Updated advisory posts against rubysec/ruby-advisory-db@dc8af55

jasnow · RubySec CI · commit afc5ae90e79c · 2026-05-12T00:11:39.000Z
diff --git a/advisories/_posts/2026-03-05-CVE-2026-27820.md b/advisories/_posts/2026-03-05-CVE-2026-27820.md
@@ -7,6 +7,7 @@ categories:
 advisory:
   gem: zlib
   cve: 2026-27820
+  ghsa: g857-hhfv-j68w
   url: https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820
   title: Buffer overflow vulnerability in Zlib::GzipReader
   date: 2026-03-05
diff --git a/advisories/_posts/2026-03-16-CVE-2026-32700.md b/advisories/_posts/2026-03-16-CVE-2026-32700.md
@@ -53,6 +53,7 @@ advisory:
     force the attribute to be persisted, even if it did not really
     change, so you might have to implement a workaround similar to
     Devise by setting changed_attributes["unconfirmed_email"] = nil as well.
+  cvss_v3: 5.3
   patched_versions:
   - ">= 5.0.3"
   related:
