needs attention.

✓ You're in. We'll reach out when Keepalive opens up.

How this was generated: Keepalive fetched the public Gemfile.lock from github.com/solidusio/solidus and ran its Rails health scanner — checking versions against latest stable releases, counting outdated gems, and cross-referencing CVEs. Audited 2026-05-25. ← View all audits