Apply remarks from #873

* remove duplicates of gems/nokogiri/CVE-2018-25032.yml:
  - gems/nokogiri/GHSA-v6gp-9mmm-c6p5.yml

* remove duplicates of gems/nokogiri/CVE-2021-30560.yml:
  - gems/nokogiri/GHSA-fq42-c5rg-92c2.yml

* remove duplicates of gems/nokogiri/CVE-2022-23437.yml:
  - gems/nokogiri/GHSA-xxx9-3xcr-gjj3.yml

* remove duplicates of gems/nokogiri/CVE-2022-24839.yml:
  - gems/nokogiri/GHSA-gx8x-g87m-h5q6.yml

* remove duplicates of gems/omniauth-saml/CVE-2024-45409.yml:
  - gems/omniauth-saml/GHSA-cvp8-5r8g-fhvq.yml

* remove duplicates of gems/spree_auth_devise/CVE-2021-41275.yml:
  - gems/spree_auth_devise/GHSA-6mqr-q86q-6gwr.yml
  - gems/spree_auth_devise/GHSA-8xfw-5q82-3652.yml
  - gems/spree_auth_devise/GHSA-gpqc-4pp7-5954.yml

* remove duplicates of gems/nokogiri/CVE-2022-23437.yml:
  - gems/nokogiri/GHSA-xxx9-3xcr-gjj3.yml

* use `##` instead of `**` to denote sections within the description text

* use `description: |` to make text easier to read and edit

* use NVD url for gems/alchemy_cms/CVE-2018-18307.yml

Author: rakvium

gems/alchemy_cms/CVE-2018-18307.yml

@@ -2,7 +2,7 @@
 gem: alchemy_cms
 cve: 2018-18307
 ghsa: 7mj4-2984-955f
-url: http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html
+url: https://nvd.nist.gov/vuln/detail/CVE-2018-18307
 title: AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field
 date: 2022-05-14
 description: |

gems/camaleon_cms/GHSA-3hp8-6j24-m5gm.yml

@@ -32,7 +32,7 @@ description: |
   Where it is joined in an unchecked manner with the root folder and
   then deleted.
 
-  **Proof of concept**
+  ## Proof of concept
   The following request would delete the file README.md in the top folder of the Ruby on Rails application. (The values for auth_token, X-CSRF-Token and _cms_session would also need to be replaced with authenticated values in the curl command below)
   ```
   curl --path-as-is -i -s -k -X $'POST' \
@@ -45,16 +45,16 @@ description: |
       $'https://<camaleon-host>/admin/media/actions?actions=true'
   ```
 
-  **Impact**
+  ## Impact
 
   This issue may lead to a defective CMS or system.
 
-  **Remediation**
+  ## Remediation
 
   Normalize all file paths constructed from untrusted user input before using them and check that the resulting path is inside the
   targeted directory. Additionally, do not allow character sequences such as .. in untrusted input that is used to build paths.
 
-  **See also:**
+  ## See also:
 
   [CodeQL: Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/ruby/rb-path-injection/)
   [OWASP: Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)

gems/nokogiri/GHSA-fq42-c5rg-92c2.yml

@@ -5,29 +5,62 @@ ghsa: 9822-6m93-xqf4
 url: https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
 title: Rails has possible XSS Vulnerability in Action Controller
 date: 2024-02-27
-description: "# Possible XSS Vulnerability in Action Controller\n\nThere is a possible
-  XSS vulnerability when using the translation helpers\n(`translate`, `t`, etc) in
-  Action Controller. This vulnerability has been\nassigned the CVE identifier CVE-2024-26143.\n\nVersions
-  Affected:  >= 7.0.0.\nNot affected:       < 7.0.0\nFixed Versions:     7.1.3.1,
-  7.0.8.1\n\nImpact\n------\nApplications using translation methods like `translate`,
-  or `t` on a\ncontroller, with a key ending in \"_html\", a `:default` key which
-  contains\nuntrusted user input, and the resulting string is used in a view, may
-  be\nsusceptible to an XSS vulnerability.\n\nFor example, impacted code will look
-  something like this:\n\n```ruby\nclass ArticlesController < ApplicationController\n
-  \ def show  \n    @message = t(\"message_html\", default: untrusted_input)\n    #
-  The `show` template displays the contents of `@message`\n  end\nend\n```\n\nTo reiterate
-  the pre-conditions, applications must:\n\n* Use a translation function from a controller
-  (i.e. _not_ I18n.t, or `t` from\n  a view)\n* Use a key that ends in `_html`\n*
-  Use a default value where the default value is untrusted and unescaped input\n*
-  Send the text to the victim (whether that's part of a template, or a\n  `render`
-  call)\n\nAll users running an affected release should either upgrade or use one
-  of the\nworkarounds immediately.\n\nReleases\n--------\nThe fixed releases are available
-  at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds
-  for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately
-  we have provided patches for\nthe two supported release series. They are in git-am
-  format and consist of a\nsingle changeset.\n\n*  7-0-translate-xss.patch - Patch
-  for 7.0 series\n*  7-1-translate-xss.patch - Patch for 7.1 series\n\nCredits\n-------\n\nThanks
-  to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix!"
+description: |
+  # Possible XSS Vulnerability in Action Controller
+
+  There is a possible XSS vulnerability when using the translation helpers
+  (`translate`, `t`, etc) in Action Controller.
+  This vulnerability has been assigned the CVE identifier CVE-2024-26143.
+
+  Versions Affected: `>= 7.0.0`.
+  Not affected: `< 7.0.0`
+  Fixed Versions: `7.1.3.1`, `7.0.8.1`
+
+  ## Impact
+
+  Applications using translation methods like `translate`, or `t` on a controller,
+  with a key ending in `_html`, a `:default` key which contains untrusted user input,
+  and the resulting string is used in a view, may be susceptible to an XSS vulnerability.
+
+  For example, impacted code will look something like this:
+
+  ```ruby
+  class ArticlesController < ApplicationController
+    def show
+      @message = t("message_html", default: untrusted_input)
+      # The `show` template displays the contents of `@message`
+    end
+  end
+  ```
+
+  To reiterate the pre-conditions, applications must:
+
+  * Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from a view)
+  * Use a key that ends in `_html`
+  * Use a default value where the default value is untrusted and unescaped input
+  * Send the text to the victim (whether that's part of a template, or a `render` call)
+
+  All users running an affected release should either upgrade or use one of the workarounds immediately.
+
+  ## Releases
+
+  The fixed releases are available at the normal locations.
+
+  ## Workarounds
+
+  There are no feasible workarounds for this issue.
+
+  ## Patches
+
+  To aid users who aren't able to upgrade immediately we have provided patches for
+  the two supported release series. They are in git-am format and consist of a single changeset.
+
+  *  7-0-translate-xss.patch - Patch for 7.0 series
+  *  7-1-translate-xss.patch - Patch for 7.1 series
+
+  ## Credits
+
+  Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix!"
 cvss_v3: 6.1
 unaffected_versions:
 - "< 7.0.0"