Add GHSA reference support and convert 49 hardcoded GHSA URLs to structured format

Chocapikk · Chocapikk · commit f0980693aea0 · 2025-11-20T00:42:58.000+01:00
diff --git a/modules/auxiliary/admin/http/pihole_domains_api_exec.rb b/modules/auxiliary/admin/http/pihole_domains_api_exec.rb
@@ -26,7 +26,7 @@ def initialize(info = {})
           'SchneiderSec' # original PoC, discovery
         ],
         'References' => [
-          ['URL', 'https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-5cm9-6p3m-v259'],
+          ['GHSA', '5cm9-6p3m-v259'],
           ['CVE', '2021-32706']
         ],
         'Targets' => [
diff --git a/modules/auxiliary/gather/jetty_web_inf_disclosure.rb b/modules/auxiliary/gather/jetty_web_inf_disclosure.rb
@@ -31,8 +31,8 @@ def initialize(info = {})
           [ 'EDB', '50438' ],
           [ 'EDB', '50478' ],
           [ 'URL', 'https://github.com/ColdFusionX/CVE-2021-34429' ],
-          [ 'URL', 'https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm' ], # CVE-2021-34429
-          [ 'URL', 'https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5' ], # CVE-2021-28164
+          [ 'GHSA', 'vjv5-gp2w-65vm' ], # CVE-2021-34429
+          [ 'GHSA', 'v7ff-8wcx-gmc5' ], # CVE-2021-28164
           [ 'CVE', '2021-34429' ],
           [ 'CVE', '2021-28164' ]
         ],
diff --git a/modules/auxiliary/gather/listmonk_env_disclosure.rb b/modules/auxiliary/gather/listmonk_env_disclosure.rb
@@ -21,7 +21,7 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'References' => [
           ['CVE', '2025-49136'],
-          ['URL', 'https://github.com/knadh/listmonk/security/advisories/GHSA-jc7g-x28f-3v3h']
+          ['GHSA', 'jc7g-x28f-3v3h']
         ],
         'DisclosureDate' => '2025-06-08',
         'Notes' => {
diff --git a/modules/auxiliary/gather/minio_bootstrap_verify_info_disc.rb b/modules/auxiliary/gather/minio_bootstrap_verify_info_disc.rb
@@ -24,7 +24,7 @@ def initialize(info = {})
           'RicterZ' # original PoC, analysis
         ],
         'References' => [
-          [ 'URL', 'https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q'],
+          [ 'GHSA', '6xvq-wj2x-3h3q' ],
           [ 'CVE', '2023-28432']
         ],
         'Targets' => [
diff --git a/modules/auxiliary/gather/mongodb_ops_manager_diagnostic_archive_info.rb b/modules/auxiliary/gather/mongodb_ops_manager_diagnostic_archive_info.rb
@@ -33,7 +33,7 @@ def initialize(info = {})
           'h00die', # msf module
         ],
         'References' => [
-          [ 'URL', 'https://github.com/advisories/GHSA-xqvf-v5jg-pxc2'],
+          [ 'GHSA', 'xqvf-v5jg-pxc2' ],
           [ 'URL', 'https://www.mongodb.com/docs/ops-manager/current/reference/configuration/#mongodb-setting-mms.https.PEMKeyFilePassword'],
           [ 'CVE', '2023-0342']
         ],
diff --git a/modules/auxiliary/gather/onedev_arbitrary_file_read.rb b/modules/auxiliary/gather/onedev_arbitrary_file_read.rb
@@ -27,7 +27,7 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'References' => [
           ['CVE', '2024-45309'],
-          ['URL', 'https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489']
+          ['GHSA', '7wg5-6864-v489']
         ],
         'DisclosureDate' => '2024-10-19',
         'Notes' => {
diff --git a/modules/auxiliary/gather/rancher_authenticated_api_cred_exposure.rb b/modules/auxiliary/gather/rancher_authenticated_api_cred_exposure.rb
@@ -27,7 +27,7 @@ def initialize(info = {})
           'Marco Stuurman' # discovery
         ],
         'References' => [
-          [ 'URL', 'https://github.com/advisories/GHSA-g7j7-h4q8-8w2f'],
+          [ 'GHSA', 'g7j7-h4q8-8w2f' ],
           [ 'URL', 'https://github.com/fe-ax/tf-cve-2021-36782'],
