Add ghsa: field if GHSA url is already there

jasnow · jasnow · commit 85965d85a881 · 2026-01-12T16:29:02.000-05:00
diff --git a/rubies/mruby/CVE-2017-9527.yml b/rubies/mruby/CVE-2017-9527.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2017-9527
+ghsa: fxr6-v647-jgmq
 url: https://github.com/mruby/mruby/issues/3486
 title: Heap use-after-free in mark_context_stack
 date: 2017-06-11
@@ -20,5 +21,5 @@ related:
     - https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99
     - https://github.com/advisories/GHSA-fxr6-v647-jgmq
     - https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html
-    - https://ubuntu.com/security/CVE-2017-9527 (google search)
-    - https://www.rapid7.com/db/vulnerabilities/debian-cve-2017-9527 (google search)
+    - https://ubuntu.com/security/CVE-2017-9527
+    - https://www.rapid7.com/db/vulnerabilities/debian-cve-2017-9527
diff --git a/rubies/mruby/CVE-2018-10191.yml b/rubies/mruby/CVE-2018-10191.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2018-10191
+ghsa: 444w-xm89-r2p5
 url: https://github.com/mruby/mruby/issues/3995
 title: Use after free caused by integer overflow in environment stack
 date: 2018-04-17
diff --git a/rubies/mruby/CVE-2018-10199.yml b/rubies/mruby/CVE-2018-10199.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2018-10199
+ghsa: xpq9-m45f-g29q
 url: https://github.com/mruby/mruby/issues/4001
 title: Use after free in File#initilialize_copy
 date: 2018-04-18
diff --git a/rubies/mruby/CVE-2018-11743.yml b/rubies/mruby/CVE-2018-11743.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2018-11743
+ghsa: 7w9j-h3hj-wc9g
 url: https://github.com/mruby/mruby/issues/4027
 title: Use of uninitialized pointer in mrb_hash_keys
 date: 2018-06-05
diff --git a/rubies/mruby/CVE-2018-12247.yml b/rubies/mruby/CVE-2018-12247.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2018-12247
+ghsa: 8j6c-c99j-fh4c
 url: https://github.com/mruby/mruby/issues/4036
 title: Null pointer dereference in mrb_class
 date: 2018-06-12
diff --git a/rubies/mruby/CVE-2018-12248.yml b/rubies/mruby/CVE-2018-12248.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2018-12248
+ghsa: 96p2-24jg-gc5w
 url: https://github.com/mruby/mruby/issues/4038
 title: Heap buffer overflow in OP_ENTER
 date: 2018-06-12
diff --git a/rubies/mruby/CVE-2018-12249.yml b/rubies/mruby/CVE-2018-12249.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2018-12249
+ghsa: 3h2j-h4g8-5pmr
 url: https://github.com/mruby/mruby/issues/4037
 title: Null pointer dereference in mrb_class_real
 date: 2018-06-12
diff --git a/rubies/mruby/CVE-2018-14337.yml b/rubies/mruby/CVE-2018-14337.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2018-14337
+ghsa: hrqc-789v-hchf
 url: https://github.com/mruby/mruby/issues/4062
 title: Signed integer overflow in mrb_str_format
 date: 2018-07-17
diff --git a/rubies/mruby/CVE-2020-15866.yml b/rubies/mruby/CVE-2020-15866.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2020-15866
+ghsa: 4f9x-p86g-x88m
 url: https://github.com/mruby/mruby/issues/5042
 title: Heap buffer overflow in mruby interpreter
 date: 2020-07-21
diff --git a/rubies/mruby/CVE-2020-6838.yml b/rubies/mruby/CVE-2020-6838.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2020-6838
+ghsa: 97qv-pm76-mg98
 url: https://github.com/mruby/mruby/issues/4926
 title: heap use after free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c
 date: 2020-01-11
diff --git a/rubies/mruby/CVE-2020-6839.yml b/rubies/mruby/CVE-2020-6839.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2020-6839
+ghsa: 24vp-v896-cq3c
 url: https://github.com/mruby/mruby/issues/4929
 title: stack overflow in mrb_str_len_to_dbl in src/string.c
 date: 2020-01-11
diff --git a/rubies/mruby/CVE-2020-6840.yml b/rubies/mruby/CVE-2020-6840.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2020-6840
+ghsa: 4v2f-5xhv-8ff4
 url: https://github.com/mruby/mruby/issues/4927
 title: heap use after free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c
 date: 2020-01-11
diff --git a/rubies/mruby/CVE-2021-4110.yml b/rubies/mruby/CVE-2021-4110.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2021-4110
+ghsa: xvhr-qprg-rjpw
 url: https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20
 title: NULL Pointer Dereference in mruby/mruby
 date: 2021-12-15
