diff --git a/Gemfile b/Gemfile
index b1ddf63..7c29cc6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -42,6 +42,9 @@ gem "tzinfo-data", platforms: %i[ mingw mswin x64_mingw jruby ]
 # Reduces boot times through caching; required in config/boot.rb
 gem "bootsnap", require: false
 
+# Security fix for Thor vulnerability - ensure version >= 1.4.0
+gem "thor", ">= 1.4.0"
+
 # Use Sass to process CSS
 # gem "sassc-rails"
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 7d3e118..6cfd7a1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -306,7 +306,7 @@ GEM
     stimulus-rails (1.3.3)
       railties (>= 6.0.0)
     stringio (3.1.0)
-    thor (1.3.1)
+    thor (1.4.0)
     tilt (2.3.0)
     timeout (0.4.3)
     turbo-rails (1.5.0)
@@ -353,6 +353,7 @@ DEPENDENCIES
   sprockets-rails
   sqlite3 (~> 1.4)
   stimulus-rails
+  thor (>= 1.4.0)
   turbo-rails
   tzinfo-data
   webdrivers