Ruby Dependency Security Audit
Scan your Gemfile for CVEs without installing bundle-audit. Paste your manifest and get a fixed Gemfile with safe gem versions. Supports Gemfile.lock for transitive scanning.
How to scan Ruby dependencies
Paste your Gemfile into PackageFix. The tool queries the OSV vulnerability database live and returns:
- CVE table with severity badges (CRITICAL, HIGH, MEDIUM, LOW)
- CISA KEV flags — actively exploited packages highlighted in red
- Side-by-side diff: your versions vs fixed versions
- Download fixed Gemfile + changelog as .zip
- Renovate config + GitHub Actions workflow template
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
How do I scan Ruby dependencies for CVEs?
Paste your Gemfile into PackageFix. It queries the OSV vulnerability database live and returns a CVE table with fix versions.
What Ruby packages have the most CVEs?
Check the PackageFix fix guides for the most commonly CVE-flagged Ruby packages.
Does PackageFix support Ruby lockfiles?
Yes. Drop your lockfile alongside Gemfile for full transitive dependency scanning.
Is PackageFix free?
Yes — completely free, MIT licensed, open source.