           [ 'URL', 'https://fe.ax/cve-2021-36782/'],
           [ 'CVE', '2021-36782']
diff --git a/modules/auxiliary/scanner/http/grafana_plugin_traversal.rb b/modules/auxiliary/scanner/http/grafana_plugin_traversal.rb
@@ -29,7 +29,7 @@ def initialize(info = {})
         'DisclosureDate' => '2021-12-02',
         'References' => [
           ['CVE', '2021-43798'],
-          ['URL', 'https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p'],
+          ['GHSA', '8pjx-jj86-j47p'],
           ['URL', 'https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/'],
           ['EDB', '50581'],
           ['URL', 'https://github.com/jas502n/Grafana-CVE-2021-43798'],
diff --git a/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.rb b/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.rb
@@ -38,7 +38,7 @@ def initialize(info = {})
         'References' => [
           ['EDB', '51329'],
           ['URL', 'https://www.sonarsource.com/blog/path-traversal-vulnerabilities-in-icinga-web/'],
-          ['URL', 'https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw'],
+          ['GHSA', '5p3f-rh28-8frw'],
           ['URL', 'https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d'],
           ['CVE', '2022-24716'],
         ],
diff --git a/modules/auxiliary/scanner/misc/cups_browsed_info_disclosure.rb b/modules/auxiliary/scanner/misc/cups_browsed_info_disclosure.rb
@@ -21,7 +21,7 @@ def initialize
       'License' => MSF_LICENSE,
       'References' => [
         ['CVE', '2024-47176'],
-        ['URL', 'https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8' ],
+        ['GHSA', 'rj88-6mr5-rcw8'],
         ['URL', 'https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/' ],
       ],
       'DefaultOptions' => { 'RPORT' => 631 },
diff --git a/modules/exploits/linux/http/bentoml_rce_cve_2025_27520.rb b/modules/exploits/linux/http/bentoml_rce_cve_2025_27520.rb
@@ -25,7 +25,7 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'References' => [
           ['CVE', '2025-27520'],
-          ['URL', 'https://github.com/advisories/GHSA-33xw-247w-6hmc'],
+          ['GHSA', '33xw-247w-6hmc']
         ],
         'Targets' => [
           [
diff --git a/modules/exploits/linux/http/bentoml_runner_server_rce_cve_2025_32375.rb b/modules/exploits/linux/http/bentoml_runner_server_rce_cve_2025_32375.rb
@@ -26,7 +26,7 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'References' => [
           ['CVE', '2025-32375'],
-          ['URL', 'https://github.com/advisories/GHSA-7v4r-c989-xh26'],
+          ['GHSA', '7v4r-c989-xh26']
         ],
         'Targets' => [
           [
diff --git a/modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb b/modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb
@@ -52,7 +52,7 @@ def initialize(info = {})
         ],
         'References' => [
           ['CVE', '2022-46169'],
-          ['URL', 'https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf'], # disclosure and technical details
+          ['GHSA', '6p93-p743-35gf'], # disclosure and technical details
           ['URL', 'https://github.com/vulhub/vulhub/tree/master/cacti/CVE-2022-46169'], # vulhub vulnerable docker image and PoC
           ['URL', 'https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution'] # analysis by Stefan Schiller
         ],
diff --git a/modules/exploits/linux/http/craftcms_unauth_rce_cve_2023_41892.rb b/modules/exploits/linux/http/craftcms_unauth_rce_cve_2023_41892.rb
@@ -43,7 +43,7 @@ def initialize(info = {})
           [ 'CVE', '2023-41892' ],
           [ 'URL', 'https://blog.calif.io/p/craftcms-rce' ],
           [ 'URL', 'https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/' ],
-          [ 'URL', 'https://github.com/advisories/GHSA-4w8r-3xrw-v25g' ],
