rubysec · postmodern · Feb 4, 2026 · Feb 2, 2026
diff --git a/rubies/ruby/CVE-2008-3655.yml b/rubies/ruby/CVE-2008-3655.yml
@@ -1,6 +1,7 @@
 ---
 engine: ruby
 cve: 2008-3655
+ghsa: p524-ppf2-w36w
 url: https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
 title: Ruby multiple insufficient safe mode restrictions
 date: 2008-08-08
@@ -16,3 +17,19 @@ patched_versions:
   - "~> 1.8.6.287"
   - "~> 1.8.7.72"
   - ">= 1.9.0"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2008-3655
+    - https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby
+    - https://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released
+    - https://security.gentoo.org/glsa/200812-17
+    - https://www.us-cert.gov/cas/techalerts/TA09-133A.html
+    - https://support.apple.com/en-us/104129
+    - https://web.archive.org/web/20090517222231/https://lists.apple.com/archives/security-announce/2009/May/msg00002.html
+    - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
+    - https://www.debian.org/security/2008/dsa-1652
+    - https://www.debian.org/security/2008/dsa-1651
+    - https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-October/000765.html
+    - https://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
+    - https://exchange.xforce.ibmcloud.com/vulnerabilities/44369
+    - https://github.com/advisories/GHSA-p524-ppf2-w36w
diff --git a/rubies/ruby/CVE-2008-3656.yml b/rubies/ruby/CVE-2008-3656.yml
@@ -1,9 +1,10 @@
 ---
 engine: ruby
 cve: 2008-3656
-url: https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
-title: Ruby WEBrick::HTTP::DefaultFileHandler DoS
-date: 2008-08-08
+ghsa: 823x-6r7f-v9x6
+url: https://nvd.nist.gov/vuln/detail/CVE-2008-3656
+title: Algorithmic complexity vulnerability in the WEBrick
+date: 2008-08-12
 description: |
   Algorithmic complexity vulnerability in the
   WEBrick::HTTPUtils.split_header_value function in
@@ -17,3 +18,19 @@ patched_versions:
   - "~> 1.8.6.287"
   - "~> 1.8.7.72"
   - ">= 1.9.0"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2008-3656
+    - https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby
+    - https://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released
+    - https://security.gentoo.org/glsa/200812-17
+    - https://www.us-cert.gov/cas/techalerts/TA09-133A.html
+    - https://support.apple.com/en-us/104129
+    - https://web.archive.org/web/20090517222231/https://lists.apple.com/archives/security-announce/2009/May/msg00002.html
+    - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
+    - https://www.debian.org/security/2008/dsa-1652
+    - https://www.debian.org/security/2008/dsa-1651
+    - https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-October/000765.html
+    - https://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
+    - https://exchange.xforce.ibmcloud.com/vulnerabilities/44371
+    - https://github.com/advisories/GHSA-823x-6r7f-v9x6
diff --git a/rubies/ruby/CVE-2008-3657.yml b/rubies/ruby/CVE-2008-3657.yml
@@ -1,7 +1,8 @@
 ---
 engine: ruby
 cve: 2008-3657
-url: https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
+ghsa: 5f6v-fgcw-j5px
+url: https://nvd.nist.gov/vuln/detail/CVE-2008-3657
 title: Ruby missing "taintness" checks in dl module
 date: 2008-08-08
 description: |
@@ -14,3 +15,19 @@ patched_versions:
   - "~> 1.8.6.287"
   - "~> 1.8.7.72"
   - ">= 1.9.0"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2008-3657
+    - https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby
+    - https://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released
+    - https://security.gentoo.org/glsa/200812-17
+    - https://www.us-cert.gov/cas/techalerts/TA09-133A.html
+    - https://support.apple.com/en-us/104129
+    - https://web.archive.org/web/20090517222231/https://lists.apple.com/archives/security-announce/2009/May/msg00002.html
+    - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
+    - https://www.debian.org/security/2008/dsa-1652
+    - https://www.debian.org/security/2008/dsa-1651
+    - https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-October/000765.html
+    - https://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
+    - https://exchange.xforce.ibmcloud.com/vulnerabilities/44372
+    - https://github.com/advisories/GHSA-5f6v-fgcw-j5px
diff --git a/rubies/ruby/CVE-2008-3905.yml b/rubies/ruby/CVE-2008-3905.yml
@@ -1,7 +1,8 @@
 ---
 engine: ruby
 cve: 2008-3905
-url: https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
+ghsa: vwcj-mf69-7rfw
+url: https://nvd.nist.gov/vuln/detail/CVE-2008-3905
 title: ruby -- DNS spoofing vulnerability in resolv.rb
 date: 2008-05-05
 description: |
@@ -15,3 +16,17 @@ patched_versions:
   - "~> 1.8.6.287"
   - "~> 1.8.7.72"
   - ">= 1.9.0"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2008-3905
+    - https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby
+    - https://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released
+    - https://www.openwall.com/lists/oss-security/2008/09/03/3
+    - https://www.openwall.com/lists/oss-security/2008/09/04/9
+    - https://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754
+    - https://www.debian.org/security/2008/dsa-1652
+    - https://www.debian.org/security/2008/dsa-1651
+
+    - https://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
+    - https://exchange.xforce.ibmcloud.com/vulnerabilities/45935
+    - https://github.com/advisories/GHSA-vwcj-mf69-7rfw