rubysec · postmodern · Nov 18, 2025 · Nov 17, 2025
diff --git a/gems/commonmarker/CVE-2024-22051.yml b/gems/commonmarker/CVE-2024-22051.yml
@@ -2,16 +2,16 @@
 gem: commonmarker
 cve: 2024-22051
 ghsa: fmx4-26r3-wxpf
-url: https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
+url: https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf
 title: Integer overflow in cmark-gfm table parsing extension leads to heap memory
   corruption
 date: 2022-03-03
 description: |
-
   ### Impact
 
   CommonMarker uses `cmark-gfm` for rendering
   [Github Flavored Markdown](https://github.github.com/gfm/).
+
   An [integer overflow in `cmark-gfm`'s table row parsing](https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x)
   may lead to heap memory corruption when parsing tables who's marker
   rows contain more than UINT16_MAX columns. The impact of this heap
@@ -47,7 +47,7 @@ description: |
   If you have any questions or comments about this advisory:
 
   * Open an issue in [CommonMarker](http://github.com/gjtorikian/commonmarker)
-cvss_v3: 8.8
+cvss_v3: 9.8
 patched_versions:
   - ">= 0.23.4"
 related:

diff --git a/gems/commonmarker/GHSA-fmx4-26r3-wxpf.yml b/gems/commonmarker/GHSA-fmx4-26r3-wxpf.yml