From 9aefec7e26970d196ae2c170560e745bcde7b725 Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Thu, 21 May 2026 10:37:48 -0400
Subject: [PATCH 1/2] Copied related ghsa+cve URLs to url field

---
 gems/nokogiri/GHSA-mrxw-mxhj-p664.yml | 2 ++
 gems/omniauth-saml/CVE-2024-45409.yml | 3 +++
 gems/rack-session/CVE-2025-46336.yml  | 1 +
 gems/rack/CVE-2025-32441.yml          | 1 +
 gems/rexml/CVE-2024-39908.yml         | 1 +
 gems/rmagick/CVE-2023-5349.yml        | 1 +
 6 files changed, 9 insertions(+)

diff --git a/gems/nokogiri/GHSA-mrxw-mxhj-p664.yml b/gems/nokogiri/GHSA-mrxw-mxhj-p664.yml
index 291f878e2b..c9db034519 100644
--- a/gems/nokogiri/GHSA-mrxw-mxhj-p664.yml
+++ b/gems/nokogiri/GHSA-mrxw-mxhj-p664.yml
@@ -35,6 +35,8 @@ patched_versions:
   - ">= 1.18.4"
 related:
   url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-55549
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-24855
     - https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-mrxw-mxhj-p664
     - https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
     - https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
diff --git a/gems/omniauth-saml/CVE-2024-45409.yml b/gems/omniauth-saml/CVE-2024-45409.yml
index a01e160ed2..df2ad9f5a1 100644
--- a/gems/omniauth-saml/CVE-2024-45409.yml
+++ b/gems/omniauth-saml/CVE-2024-45409.yml
@@ -26,3 +26,6 @@ related:
   url:
     - https://github.com/omniauth/omniauth-saml/commit/4274e9d57e65f2dcaae4aa3b2accf831494f2ddd
     - https://github.com/omniauth/omniauth-saml/commit/6c681fd082ab3daf271821897a40ab3417382e29
+    - https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq
+    - https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
+    - https://github.com/advisories/GHSA-cvp8-5r8g-fhvq
diff --git a/gems/rack-session/CVE-2025-46336.yml b/gems/rack-session/CVE-2025-46336.yml
index 207161a400..37481cd209 100644
--- a/gems/rack-session/CVE-2025-46336.yml
+++ b/gems/rack-session/CVE-2025-46336.yml
@@ -54,5 +54,6 @@ related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2025-46336
     - https://github.com/rack/rack-session/commit/c28c4a8c1861d814e09f2ae48264ac4c40be2d3b
+    - https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
     - https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
     - https://github.com/advisories/GHSA-9j94-67jr-4cqj
diff --git a/gems/rack/CVE-2025-32441.yml b/gems/rack/CVE-2025-32441.yml
index c7c7615f20..13b659291e 100644
--- a/gems/rack/CVE-2025-32441.yml
+++ b/gems/rack/CVE-2025-32441.yml
@@ -54,4 +54,5 @@ related:
     - https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
     - https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d
     - https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270
+    - https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
     - https://github.com/advisories/GHSA-vpfw-47h7-xj4g
diff --git a/gems/rexml/CVE-2024-39908.yml b/gems/rexml/CVE-2024-39908.yml
index 1f98919311..0baa7465da 100644
--- a/gems/rexml/CVE-2024-39908.yml
+++ b/gems/rexml/CVE-2024-39908.yml
@@ -36,4 +36,5 @@ related:
     - https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
   url:
     - https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908
+    - https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
     - https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
diff --git a/gems/rmagick/CVE-2023-5349.yml b/gems/rmagick/CVE-2023-5349.yml
index 11c149bc0b..129587c365 100644
--- a/gems/rmagick/CVE-2023-5349.yml
+++ b/gems/rmagick/CVE-2023-5349.yml
@@ -23,4 +23,5 @@ related:
     - https://github.com/rmagick/rmagick/commit/fec7a7e639ae565386f7615155dbcf49b957b64a
     - https://bugzilla.redhat.com/show_bug.cgi?id=2247064
     - https://access.redhat.com/security/cve/CVE-2023-5349
+    - https://github.com/advisories/GHSA-j6x7-7g72-8ww2
     - https://github.com/advisories/GHSA-frgf-8jr5-j2jv

From f72bbdb362b146532ce7f10d2b9a6a46b4ae1418 Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Fri, 22 May 2026 16:11:35 -0400
Subject: [PATCH 2/2] Fix duplicate advisory URL in CVE-2024-39908.yml

Removed duplicate advisory URL for CVE-2024-39908.
---
 gems/rexml/CVE-2024-39908.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/gems/rexml/CVE-2024-39908.yml b/gems/rexml/CVE-2024-39908.yml
index 0baa7465da..1f98919311 100644
--- a/gems/rexml/CVE-2024-39908.yml
+++ b/gems/rexml/CVE-2024-39908.yml
@@ -36,5 +36,4 @@ related:
     - https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
   url:
     - https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908
-    - https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
     - https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8