GHSA SYNC: 1 brand new jwt advisory by wlads · Pull Request #1057 · rubysec/ruby-advisory-db

wlads · 2026-05-19T15:20:36Z

GHSA SYNC: 1 brand new jwt advisory

GHSA-c32j-vqhx-rx3x

jasnow

Per CONTRIBUTING.md, please wrap text fields at 80 columns.
CVE not in the NVD database. Please add "https://www.cve.org/CVERecord?id=CVE-2026-45363" to RELATED/URL field. Note that the CVE is reserved and empty.
Thanks for your contribution.

wlads · 2026-05-19T21:00:12Z

Thanks for the review @jasnow! Just pushed the requested changes — ready for another look when you get a chance 🙂

simi · 2026-05-22T19:27:15Z

+  - ">= 3.2.0"
+related:
+  url:
+    - https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x


OK to remove the duplicate @jasnow?

what duplicate?

seems none, it is in root url and here also which is intended 💪

I'm confused. Think I need more words to describe the original feedback.

It is ok to just ignore it. I wasn't sure if root url and related urls can overlap.

simi · 2026-05-22T19:27:30Z

GHSA-c32j-vqhx-rx3x

+    - https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x
+    - https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f
+    - https://github.com/jwt/ruby-jwt/releases/tag/v3.2.0
+    - https://github.com/advisories/GHSA-c32j-vqhx-rx3x


Is it worth to keep this url also? It is almost the same page as the main url.

GHSA-c32j-vqhx-rx3x

GHSA-c32j-vqhx-rx3x

Is there really any value in keeping both links?

I also collect URLs and put them in the related: / url: field then pick an advisory URL to use in the url: field.
Never thought of it as duplicates and @postmodern asked for it.

simi · 2026-05-22T19:28:24Z

+---
+gem: jwt
+cve: 2026-45363
+notes: 'CVE has been reserved, but not filled in.'


Got CVE published meanwhile? https://nvd.nist.gov/vuln/detail/CVE-2026-44363

chore: add 1 brand new jwt advisory

dee174c

jasnow suggested changes May 19, 2026

View reviewed changes

fix: cr feedback

234d664

wlads force-pushed the ghsa-syncbot-jwt-2026-05-19 branch from 74e417f to 234d664 Compare May 19, 2026 20:54

This comment was marked as outdated.

Sign in to view

simi reviewed May 22, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

GHSA SYNC: 1 brand new jwt advisory#1057

GHSA SYNC: 1 brand new jwt advisory#1057
wlads wants to merge 2 commits into
rubysec:masterfrom
wlads:ghsa-syncbot-jwt-2026-05-19

wlads commented May 19, 2026

Uh oh!

jasnow left a comment

Uh oh!

wlads commented May 19, 2026

Uh oh!

This comment was marked as outdated.

Uh oh!

simi May 22, 2026

Uh oh!

jasnow May 23, 2026

Uh oh!

simi May 23, 2026

Uh oh!

jasnow May 23, 2026

Uh oh!

simi May 23, 2026

Uh oh!

simi May 22, 2026

Uh oh!

simi May 22, 2026

Uh oh!

jasnow May 22, 2026

Uh oh!

simi May 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

wlads commented May 19, 2026

Uh oh!

jasnow left a comment

Choose a reason for hiding this comment

Uh oh!

wlads commented May 19, 2026

Uh oh!

This comment was marked as outdated.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants