From 4006ea80a81eafbd0f350a8e891030536f36a32f Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Thu, 14 May 2026 10:30:07 -0400
Subject: [PATCH 1/2] GHSA/SYNC: 1 new advisory

---
 gems/sidekiq-cron/CVE-2025-67202.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 gems/sidekiq-cron/CVE-2025-67202.yml

diff --git a/gems/sidekiq-cron/CVE-2025-67202.yml b/gems/sidekiq-cron/CVE-2025-67202.yml
new file mode 100644
index 0000000000..56afc885a2
--- /dev/null
+++ b/gems/sidekiq-cron/CVE-2025-67202.yml
@@ -0,0 +1,23 @@
+---
+gem: sidekiq-cron
+cve: 2025-67202
+ghsa: xv9c-mjw8-79gf
+url: https://github.com/sidekiq-cron/sidekiq-cron/issues/569
+title: Sidekiq-cron is vulnerable to a cross-site scripting (xss)
+  vulnerability via crafted URL
+date: 2026-05-07
+description: |
+  Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq,
+  is vulnerable to a cross-site scripting (xss) vulnerability via crafted
+  URL being rended from cron.erb.
+cvss_v3: 6.1
+patched_versions:
+  - ">= 2.4.0"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-67202
+    - https://github.com/sidekiq-cron/sidekiq-cron/releases/tag/v2.4.0
+    - https://github.com/sidekiq-cron/sidekiq-cron/pull/568
+    - https://github.com/sidekiq-cron/sidekiq-cron/commit/7b4ae4822f93ef4646f5cb55500ca4e25662db7c
+    - https://github.com/sidekiq-cron/sidekiq-cron/issues/569
+    - https://github.com/advisories/GHSA-xv9c-mjw8-79gf

From 367014742222f74e2eabe7317a82a6502ba2c148 Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Thu, 14 May 2026 12:03:24 -0400
Subject: [PATCH 2/2] Update CVE URL for sidekiq-cron vulnerability

Good catch
---
 gems/sidekiq-cron/CVE-2025-67202.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gems/sidekiq-cron/CVE-2025-67202.yml b/gems/sidekiq-cron/CVE-2025-67202.yml
index 56afc885a2..dcf9390d00 100644
--- a/gems/sidekiq-cron/CVE-2025-67202.yml
+++ b/gems/sidekiq-cron/CVE-2025-67202.yml
@@ -2,7 +2,7 @@
 gem: sidekiq-cron
 cve: 2025-67202
 ghsa: xv9c-mjw8-79gf
-url: https://github.com/sidekiq-cron/sidekiq-cron/issues/569
+url: https://github.com/advisories/GHSA-xv9c-mjw8-79gf
 title: Sidekiq-cron is vulnerable to a cross-site scripting (xss)
   vulnerability via crafted URL
 date: 2026-05-07