From a20dd72b6fee4f4902fcb56f26275bb4620d88af Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Fri, 15 May 2026 11:58:13 -0400
Subject: [PATCH] Combined and renamed 3 decidem advisories (s/GHSA/CVE/)

---
 .../decidim-api/{GHSA-ghmh-q25g-gxxx.yml => CVE-2026-40870.yml} | 2 ++
 .../{GHSA-ghmh-q25g-gxxx.yml => CVE-2026-40870.yml}             | 2 ++
 .../{GHSA-w5xj-99cg-rccm.yml => CVE-2026-40869.yml}             | 2 ++
 3 files changed, 6 insertions(+)
 rename gems/decidim-api/{GHSA-ghmh-q25g-gxxx.yml => CVE-2026-40870.yml} (97%)
 rename gems/decidim-comments/{GHSA-ghmh-q25g-gxxx.yml => CVE-2026-40870.yml} (97%)
 rename gems/decidim-core/{GHSA-w5xj-99cg-rccm.yml => CVE-2026-40869.yml} (95%)

diff --git a/gems/decidim-api/GHSA-ghmh-q25g-gxxx.yml b/gems/decidim-api/CVE-2026-40870.yml
similarity index 97%
rename from gems/decidim-api/GHSA-ghmh-q25g-gxxx.yml
rename to gems/decidim-api/CVE-2026-40870.yml
index dfe1f5f746..045270c59f 100644
--- a/gems/decidim-api/GHSA-ghmh-q25g-gxxx.yml
+++ b/gems/decidim-api/CVE-2026-40870.yml
@@ -1,5 +1,6 @@
 ---
 gem: decidim-api
+cve: 2026-40870
 ghsa: ghmh-q25g-gxxx
 url: https://github.com/decidim/decidim/security/advisories/GHSA-ghmh-q25g-gxxx
 title: Decidim's comments API allows access to all commentable resources
@@ -90,5 +91,6 @@ patched_versions:
   - ">= 0.31.1"
 related:
   url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2026-40870
     - https://github.com/decidim/decidim/security/advisories/GHSA-ghmh-q25g-gxxx
     - https://github.com/advisories/GHSA-ghmh-q25g-gxxx
diff --git a/gems/decidim-comments/GHSA-ghmh-q25g-gxxx.yml b/gems/decidim-comments/CVE-2026-40870.yml
similarity index 97%
rename from gems/decidim-comments/GHSA-ghmh-q25g-gxxx.yml
rename to gems/decidim-comments/CVE-2026-40870.yml
index 375105f0ab..b54bc43587 100644
--- a/gems/decidim-comments/GHSA-ghmh-q25g-gxxx.yml
+++ b/gems/decidim-comments/CVE-2026-40870.yml
@@ -1,5 +1,6 @@
 ---
 gem: decidim-comments
+cve: 2026-40870
 ghsa: ghmh-q25g-gxxx
 url: https://github.com/decidim/decidim/security/advisories/GHSA-ghmh-q25g-gxxx
 title: Decidim's comments API allows access to all commentable resources
@@ -90,5 +91,6 @@ patched_versions:
   - ">= 0.31.1"
 related:
   url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2026-40870
     - https://github.com/decidim/decidim/security/advisories/GHSA-ghmh-q25g-gxxx
     - https://github.com/advisories/GHSA-ghmh-q25g-gxxx
diff --git a/gems/decidim-core/GHSA-w5xj-99cg-rccm.yml b/gems/decidim-core/CVE-2026-40869.yml
similarity index 95%
rename from gems/decidim-core/GHSA-w5xj-99cg-rccm.yml
rename to gems/decidim-core/CVE-2026-40869.yml
index 760da711c1..17af07484d 100644
--- a/gems/decidim-core/GHSA-w5xj-99cg-rccm.yml
+++ b/gems/decidim-core/CVE-2026-40869.yml
@@ -1,5 +1,6 @@
 ---
 gem: decidim-core
+cve: 2026-40869
 ghsa: w5xj-99cg-rccm
 url: https://github.com/decidim/decidim/security/advisories/GHSA-w5xj-99cg-rccm
 title: Decidim amendments can be accepted or rejected by anyone
@@ -37,6 +38,7 @@ patched_versions:
   - ">= 0.31.1"
 related:
   url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2026-40869
     - https://github.com/decidim/decidim/security/advisories/GHSA-w5xj-99cg-rccm
     - https://github.com/decidim/decidim/commit/1b99136a1c7aa02616a0b54a6ab88d12907a57a9
     - https://github.com/advisories/GHSA-w5xj-99cg-rccm