diff --git a/rubies/mruby/CVE-2021-4188.yml b/rubies/mruby/CVE-2021-4188.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2021-4188
+ghsa: wc43-284g-pqr5
 url: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
 title: NULL Pointer Dereference in mruby/mruby
 date: 2021-12-30
diff --git a/rubies/mruby/CVE-2021-46023.yml b/rubies/mruby/CVE-2021-46023.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2021-46023
+ghsa: 4g9q-c75g-jq7q
 url: https://nvd.nist.gov/vuln/detail/CVE-2021-46023
 title: https://github.com/mruby/mruby/issues/5613
 date: 2023-02-14
diff --git a/rubies/mruby/CVE-2022-0080.yml b/rubies/mruby/CVE-2022-0080.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0080
+ghsa: 8vcc-hrhr-q8hf
 url: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e
 title: Heap-based Buffer Overflow in mruby/mruby
 date: 2022-01-02
diff --git a/rubies/mruby/CVE-2022-0240.yml b/rubies/mruby/CVE-2022-0240.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0240
+ghsa: r744-r36f-363j
 url: https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb
 title: NULL Pointer Dereference in mruby/mruby
 date: 2022-01-17
diff --git a/rubies/mruby/CVE-2022-0326.yml b/rubies/mruby/CVE-2022-0326.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0326
+ghsa: 54p3-947h-6fpr
 url: https://huntr.dev/bounties/795dcbd9-1695-44bb-8c59-ad327c97c976
 title: NULL Pointer Dereference in mruby/mruby
 date: 2022-01-21
diff --git a/rubies/mruby/CVE-2022-0481.yml b/rubies/mruby/CVE-2022-0481.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0481
+ghsa: h8gw-f6pq-8cg5
 url: https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027
 title: NULL Pointer Dereference in mruby/mruby
 date: 2022-02-04
diff --git a/rubies/mruby/CVE-2022-0525.yml b/rubies/mruby/CVE-2022-0525.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0525
+ghsa: 6cpj-3r2r-v2m4
 url: https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9
 title: Out-of-bounds Read in mruby/mruby
 date: 2022-02-09
diff --git a/rubies/mruby/CVE-2022-0570.yml b/rubies/mruby/CVE-2022-0570.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0570
+ghsa: 69j8-4j47-xjj7
 url: https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1
 title: Heap-based Buffer Overflow in mruby/mruby
 date: 2022-02-14
diff --git a/rubies/mruby/CVE-2022-0614.yml b/rubies/mruby/CVE-2022-0614.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0614
+ghsa: rr79-wxqv-v9vq
 url: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879
 title: Use of Out-of-range Pointer Offset in mruby/mruby
 date: 2022-02-16
diff --git a/rubies/mruby/CVE-2022-0623.yml b/rubies/mruby/CVE-2022-0623.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0623
+ghsa: ff35-7f56-3w6p
 url: https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580
 title: Out-of-bounds Read in mruby/mruby
 date: 2022-02-17
diff --git a/rubies/mruby/CVE-2022-0630.yml b/rubies/mruby/CVE-2022-0630.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0630
+ghsa: f46c-4g24-cvr4
 url: https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32
 title: Out-of-bounds Read in mruby/mruby
 date: 2022-02-19
diff --git a/rubies/mruby/CVE-2022-0631.yml b/rubies/mruby/CVE-2022-0631.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0631
+ghsa: hv83-f8w5-chhv
 url: https://huntr.dev/bounties/9bdc49ca-6697-4adc-a785-081e1961bf40
 title: Heap-based Buffer Overflow in mruby/mruby
 date: 2022-02-18
diff --git a/rubies/mruby/CVE-2022-0632.yml b/rubies/mruby/CVE-2022-0632.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0632
+ghsa: 3xxj-pcr2-rvh7
 url: https://huntr.dev/bounties/3e5bb8f6-30fd-4553-86dd-761e9459ce1b
 title: NULL Pointer Dereference in mruby/mruby
 date: 2022-02-19
diff --git a/rubies/mruby/CVE-2022-0717.yml b/rubies/mruby/CVE-2022-0717.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0717
+ghsa: 9543-hpcg-326v
 url: https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9
 title: Out-of-bounds Read in mruby/mruby
 date: 2022-02-23
diff --git a/rubies/mruby/CVE-2022-0890.yml b/rubies/mruby/CVE-2022-0890.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-0890
+ghsa: j279-7379-x7mj
 url: https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276
 title: NULL Pointer Dereference in mruby/mruby
 date: 2022-03-10
diff --git a/rubies/mruby/CVE-2022-1071.yml b/rubies/mruby/CVE-2022-1071.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-1071
