Vanessa

refinerycms-core https://srcclr.com/security/cross-site-scripting-xss-through-title/ruby/s-2168 https://srcclr.com/security/cross-site-scripting-xss-through-alt/ruby/s-2169 https://srcclr.com/security/stored-cross-site-scripting-xss-title/ruby/s-2170 https://srcclr.com/security/cross-site-request-forgery-csrf/ruby/s-2171

paperclip -- https://srcclr.com/security/denial-service-dos-through-excessive/ruby/s-2242

admin-upmin, upmin and shoppe -- https://srcclr.com/security/cross-site-request-forgery-csrf-due-to/ruby/s-2266 devise_invitable -- https://srcclr.com/security/cross-site-request-forgery-csrf/ruby/s-2272

Asking again, any updates on when this might get added? Its seriously causing a headache at the company I work at

@jasonsaayman I understand you're a busy human but is there any updates on an official migration guide?

You are correct, SourceClear was purchased by Veracode. The easiest way to find the links now would be to search the s-* number at https://sca.analysiscenter.veracode.com/vulnerability-database A lot of them will...

It looks like SourceClear itself hasn't withdrawn the item, I wonder why GitHub withdrew it...

Ah yeah that'd probably do it. SourceClear/Veracode adds vulnerabilities that aren't necessarily assigned CVEs, basing on code fixes etc instead of solely CVE