+          [ 'GHSA', '4w8r-3xrw-v25g' ],
           [ 'URL', 'https://attackerkb.com/topics/2u7OaYlv1M/cve-2023-41892' ],
         ],
         'License' => MSF_LICENSE,
diff --git a/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb b/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb
@@ -28,7 +28,7 @@ def initialize(info = {})
           'Takahiro Yokoyama'      # Metasploit module
         ],
         'References' => [
-          [ 'URL', 'https://github.com/advisories/GHSA-x645-6pf9-xwxw'],
+          [ 'GHSA', 'x645-6pf9-xwxw' ],
           [ 'CVE', '2024-51092']
         ],
         'Platform' => %w[linux],
diff --git a/modules/exploits/linux/http/lucee_admin_imgprocess_file_write.rb b/modules/exploits/linux/http/lucee_admin_imgprocess_file_write.rb
@@ -29,7 +29,7 @@ def initialize(info = {})
         'References' => [
           ['CVE', '2021-21307'],
           ['URL', 'https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020-cve-2021-21307/7643'],
-          ['URL', 'https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r'],
+          ['GHSA', '2xvv-723c-8p7r'],
           ['URL', 'https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md']
         ],
         'DisclosureDate' => '2021-01-15', # rootxharsh and iamnoooob's writeup
diff --git a/modules/exploits/linux/http/opentsdb_key_cmd_injection.rb b/modules/exploits/linux/http/opentsdb_key_cmd_injection.rb
@@ -40,7 +40,7 @@ def initialize(info = {})
           'Erik Wynter' # @wyntererik - Metasploit
         ],
         'References' => [
-          ['URL', 'https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw'], # security advisory
+          ['GHSA', '76f7-9v52-v2fw'], # security advisory
           ['CVE', '2023-36812'], # CVE linked in the official security advisory
           ['CVE', '2023-25826'] # CVE that seems to be a dupe of CVE-2023-36812 since it describes the same issue and references the PR that introduces the commits that are referenced in CVE-2023-36812
         ],
diff --git a/modules/exploits/linux/http/pandora_itsm_auth_rce_cve_2025_4653.rb b/modules/exploits/linux/http/pandora_itsm_auth_rce_cve_2025_4653.rb
@@ -42,7 +42,7 @@ def initialize(info = {})
         'References' => [
           ['CVE', '2025-4653'],
           ['URL', 'https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/'],
-          ['URL', 'https://github.com/h00die-gr3y/h00die-gr3y/security/advisories/GHSA-m4f8-9c8x-8f3f'],
+          ['GHSA', 'm4f8-9c8x-8f3f'],
           ['URL', 'https://attackerkb.com/topics/wgCb1QQm1t/cve-2025-4653']
         ],
         'License' => MSF_LICENSE,
diff --git a/modules/exploits/linux/http/pyload_js2py_cve_2024_39205.rb b/modules/exploits/linux/http/pyload_js2py_cve_2024_39205.rb
@@ -40,7 +40,7 @@ def initialize(info = {})
           [ 'CVE', '2024-39205' ],
           [ 'CVE', '2024-28397' ],
           [ 'URL', 'https://github.com/Marven11/CVE-2024-39205-Pyload-RCE' ],
-          [ 'URL', 'https://github.com/pyload/pyload/security/advisories/GHSA-w7hq-f2pj-c53g' ],
+          [ 'GHSA', 'w7hq-f2pj-c53g' ],
           [ 'URL', 'https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape' ],
         ],
         'DisclosureDate' => '2024-10-28',
diff --git a/modules/exploits/linux/http/raspberrymatic_unauth_rce_cve_2024_24578.rb b/modules/exploits/linux/http/raspberrymatic_unauth_rce_cve_2024_24578.rb
@@ -37,7 +37,7 @@ def initialize(info = {})
         'References' => [
           ['CVE', '2024-24578'],
           ['URL', 'https://attackerkb.com/topics/ywHhBnSObR/cve-2024-24578'],
-          ['URL', 'https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h']
+          ['GHSA', 'q967-q4j8-637h']
         ],