+ghsa: pv86-xgr9-75fj
 url: https://huntr.dev/bounties/6597ece9-07af-415b-809b-919ce0a17cf3
 title: User after free in mrb_vm_exec in mruby/mruby
 date: 2022-03-26
diff --git a/rubies/mruby/CVE-2022-1106.yml b/rubies/mruby/CVE-2022-1106.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-1106
+ghsa: r2j8-v967-j6h6
 url: https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f
 title: Use after free in mrb_vm_exec in mruby/mruby
 date: 2022-03-27
diff --git a/rubies/mruby/CVE-2022-1201.yml b/rubies/mruby/CVE-2022-1201.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-1201
+ghsa: p2wj-9vfc-2xj7
 url: https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b
 title: NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby
 date: 2022-04-02
diff --git a/rubies/mruby/CVE-2022-1212.yml b/rubies/mruby/CVE-2022-1212.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-1212
+ghsa: xh66-6mj6-94rg
 url: https://huntr.dev/bounties/9fcc06d0-08e4-49c8-afda-2cae40946abe
 title: Use-After-Free in str_escape in mruby/mruby in mruby/mruby
 date: 2022-04-05
diff --git a/rubies/mruby/CVE-2022-1276.yml b/rubies/mruby/CVE-2022-1276.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-1276
+ghsa: 66hc-pc5r-hwjr
 url: https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25
 title: Out-of-bounds Read in mrb_get_args in mruby/mruby
 date: 2022-04-10
diff --git a/rubies/mruby/CVE-2022-1286.yml b/rubies/mruby/CVE-2022-1286.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-1286
+ghsa: 6c7w-5xfj-j2mc
 url: https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189
 title: heap-buffer-overflow in mrb_vm_exec in mruby/mruby in mruby/mruby
 date: 2022-04-10
diff --git a/rubies/mruby/CVE-2022-1427.yml b/rubies/mruby/CVE-2022-1427.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-1427
+ghsa: 45gc-6g92-9g2j
 url: https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301
 title: Out-of-bounds Read in mrb_obj_is_kind_of in in mruby/mruby
 date: 2022-04-23
diff --git a/rubies/mruby/CVE-2022-1934.yml b/rubies/mruby/CVE-2022-1934.yml
@@ -1,6 +1,7 @@
 ---
 engine: mruby
 cve: 2022-1934
+ghsa: hp4r-26gw-f2r8
 url: https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f
 title: Use-After-Free in function hash_new_from_values in mruby/mruby
 date: 2022-05-31
@@ -16,4 +17,4 @@ related:
     - https://nvd.nist.gov/vuln/detail/CVE-2022-1934
     - https://github.com/mruby/mruby/commit/aa7f98dedb68d735a1665d3a289036c88b0c47ce
     - https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f
-    - https://github.com/advisories/GHSA-hp4r-26gw-f2r8.json
+    - https://github.com/advisories/GHSA-hp4r-26gw-f2r8
diff --git a/rubies/ruby/CVE-2017-17790.yml b/rubies/ruby/CVE-2017-17790.yml
@@ -1,6 +1,7 @@
 ---
 engine: ruby
 cve: 2017-17790
+ghsa: 47cm-jxff-w8wg
 url: https://nvd.nist.gov/vuln/detail/CVE-2017-17790
 title: The lazy_initialize function in lib/resolv.rb in Ruby
 date: 2017-12-20
@@ -20,16 +21,16 @@ patched_versions:
   - "~> 2.2.8"
   - "~> 2.3.5"
   - ">= 2.4.3"
-# related:
-#  url:
-#     - https://nvd.nist.gov/vuln/detail/CVE-2017-17790
-#     - https://github.com/ruby/ruby/pull/1777
-#     - https://access.redhat.com/errata/RHSA-2018:0378
-#     - https://access.redhat.com/errata/RHSA-2018:0583
-#     - https://access.redhat.com/errata/RHSA-2018:0584
-#     - https://access.redhat.com/errata/RHSA-2018:0585
-#     - https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html
-#     - https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html
-#     - https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
-#     - https://www.debian.org/security/2018/dsa-4259
-#     - https://github.com/advisories/GHSA-qf67-vmxx-gp4jGHSA-47cm-jxff-w8wg.json
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-17790
+    - https://github.com/ruby/ruby/pull/1777
+    - https://access.redhat.com/errata/RHSA-2018:0378
+    - https://access.redhat.com/errata/RHSA-2018:0583
+    - https://access.redhat.com/errata/RHSA-2018:0584
+    - https://access.redhat.com/errata/RHSA-2018:0585
+    - https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html
+    - https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html
+    - https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
+    - https://www.debian.org/security/2018/dsa-4259
+    - https://github.com/advisories/GHSA-qf67-vmxx-gp4j
