rubysec · jasnow · Dec 20, 2025 · postmodern · Dec 21, 2025 · postmodern
diff --git a/gems/jruby-openssl/CVE-2009-4123.yml b/gems/jruby-openssl/CVE-2009-4123.yml
@@ -3,7 +3,7 @@ gem: jruby-openssl
 platform: jruby
 cve: 2009-4123
 ghsa: xgv7-pqqh-h2w9
-url: http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl
+url: https://www.jruby.org/2009/12/07/vulnerability-in-jruby-openssl
 title: jruby-openssl Gem for JRuby fails to do proper certificate validation
 date: 2009-12-07
 description: |

diff --git a/gems/passenger/CVE-2015-7519.yml b/gems/passenger/CVE-2015-7519.yml
@@ -2,7 +2,7 @@
 gem: passenger
 cve: 2015-7519
 ghsa: fxwv-953p-7qpf
-url: https://blog.phusion.nl/2015/12/07/cve-2015-7519/
+url: https://web.archive.org/web/20220327073056/https://www.puppet.com/security/cve/passenger-dec-2015-security-fixes
 title: Phusion Passenger Server allows to overwrite headers in some cases
 date: 2015-11-23
 description: |

diff --git a/gems/passenger/CVE-2016-10345.yml b/gems/passenger/CVE-2016-10345.yml
@@ -2,7 +2,7 @@
 gem: passenger
 cve: 2016-10345
 ghsa: cqxw-3p7v-p9gr
-url: https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
+url: https://github.com/advisories/GHSA-cqxw-3p7v-p9gr
 title: Predictable tmp File Path Vulnerability in Phusion Passenger
 date: 2016-11-09
 description: |

diff --git a/gems/rails/CVE-2009-2422.yml b/gems/rails/CVE-2009-2422.yml
@@ -3,7 +3,7 @@ gem: rails
 framework: rails
 cve: 2009-2422
 ghsa: rxq3-gm4p-5fj4
-url: http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
+url: https://github.com/advisories/GHSA-rxq3-gm4p-5fj4
 title: High Security Vulnerability with authenticate_with_http_digest of Rails
 date: 2009-07-10
 description: |
@@ -21,7 +21,6 @@ patched_versions:
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2009-2422
-    - http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
     - https://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html
     - https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
     - http://support.apple.com/kb/HT4077

diff --git a/gems/redis-namespace/OSVDB-96425.yml b/gems/redis-namespace/OSVDB-96425.yml
@@ -1,7 +1,7 @@
 ---
 gem: redis-namespace
 osvdb: 96425
-url: http://blog.steveklabnik.com/posts/2013-08-03-redis-namespace-1-3-1--security-release
+url: https://github.com/resque/redis-namespace/issues/65
 title: redis-namespace Gem for Ruby contains a flaw in the method_missing implementation
 date: 2013-08-03
 description: |
@@ -15,7 +15,6 @@ patched_versions:
   - ">= 1.3.1"
 related:
   url:
-    - http://blog.steveklabnik.com/posts/2013-08-03-redis-namespace-1-3-1--security-release
     - https://github.com/resque/redis-namespace/issues/65
     - https://github.com/resque/redis-namespace/commit/6d839515e8a3fdc17b5fb391500fda3f919689d6
     - https://security.snyk.io/vuln/SNYK-RUBY-REDISNAMESPACE-20105
diff --git a/gems/spree/CVE-2008-7310.yml b/gems/spree/CVE-2008-7310.yml
@@ -3,7 +3,7 @@ gem: spree
 cve: 2008-7310
 osvdb: 81505
 ghsa: 7h48-m3rw-vr27
-url: https://spreecommerce.com/blog/security-vulnerability-mass-assignment
+url: https://web.archive.org/web/20101128024717/http://spreecommerce.com/blog/2008/09/16/security-vulnerability-mass-assignment-of-order-params
 title:
   Spree Hash Restriction Weakness URL Parsing Order State Value Manipulation
 date: 2008-09-22

diff --git a/gems/spree/CVE-2008-7311.yml b/gems/spree/CVE-2008-7311.yml
@@ -3,7 +3,7 @@ gem: spree
 cve: 2008-7311
 osvdb: 81506
 ghsa: g466-57gh-cqfw
-url: https://spreecommerce.com/blog/security-vulernability-session-cookie-store
+url: https://github.com/advisories/GHSA-g466-57gh-cqfw
 title:
   Spree Hardcoded config.action_controller_session Hash Value Cryptographic
   Protection Weakness

diff --git a/gems/spree/CVE-2013-2506.yml b/gems/spree/CVE-2013-2506.yml
@@ -2,7 +2,7 @@
 gem: spree
 cve: 2013-2506
 osvdb: 90865
-url: https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
+url: https://web.archive.org/web/20160331131233/https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
 title:
   Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege
   Escalation

diff --git a/gems/spree_auth/CVE-2013-2506.yml b/gems/spree_auth/CVE-2013-2506.yml
@@ -2,7 +2,7 @@
 gem: spree_auth
 cve: 2013-2506
 osvdb: 90865
-url: https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
+url: https://web.archive.org/web/20160331131233/https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
 title:
   Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege
   Escalation

diff --git a/gems/spree_auth_devise/CVE-2013-2506.yml b/gems/spree_auth_devise/CVE-2013-2506.yml
@@ -3,7 +3,7 @@ gem: spree_auth_devise
 cve: 2013-2506
 osvdb: 90865
 ghsa: jp57-9j37-5476
-url: https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
+url: https://web.archive.org/web/20160331131233/https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
 title: Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege Escalation
 date: 2013-02-21
 description: |

diff --git a/gems/twitter-bootstrap-rails/CVE-2014-4920.yml b/gems/twitter-bootstrap-rails/CVE-2014-4920.yml
@@ -4,7 +4,7 @@ framework: rails
 cve: 2014-4920
 osvdb: 109206
 ghsa: vpqv-mqvc-pcx2
-url: https://nvisium.com/blog/2014/03/28/reflected-xss-vulnerability-in-twitter
+url: https://advisories.gitlab.com/pkg/gem/twitter-bootstrap-rails/CVE-2014-4920
 title: Reflective XSS Vulnerability in twitter-bootstrap-rails
 date: 2014-03-25
 description: |

diff --git a/gems/uglifier/CVE-2015-8857.yml b/gems/uglifier/CVE-2015-8857.yml
@@ -3,7 +3,7 @@ gem: uglifier
 cve: 2015-8857
 osvdb: 126747
 ghsa: 34r7-q49f-h37c
-url: https://github.com/mishoo/UglifyJS2/issues/751
+url: https://github.com/advisories/GHSA-34r7-q49f-h37c
 title: uglifier incorrectly handles non-boolean comparisons during minification
 date: 2015-07-21
 description: |
@@ -27,7 +27,6 @@ patched_versions:
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2015-8857
-    - https://github.com/mishoo/UglifyJS/issues/751
     - https://blog.azuki.vip/backdooring-js
     - https://www.openwall.com/lists/oss-security/2016/04/20/11
     - https://github.com/advisories/GHSA-34r7-q49f-h37c