diff --git a/gems/govuk_tech_docs/CVE-2024-22048.yml b/gems/govuk_tech_docs/CVE-2024-22048.yml
index fa1133c06b..4459e697d1 100644
--- a/gems/govuk_tech_docs/CVE-2024-22048.yml
+++ b/gems/govuk_tech_docs/CVE-2024-22048.yml
@@ -26,6 +26,7 @@ description: |
   ### Patches
 
   This has been fixed in v3.3.1. HTML is now sanitised in search results.
+cvss_v3: 6.1
 unaffected_versions:
   - "< 2.0.2"
 patched_versions:
diff --git a/gems/govuk_tech_docs/GHSA-x2xw-hw8g-6773.yml b/gems/govuk_tech_docs/GHSA-x2xw-hw8g-6773.yml
deleted file mode 100644
index 73d6782087..0000000000
--- a/gems/govuk_tech_docs/GHSA-x2xw-hw8g-6773.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-gem: govuk_tech_docs
-ghsa: x2xw-hw8g-6773
-url: https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773
-title: govuk_tech_docs vulnerable to unescaped HTML on search results page
-date: 2023-04-11
-description: |
-  Impact
-    Pages that are indexed in search results have their entire contents
-    indexed, including any HTML code snippets. These HTML snippets would
-    appear in the search results unsanitised, so it was possible to render
-    arbitrary HTML or run arbitrary scripts.
-
-    This is a low risk security issue; to exploit it, an attacker would
-    need to find a way of committing malicious code to a page indexed by
-    a site that uses tech-docs-gem (which are typically not editable by
-    untrusted users). Their code would also be limited by the relatively
-    short length that's rendered in the corresponding search result.
-    Nevertheless, the XSS would then be triggerable by visiting a
-    pre-constructed URL (/search/index.html?q=some+search+term), which
-    users could be tricked into clicking on through social engineering.
-
-  Patches
-    This has been fixed in v3.3.1. HTML is now sanitised in search results.
-unaffected_versions:
-  - "< 2.0.2"
-patched_versions:
-  - ">= 3.3.1"
-related:
-  url:
-    - https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773
-    - https://github.com/alphagov/tech-docs-gem/pull/323
-    - https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1
-    - https://github.com/advisories/GHSA-x2xw-hw8g-6773
diff --git a/gems/iodine/CVE-2024-22050.yml b/gems/iodine/CVE-2024-22050.yml
index 7a220b73b7..36dc987ac0 100644
--- a/gems/iodine/CVE-2024-22050.yml
+++ b/gems/iodine/CVE-2024-22050.yml
@@ -34,6 +34,7 @@ description: |
   ### For more information
   If you have any questions or comments about this advisory:
   * Email [Boaz Segev](https://github.com/boazsegev)
+cvss_v3: 7.5
 patched_versions:
   - ">= 0.7.34"
 related:
diff --git a/gems/prosemirror_to_html/CVE-2025-64501.yml b/gems/prosemirror_to_html/CVE-2025-64501.yml
new file mode 100644
index 0000000000..a951cbf989
--- /dev/null
+++ b/gems/prosemirror_to_html/CVE-2025-64501.yml
@@ -0,0 +1,79 @@
+---
+gem: prosemirror_to_html
+cve: 2025-64501
+ghsa: 52c5-vh7f-26fx
+url: https://github.com/etaminstudio/prosemirror_to_html/security/advisories/GHSA-52c5-vh7f-26fx
+title: Cross-Site Scripting (XSS) vulnerability through unescaped
+  HTML attribute values
+date: 2025-11-06
+description: |
+  ### Impact
+
+  The prosemirror_to_html gem is vulnerable to Cross-Site Scripting
+  (XSS) attacks through malicious HTML attribute values. While tag
+  content is properly escaped, attribute values are not, allowing
+  attackers to inject arbitrary JavaScript code.
+
+  **Who is impacted:**
+
+  - Any application using prosemirror_to_html to convert ProseMirror
+    documents to HTML
+  - Applications that process user-generated ProseMirror content are
+    at highest risk
+  - End users viewing the rendered HTML output could have malicious
+   JavaScript executed in their browsers
+
+  **Attack vectors include:**
+
+  - `href` attributes with `javascript:` protocol: `<a href="javascript:alert(document.cookie)">`
+  - Event handlers: `<div onclick="maliciousCode()">`
+  - `onerror` attributes on images: `<img src=x onerror="alert('XSS')">`
+  - Other HTML attributes that can execute JavaScript
+
+  ### Patches
+
+  A fix is currently in development. Users should upgrade to
+  version **0.2.1** or later once released.
+
+  The patch escapes all HTML attribute values using `CGI.escapeHTML`
+  to prevent injection attacks.
