From df40b21479a52ad1a1693d6aa8adeaba5d711510 Mon Sep 17 00:00:00 2001
From: Al Snow <jasnow@hotmail.com>
Date: Sat, 17 Jan 2026 11:03:58 -0500
Subject: [PATCH] GHSA SYNC: Merged 2 OSVDB and GHSA advisories

---
 .../{OSVDB-112347.yml => GHSA-mpwp-4h2m-765c.yml} | 14 +++++++++++---
 .../{OSVDB-114854.yml => GHSA-5qw5-wf2q-f538.yml} | 15 ++++++++-------
 2 files changed, 19 insertions(+), 10 deletions(-)
 rename gems/activejob/{OSVDB-112347.yml => GHSA-mpwp-4h2m-765c.yml} (56%)
 rename gems/activerecord-jdbc-adapter/{OSVDB-114854.yml => GHSA-5qw5-wf2q-f538.yml} (75%)

diff --git a/gems/activejob/OSVDB-112347.yml b/gems/activejob/GHSA-mpwp-4h2m-765c.yml
similarity index 56%
rename from gems/activejob/OSVDB-112347.yml
rename to gems/activejob/GHSA-mpwp-4h2m-765c.yml
index 0d78aa9fb3..72825fca88 100644
--- a/gems/activejob/OSVDB-112347.yml
+++ b/gems/activejob/GHSA-mpwp-4h2m-765c.yml
@@ -1,10 +1,16 @@
 ---
 gem: activejob
+framework: rails
+ghsa: mpwp-4h2m-765c
 osvdb: 112347
-url: https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
+url: https://github.com/advisories/GHSA-mpwp-4h2m-765c
 title: Active Job - Object injection security vulnerability if Global IDs
 date: 2014-09-29
 description: |
+  Active Job vulnerability: An Active Job bug allowed String
+  arguments to be deserialized as if they were Global IDs, an
+  object injection security vulnerability.
+
   * In release post: "Active Job vulnerability:
     We also fixed an Active Job bug that allowed String
     arguments to be deserialized as if they were Global IDs,
@@ -13,7 +19,9 @@ patched_versions:
   - ">= 4.2.0.beta2"
 related:
   url:
-    - https://rubyonrails.org/2014/9/29/Rails-4-2-0-beta2-has-been-released
     - https://advisories.gitlab.com/pkg/gem/activejob/OSVDB-112347
+    - https://rubyonrails.org/2014/9/29/Rails-4-2-0-beta2-has-been-released
+    - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/OSVDB-112347.yml
+    - https://github.com/advisories/GHSA-mpwp-4h2m-765c
 notes: |
-  - No CVE, GHSA, or CVSS values
+  - No CVE or CVSS values.
diff --git a/gems/activerecord-jdbc-adapter/OSVDB-114854.yml b/gems/activerecord-jdbc-adapter/GHSA-5qw5-wf2q-f538.yml
similarity index 75%
rename from gems/activerecord-jdbc-adapter/OSVDB-114854.yml
rename to gems/activerecord-jdbc-adapter/GHSA-5qw5-wf2q-f538.yml
index c493c82424..f4b737b4a4 100644
--- a/gems/activerecord-jdbc-adapter/OSVDB-114854.yml
+++ b/gems/activerecord-jdbc-adapter/GHSA-5qw5-wf2q-f538.yml
@@ -2,10 +2,10 @@
 gem: activerecord-jdbc-adapter
 platform: jruby
 osvdb: 114854
-url: https://github.com/jruby/activerecord-jdbc-adapter/issues/322
-title:
-  ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub()
-  Function SQL Injection
+ghsa: 5qw5-wf2q-f538
+url: https://github.com/advisories/GHSA-5qw5-wf2q-f538
+title: ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb
+  sql.gsub() Function SQL Injection
 date: 2013-02-25
 description: |
   ActiveRecord-JDBC-Adapter (AR-JDBC) contains a flaw that may allow carrying
@@ -22,7 +22,8 @@ related:
   url:
     - https://github.com/jruby/activerecord-jdbc-adapter/issues/322
     - https://github.com/jruby/activerecord-jdbc-adapter/blob/master/lib/arjdbc/jdbc/adapter.rb
-    - https://security.snyk.io/vuln/SNYK-RUBY-ACTIVERECORDJDBCADAPTER-20076
     - https://my.diffend.io/gems/activerecord-jdbc-adapter/1.2.5/1.2.8
-    - http://osvdb.org/show/osvdb/114854
-    - https://advisories.gitlab.com/pkg/gem/activerecord-jdbc-adapter/OSVDB-2013-02-25
+    - https://security.snyk.io/vuln/SNYK-RUBY-ACTIVERECORDJDBCADAPTER-20076
+    - https://github.com/advisories/GHSA-5qw5-wf2q-f538
+notes: |
+  - No CVE, CVSS values.