Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 5fd6c0061eaa · 2026-03-18T19:39:27.000Z
GHSA-57hq-95w6-v4fc GHSA-qmpg-8xg6-ph5q
diff --git a/advisories/github-reviewed/2026/03/GHSA-57hq-95w6-v4fc/GHSA-57hq-95w6-v4fc.json b/advisories/github-reviewed/2026/03/GHSA-57hq-95w6-v4fc/GHSA-57hq-95w6-v4fc.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-57hq-95w6-v4fc",
-  "modified": "2026-03-17T17:24:17Z",
+  "modified": "2026-03-18T19:37:07Z",
   "published": "2026-03-17T17:24:17Z",
   "aliases": [
     "CVE-2026-32700"
@@ -54,6 +54,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/heartcombo/devise"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/GHSA-57hq-95w6-v4fc.yml"
     }
   ],
   "database_specific": {
diff --git a/advisories/github-reviewed/2026/03/GHSA-qmpg-8xg6-ph5q/GHSA-qmpg-8xg6-ph5q.json b/advisories/github-reviewed/2026/03/GHSA-qmpg-8xg6-ph5q/GHSA-qmpg-8xg6-ph5q.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qmpg-8xg6-ph5q",
-  "modified": "2026-03-12T17:29:30Z",
+  "modified": "2026-03-18T19:37:52Z",
   "published": "2026-03-12T17:29:30Z",
   "aliases": [],
   "summary": "Trix has a Stored XSS vulnerability through serialized attributes",
@@ -72,6 +72,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/basecamp/trix/releases/tag/v2.1.17"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/action_text-trix/GHSA-qmpg-8xg6-ph5q.yml"
     }
   ],
   "database_specific": {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-57hq-95w6-v4fc",`
`4`		`- "modified": "2026-03-17T17:24:17Z",`
	`4`	`+ "modified": "2026-03-18T19:37:07Z",`
`5`	`5`	`"published": "2026-03-17T17:24:17Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2026-32700"`
`@@ -54,6 +54,10 @@`
`54`	`54`	`{`
`55`	`55`	`"type": "PACKAGE",`
`56`	`56`	`"url": "https://github.com/heartcombo/devise"`
	`57`	`+ },`
	`58`	`+ {`
	`59`	`+ "type": "WEB",`
	`60`	`+ "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/devise/GHSA-57hq-95w6-v4fc.yml"`
`57`	`61`	`}`
`58`	`62`	`],`
`59`	`63`	`"database_specific": {`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-qmpg-8xg6-ph5q",`
`4`		`- "modified": "2026-03-12T17:29:30Z",`
	`4`	`+ "modified": "2026-03-18T19:37:52Z",`
`5`	`5`	`"published": "2026-03-12T17:29:30Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "Trix has a Stored XSS vulnerability through serialized attributes",`
`@@ -72,6 +72,10 @@`
`72`	`72`	`{`
`73`	`73`	`"type": "WEB",`
`74`	`74`	`"url": "https://github.com/basecamp/trix/releases/tag/v2.1.17"`
	`75`	`+ },`
	`76`	`+ {`
	`77`	`+ "type": "WEB",`
	`78`	`+ "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/action_text-trix/GHSA-qmpg-8xg6-ph5q.yml"`
`75`	`79`	`}`
`76`	`80`	`],`
`77`	`81`	`"database_specific": {`