Sync with GitHub Security Advisories

* Add CVE-2022-27311 for gibbon
* Add CVE-2022-25648 for git
* Add CVSSv3 score for several advisories

Author: reedloden

gems/actionpack/CVE-2022-22577.yml

@@ -2,6 +2,7 @@
 gem: actionpack
 framework: rails
 cve: 2022-22577
+ghsa: mm33-5vfq-3mm3
 url: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI
 title: Possible XSS Vulnerability in Action Pack
 date: 2022-04-27

gems/actionview/CVE-2022-27777.yml

@@ -2,6 +2,7 @@
 gem: actionview
 framework: rails
 cve: 2022-27777
+ghsa: ch3h-j2vf-95pv
 url: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
 title: Possible XSS Vulnerability in Action View tag helpers
 date: 2022-04-26

gems/gibbon/CVE-2022-27311.yml

@@ -0,0 +1,12 @@
+---
+gem: gibbon
+cve: 2022-27311
+ghsa: vx9g-377x-xwxq
+url: https://github.com/amro/gibbon/pull/321
+title: Server side request forgery in gibbon
+date: 2022-04-26
+description: |
+  Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request
+  Forgery (SSRF) via a crafted URL. A partial fix has been introduced in version 3.4.4,
+  however a complete fix has not yet been created. See Pull request 321 in github.com/amro/gibbon
+  for details.

gems/git/CVE-2022-25648.yml

@@ -0,0 +1,18 @@
+---
+gem: git
+cve: 2022-25648
+ghsa: 69p6-wvmq-27gg
+url: https://github.com/ruby-git/ruby-git/pull/569
+title: Command injection in ruby-git
+date: 2022-04-20
+description: |
+  The package git before 1.11.0 are vulnerable to Command Injection via
+  git argument injection. When calling the fetch(remote = 'origin', opts = {}) function,
+  the remote parameter is passed to the git fetch subcommand in a way that additional
+  flags can be set. The additional flags can be used to perform a command injection.
+cvss_v3: 9.8
+patched_versions:
+- ">= 1.11.0"
+related:
+  url:
+  - https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0