Description
When I upgrade my Rails app to 7.2.3. bundler-audit returns "Vulnerabilities found!" message.
Steps To Reproduce
Steps to reproduce the bug:
% bin/bundle exec bundler-audit
Expected Behavior
returns "No vulnerabilities found"
Actual Behavior
Name: actionpack
Version: 7.2.3
CVE: CVE-2024-54133
GHSA: GHSA-vfm5-rmrh-j26v
Criticality: Unknown
URL: https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v
Title: Possible Content Security Policy bypass in Action Dispatch
Solution: update to '~> 7.0.8.7', '~> 7.1.5.1', '~> 7.2.2.1', '>= 8.0.0.1'
Name: activerecord
Version: 7.2.3
CVE: CVE-2025-55193
GHSA: GHSA-76r7-hhxj-r776
Criticality: Unknown
URL: https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
Title: Active Record logging vulnerable to ANSI escape injection
Solution: update to '~> 7.1.5.2', '~> 7.2.2.2', '>= 8.0.2.1'
Name: activestorage
Version: 7.2.3
CVE: CVE-2025-24293
GHSA: GHSA-r4mg-4433-c7g3
Criticality: Unknown
URL: https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3
Title: Active Storage allowed transformation methods that were potentially unsafe
Solution: update to '~> 7.1.5.2', '~> 7.2.2.2', '>= 8.0.2.1'
Vulnerabilities found!
Environment
% bin/bundle exec bundler-audit --version
bundler-audit 0.9.2
% bin/bundle exec bundler-audit stats
ruby-advisory-db:
advisories: 1060 advisories
last updated: 2025-10-23 12:50:11 -0700
commit: c506afcbb18a7062701940fe5c58ccc1698e15d4
% bin/bundle --version
Bundler version 2.7.2
% bin/rails --version
Rails 7.2.3
% ruby --version
ruby 3.3.9 (2025-07-24 revision f5c772fc7c) [amd64-freebsd13]
% git --version
git version 2.51.0
% uname -vm
FreeBSD 13.5-RELEASE releng/13.5-n259162-882b9f3f2218 GENERIC amd64
Description
When I upgrade my Rails app to 7.2.3. bundler-audit returns "Vulnerabilities found!" message.
Steps To Reproduce
Steps to reproduce the bug:
% bin/bundle exec bundler-auditExpected Behavior
returns "No vulnerabilities found"
Actual Behavior
Environment