+
+  ### Workarounds
+
+  Until a patched version is available, users can implement one or
+  more of these mitigations:
+
+  1. **Sanitize output**: Pass the HTML output through a sanitization
+     library like [Sanitize](https://github.com/rgrove/sanitize) or
+     [Loofah](https://github.com/flavorjones/loofah):
+
+  ```ruby
+     html = ProsemirrorToHtml.render(document)
+     safe_html = Sanitize.fragment(html, Sanitize::Config::RELAXED)
+  ```
+
+  2. **Implement Content Security Policy (CSP)**: Add strict CSP
+     headers to prevent inline JavaScript execution:
+
+  ```
+     Content-Security-Policy: default-src 'self'; script-src 'self'
+  ```
+
+  3. **Input validation**: If possible, validate and sanitize ProseMirror
+     documents before conversion to prevent malicious content from
+     entering the system.
+
+  ### References
+
+  - Vulnerable code: https://github.com/etaminstudio/prosemirror_to_html/blob/ea8beb32f6c37f29f042ba4155ccf18504da716e/lib/prosemirror_to_html.rb#L249
+  - [OWASP XSS Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html)
+  - [CWE-79: Improper Neutralization of Input During Web Page Generation](https://cwe.mitre.org/data/definitions/79.html)
+cvss_v3: 7.6
+patched_versions:
+  - ">= 0.2.1"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-64501
+    - https://github.com/etaminstudio/prosemirror_to_html/security/advisories/GHSA-52c5-vh7f-26fx
+    - https://github.com/etaminstudio/prosemirror_to_html/commit/4d59f94f550bcabeec30d298791bbdd883298ad8
+    - https://github.com/advisories/GHSA-52c5-vh7f-26fx
diff --git a/gems/prosemirror_to_html/GHSA-4249-gjr8-jpq3.yml b/gems/prosemirror_to_html/GHSA-4249-gjr8-jpq3.yml
new file mode 100644
index 0000000000..81d99c6f7e
--- /dev/null
+++ b/gems/prosemirror_to_html/GHSA-4249-gjr8-jpq3.yml
@@ -0,0 +1,76 @@
+---
+gem: prosemirror_to_html
+ghsa: 4249-gjr8-jpq3
+url: https://github.com/etaminstudio/prosemirror_to_html/security/advisories/GHSA-52c5-vh7f-26fx
+title: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability
+  through unescaped HTML attribute values
+date: 2025-11-13
+description: |
+  ### Impact
+
+  The prosemirror_to_html gem is vulnerable to Cross-Site Scripting
+  (XSS) attacks through malicious HTML attribute values. While tag
+  content is properly escaped, attribute values are not, allowing
+  attackers to inject arbitrary JavaScript code.
+
+  **Who is impacted:**
+
+  - Any application using prosemirror_to_html to convert ProseMirror
+    documents to HTML
+  - Applications that process user-generated ProseMirror content are
+    at highest risk
+  - End users viewing the rendered HTML output could have malicious
+    JavaScript executed in their browsers
+
+  **Attack vectors include:**
+
+  - `href` attributes with `javascript:` protocol:
+    `<a href="javascript:alert(document.cookie)">`
+  - Event handlers: `<div onclick="maliciousCode()">`
+  - `onerror` attributes on images: `<img src=x onerror="alert('XSS')">`
+  - Other HTML attributes that can execute JavaScript
+
+  ### Patches
+
+  A fix is currently in development. Users should upgrade to version
+  **0.2.1** or later once released. The patch escapes all HTML attribute
+  values using `CGI.escapeHTML` to prevent injection attacks.
+
+  ### Workarounds
+
+  Until a patched version is available, users can implement one or
+  more of these mitigations:
+
+  1. **Sanitize output**: Pass the HTML output through a sanitization
+     library like [Sanitize](https://github.com/rgrove/sanitize) or
+     [Loofah](https://github.com/flavorjones/loofah):
+
+  ```ruby
+     html = ProsemirrorToHtml.render(document)
+     safe_html = Sanitize.fragment(html, Sanitize::Config::RELAXED)
+  ```
+
+  2. **Implement Content Security Policy (CSP)**: Add strict CSP
+     headers to prevent inline JavaScript execution:
+  ```
+     Content-Security-Policy: default-src 'self'; script-src 'self'
+  ```
+
+  3. **Input validation**: If possible, validate and sanitize
+     ProseMirror documents before conversion to prevent malicious
+     content from entering the system.
+
+  ### References
+
+  - Vulnerable code: https://github.com/etaminstudio/prosemirror_to_html/blob/ea8beb32f6c37f29f042ba4155ccf18504da716e/lib/prosemirror_to_html.rb#L249
+  - [OWASP XSS Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html)
+patched_versions:
+  - ">= 0.2.1"
+related:
+  url:
+    - https://github.com/etaminstudio/prosemirror_to_html/security/advisories/GHSA-52c5-vh7f-26fx
+    - https://github.com/etaminstudio/prosemirror_to_html/commit/4d59f94f550bcabeec30d298791bbdd883298ad8
+    - https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
+    - https://github.com/etaminstudio/prosemirror_to_html/blob/ea8beb32f6c37f29f042ba4155ccf18504da716e/lib/prosemirror_to_html.rb#L249
+    - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/prosemirror_to_html/GHSA-vfpf-xmwh-8m65.yml
+    - https://github.com/advisories/GHSA-4249-gjr8-jpq3