This document summarizes several vulnerabilities that affected Ruby on Rails applications in early 2013. It describes 4 SQL injection vulnerabilities in January, an unsafe query generation issue in January, and an XML deserialization of YAML vulnerability in January that could allow remote code execution. It warns that YAML can be deserialized to objects and discusses eval usage. It provides recommendations to stay up-to-date on Rails security updates, sign up for security mailing lists, use strong parameters, and sanitize inputs to applications.