Audits / Spree Commerce

Spree Commerce

Headless eCommerce platform. 15k+ stars. · github.com/spree/spree · Audited 2026-05-25
73
/ 100
2mo
Rails version gap
16
Outdated gems
2
Security-critical outdated
2
Known CVEs
Versions
Rails
8.1.2
2 months behind latest (8.1.3)
Ruby
3.4.2
Good — Ruby 3.3+
Gem Health
Up to date
152
Outdated (cosmetic)
14
Outdated (security)
2
Total gems in lockfile: 168
Known CVEs in Lockfile
CVE ID Severity Gem Description
CVE-2024-41128 low railties Log injection with redirect responses in Rails 8.1.x < 8.1.3
CVE-2024-32464 medium actiontext XSS via content-type bypass in attachments
Recommended Next Step
🔧 Action Required

Patch to Rails 8.1.3 (closes active CVEs). 14 cosmetic gems can batch-update safely.

Want this for your Rails app?

Keepalive runs this scanner continuously against your private codebase and alerts you when something needs attention.

✓ You're in. We'll reach out when Keepalive opens up.

How this was generated: Keepalive fetched the public Gemfile.lock from github.com/spree/spree and ran its Rails health scanner — checking versions against latest stable releases, counting outdated gems, and cross-referencing CVEs. Audited 2026-05-25. ← View all audits