Rails developers regularly run bundler-audit to alert them to known vulnerabilities in the Ruby gems they depend on. You can run bundler-audit regularly on your Rails projects as part of your default Rake task: https://eliotsykes.com/bundler-audit