From 6bcba1fbe9d6ab58b0b89c47622fb20b9080b3ec Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Tue, 31 Mar 2026 09:11:30 -0400
Subject: [PATCH] GHSA/SYNC: Add cvss_v3 field/value to 1 advisory

---
 gems/devise/CVE-2026-32700.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gems/devise/CVE-2026-32700.yml b/gems/devise/CVE-2026-32700.yml
index 025b987a7d..299e3d37f5 100644
--- a/gems/devise/CVE-2026-32700.yml
+++ b/gems/devise/CVE-2026-32700.yml
@@ -46,6 +46,7 @@ description: |
   force the attribute to be persisted, even if it did not really
   change, so you might have to implement a workaround similar to
   Devise by setting changed_attributes["unconfirmed_email"] = nil as well.
+cvss_v3: 5.3
 patched_versions:
   - ">= 5.0.3"
 related: