diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f9d5acf..a5d5a42 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -56,6 +56,16 @@ jobs:
       - uses: Swatinem/rust-cache@v2
       - run: cargo test
 
+  audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2
+      - run: cargo install cargo-audit
+      - run: cargo audit
+
   coverage:
     name: Coverage
     runs-on: ubuntu-latest
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 50e5a95..9693b52 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Changelog
 
+## [1.2.3] - 2026-03-13
+
+### Added
+
+- Summary line now shows autocorrectable count when fixable offenses are detected:
+  `22 files inspected, 41 offenses detected, 21 offenses autocorrectable (run rubyfast --fix)`
+- CI: `cargo audit` security check for dependency vulnerabilities
+
 ## [1.2.2] - 2026-03-11
 
 ### Changed
diff --git a/Cargo.lock b/Cargo.lock
index fea2f1b..352d576 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -381,7 +381,7 @@ dependencies = [
 
 [[package]]
 name = "rubyfast"
-version = "1.2.2"
+version = "1.2.3"
 dependencies = [
  "anyhow",
  "clap",
diff --git a/Cargo.toml b/Cargo.toml
index 5513d90..8b7a8ad 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rubyfast"
-version = "1.2.2"
+version = "1.2.3"
 edition = "2024"
 description = "An ultra-fast Ruby performance linter rewritten in Rust — detects 19 common anti-patterns"
 license = "MIT"
diff --git a/README.md b/README.md
index 6cff224..883851e 100644
--- a/README.md
+++ b/README.md
@@ -53,11 +53,13 @@ app/controllers/api/v1/health_articles_controller.rb
   L11  Hash#fetch with second argument is slower than Hash#fetch with block
 ```
 
-Offenses that support `--fix` are tagged with `(fixable)`:
+Offenses that support `--fix` are tagged with `(fixable)`, and the summary line shows how many can be auto-fixed:
 
 ```
 tests/fixtures/19_for_loop.rb
   L1  For loop is slower than using each (fixable)
+
+22 files inspected, 41 offenses detected, 21 offenses autocorrectable (run rubyfast --fix)
 ```
 
 ### `--format rule`
diff --git a/src/output.rs b/src/output.rs
index 45f0930..6c0040a 100644
--- a/src/output.rs
+++ b/src/output.rs
@@ -123,6 +123,12 @@ fn print_statistics(result: &TraversalResult) {
     let files = result.files_inspected;
     let offenses = result.total_offenses();
     let parse_errors = result.parse_errors.len();
+    let fixable: usize = result
+        .results
+        .iter()
+        .flat_map(|r| &r.offenses)
+        .filter(|o| o.kind.is_fixable())
+        .count();
 
     let files_str = format!("{} {} inspected", files, pluralize("file", files));
 
@@ -134,6 +140,20 @@ fn print_statistics(result: &TraversalResult) {
         offenses_str.red().to_string()
     };
 
+    let fixable_hint = if fixable > 0 {
+        format!(
+            ", {}",
+            format!(
+                "{} {} autocorrectable (run rubyfast --fix)",
+                fixable,
+                pluralize("offense", fixable)
+            )
+            .yellow()
+        )
+    } else {
+        String::new()
+    };
+
     if parse_errors > 0 {
         let errors_str = format!(
             "{} unparsable {} found",
@@ -141,13 +161,19 @@ fn print_statistics(result: &TraversalResult) {
             pluralize("file", parse_errors)
         );
         println!(
-            "{}, {}, {}",
+            "{}, {}, {}{}",
             files_str.green(),
             colored_offenses,
-            errors_str.red()
+            errors_str.red(),
+            fixable_hint
         );
     } else {
-        println!("{}, {}", files_str.green(), colored_offenses);
+        println!(
+            "{}, {}{}",
+            files_str.green(),
+            colored_offenses,
+            fixable_hint
+        );
     }
 }