         'DisclosureDate' => '2024-03-16',
         'Platform' => ['unix', 'linux'],
diff --git a/modules/exploits/linux/http/roxy_wi_exec.rb b/modules/exploits/linux/http/roxy_wi_exec.rb
@@ -28,7 +28,7 @@ def initialize(info = {})
         ],
         'References' => [
           ['URL', 'https://pentest.blog/advisory-roxywi-unauthenticated-remote-code-execution-cve-2022-3113/'], # Advisory
-          ['URL', 'https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-53r2-mq99-f532'], # Additional Information
+          ['GHSA', '53r2-mq99-f532'], # Additional Information
           ['URL', 'https://github.com/hap-wi/roxy-wi/commit/82666df1e60c45dd6aa533b01a392f015d32f755'], # Patch
           ['CVE', '2022-31137']
         ],
diff --git a/modules/exploits/linux/http/sourcegraph_gitserver_sshcmd.rb b/modules/exploits/linux/http/sourcegraph_gitserver_sshcmd.rb
@@ -29,7 +29,7 @@ def initialize(info = {})
         ],
         'References' => [
           ['CVE', '2022-23642'],
-          ['URL', 'http://web.archive.org/web/20230705082819/https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-qcmp-fx72-q8q9'],
+          ['GHSA', 'qcmp-fx72-q8q9'],
           ['URL', 'https://github.com/Altelus1/CVE-2022-23642'],
         ],
         'DisclosureDate' => '2022-02-18', # Public disclosure
diff --git a/modules/exploits/linux/http/traccar_rce_upload.rb b/modules/exploits/linux/http/traccar_rce_upload.rb
@@ -22,8 +22,8 @@ def initialize(info = {})
           'Naveen Sunkavally' # Discovery CVE-2024-31214 and PoC
         ],
         'References' => [
-          [ 'URL', 'https://github.com/traccar/traccar/security/advisories/GHSA-vhrw-72f6-gwp5'],
-          [ 'URL', 'https://github.com/traccar/traccar/security/advisories/GHSA-3gxq-f2qj-c8v9'],
+          [ 'GHSA', 'vhrw-72f6-gwp5' ],
+          [ 'GHSA', '3gxq-f2qj-c8v9' ],
           [ 'URL', 'https://www.horizon3.ai/attack-research/disclosures/traccar-5-remote-code-execution-vulnerabilities/'],
           [ 'CVE', '2024-31214'],
           [ 'CVE', '2024-24809']
diff --git a/modules/exploits/linux/http/wazuh_auth_rce_cve_2025_24016.rb b/modules/exploits/linux/http/wazuh_auth_rce_cve_2025_24016.rb
@@ -30,7 +30,7 @@ def initialize(info = {})
         ],
         'References' => [
           ['CVE', '2025-24016'],
-          ['URL', 'https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh'],
+          ['GHSA', 'hcrc-79hj-m3qh'],
           ['URL', 'https://attackerkb.com/topics/piW0q4r5Uy/cve-2025-24016']
         ],
         'License' => MSF_LICENSE,
diff --git a/modules/exploits/linux/local/ndsudo_cve_2024_32019.rb b/modules/exploits/linux/local/ndsudo_cve_2024_32019.rb
@@ -32,7 +32,7 @@ def initialize(info = {})
         'Targets' => [[ 'Auto', {} ]],
         'Privileged' => true,
         'References' => [
-          [ 'URL', 'https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93'],
+          [ 'GHSA', 'pmhq-4cxq-wj93' ],
           [ 'CVE', '2024-32019']
         ],
         'DisclosureDate' => '2024-04-12',
diff --git a/modules/exploits/linux/local/pihole_remove_commands_lpe.rb b/modules/exploits/linux/local/pihole_remove_commands_lpe.rb
@@ -42,7 +42,7 @@ def initialize(info = {})
         },
         'Privileged' => true,
         'References' => [
-          [ 'URL', 'https://github.com/pi-hole/pi-hole/security/advisories/GHSA-3597-244c-wrpj' ],
+          [ 'GHSA', '3597-244c-wrpj' ],
           [ 'URL', 'https://www.compass-security.com/fileadmin/Research/Advisories/2021-02_CSNC-2021-008_Pi-hole_Privilege_Escalation.txt' ],
           [ 'CVE', '2021-29449' ]
         ],
diff --git a/modules/exploits/linux/local/runc_cwd_priv_esc.rb b/modules/exploits/linux/local/runc_cwd_priv_esc.rb
@@ -42,7 +42,7 @@ def initialize(info = {})
         'Privileged' => true,
         'References' => [
           [ 'URL', 'https://snyk.io/blog/cve-2024-21626-runc-process-cwd-container-breakout/'],
-          [ 'URL', 'https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv'],
+          [ 'GHSA', 'xr7r-f8xq-vfvv' ],
           [ 'URL', 'https://security-tracker.debian.org/tracker/CVE-2024-21626'],
           [ 'URL', 'http://web.archive.org/web/20241006225740/https://ubuntu.com/security/CVE-2024-21626'],
           [ 'CVE', '2024-21626']
diff --git a/modules/exploits/linux/misc/asterisk_ami_originate_auth_rce.rb b/modules/exploits/linux/misc/asterisk_ami_originate_auth_rce.rb
@@ -29,7 +29,7 @@ def initialize(info = {})
           'NielsGaljaard' # discovery
         ],
         'References' => [
-          ['URL', 'https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44'],
+          ['GHSA', 'c4cg-9275-6w44'],
           ['CVE', '2024-42365']
         ],
         'Platform' => 'unix',
diff --git a/modules/exploits/multi/http/cacti_package_import_rce.rb b/modules/exploits/multi/http/cacti_package_import_rce.rb
@@ -36,7 +36,7 @@ def initialize(info = {})
         ],
         'References' => [
           [ 'URL', 'https://karmainsecurity.com/KIS-2024-04'],
-          [ 'URL', 'https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88'],
+          [ 'GHSA', '7cmj-g5qc-pj88' ],
           [ 'CVE', '2024-25641']
         ],
         'Platform' => ['unix linux win'],
diff --git a/modules/exploits/multi/http/cacti_pollers_sqli_rce.rb b/modules/exploits/multi/http/cacti_pollers_sqli_rce.rb
@@ -38,8 +38,8 @@ def initialize(info = {})
           'Christophe De La Fuente' # Metasploit module
         ],
         'References' => [
-          [ 'URL', 'https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855'], # SQLi
-          [ 'URL', 'https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp'], # LFI (RCE)
+          [ 'GHSA', 'vr3c-38wh-g855' ], # SQLi
+          [ 'GHSA', 'pfh9-gwm6-86vp' ], # LFI (RCE)
           [ 'CVE', '2023-49085'], # SQLi
           [ 'CVE', '2023-49084'] # LFI (RCE)
         ],
diff --git a/modules/exploits/multi/http/geoserver_unauth_rce_cve_2024_36401.rb b/modules/exploits/multi/http/geoserver_unauth_rce_cve_2024_36401.rb
@@ -35,7 +35,7 @@ def initialize(info = {})
         ],
         'References' => [
           ['CVE', '2024-36401'],
-          ['URL', 'https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv'],
+          ['GHSA', '6jj6-gm7p-fcvv'],
           ['URL', 'https://github.com/vulhub/vulhub/tree/master/geoserver/CVE-2024-36401'],
           ['URL', 'https://attackerkb.com/topics/W6IDY2mmp9/cve-2024-36401'],
           ['URL', 'https://github.com/Chocapikk/CVE-2024-36401']
diff --git a/modules/exploits/multi/http/mybb_rce_cve_2022_24734.rb b/modules/exploits/multi/http/mybb_rce_cve_2022_24734.rb
@@ -38,7 +38,7 @@ def initialize(info = {})
           'Christophe De La Fuente' # MSF module
         ],
         'References' => [
-          [ 'URL', 'https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f'],
+          [ 'GHSA', '876v-gwgh-w57f' ],
           [ 'URL', 'https://www.zerodayinitiative.com/advisories/ZDI-22-503/'],
           [ 'URL', 'https://github.com/Altelus1/CVE-2022-24734'],
           [ 'CVE', '2022-24734']
diff --git a/modules/exploits/multi/http/openfire_auth_bypass_rce_cve_2023_32315.rb b/modules/exploits/multi/http/openfire_auth_bypass_rce_cve_2023_32315.rb
@@ -35,7 +35,7 @@ def initialize(info = {})
           ['CVE', '2023-32315'],
           ['URL', 'https://attackerkb.com/topics/7Tf5YGY3oT/cve-2023-32315'],
           ['URL', 'https://github.com/miko550/CVE-2023-32315'],
-          ['URL', 'https://github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvm']
+          ['GHSA', 'gw42-f939-fhvm']
         ],
         'License' => MSF_LICENSE,
         'Platform' => [ 'java' ],
diff --git a/modules/exploits/multi/http/subrion_cms_file_upload_rce.rb b/modules/exploits/multi/http/subrion_cms_file_upload_rce.rb
@@ -37,7 +37,7 @@ def initialize(info = {})
           [ 'CVE', '2018-19422' ],
           [ 'URL', 'https://github.com/intelliants/subrion/issues/801' ],
           [ 'URL', 'https://github.com/intelliants/subrion/issues/840' ],
-          [ 'URL', 'https://github.com/advisories/GHSA-73xj-v6gc-g5p5' ]
+          [ 'GHSA', '73xj-v6gc-g5p5' ]
         ],
         'Platform' => 'php',
         'Arch' => ARCH_PHP,
diff --git a/modules/exploits/multi/http/torchserver_cve_2023_43654.rb b/modules/exploits/multi/http/torchserver_cve_2023_43654.rb
@@ -34,9 +34,9 @@ def initialize(_info = {})
       'References' => [
         [ 'URL', 'https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654' ],
         [ 'CVE', '2023-43654' ], # model registration SSRF
-        [ 'URL', 'https://github.com/pytorch/serve/security/advisories/GHSA-8fxr-qfr9-p34w' ],
+        [ 'GHSA', '8fxr-qfr9-p34w' ],
         [ 'CVE', '2022-1471' ], # snakeyaml deserialization RCE
-        [ 'URL', 'https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2' ],
+        [ 'GHSA', 'mjmj-j48q-9wg2' ],
         [ 'URL', 'https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in' ],
         [ 'URL', 'https://swapneildash.medium.com/snakeyaml-deserilization-exploited-b4a2c5ac0858' ]
       ],
diff --git a/modules/exploits/multi/http/xwiki_unauth_rce_cve_2025_24893.rb b/modules/exploits/multi/http/xwiki_unauth_rce_cve_2025_24893.rb
@@ -32,7 +32,7 @@ def initialize(info = {})
         ],
         'References' => [
           ['CVE', '2025-24893'],
-          ['URL', 'https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j']
+          ['GHSA', 'rr6p-3pfg-562j']
         ],
         'Platform' => ['unix', 'linux', 'win'],
         'Arch' => [ARCH_CMD],
diff --git a/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb b/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb
@@ -134,13 +134,13 @@ def initialize(info = {})
           # The public exploit this module was inspired by
           ['URL', 'https://github.com/RickdeJager/cupshax'],
           # The cups-browsed GitHub security advisory
-          ['URL', 'https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8'],
+          ['GHSA', 'rj88-6mr5-rcw8'],
           # The libcupsfilters GitHub security advisory
-          ['URL', 'https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5'],
+          ['GHSA', 'w63j-6g73-wmg5'],
           # The libppd GitHub security advisory
-          ['URL', 'https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6'],
+          ['GHSA', '7xfx-47qg-grp6'],
           # The cups-filters GitHub security advisory
-          ['URL', 'https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47'],
+          ['GHSA', 'p9rh-jxmq-gq47'],
           # The IPP server implementation this module is based on
           ['URL', 'https://github.com/h2g2bob/ipp-server/']
         ],
diff --git a/modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb b/modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb
@@ -31,7 +31,7 @@ def initialize(info = {})
           'Zemnmez'
         ],
         'References' => [
-          ['URL', 'https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m'],
+          ['GHSA', 'pw56-c55x-cm9m'],
           ['CVE', '2022-41034'],
           ['URL', 'https://github.com/andyhsu024/CVE-2022-41034']
         ],
diff --git a/modules/exploits/unix/http/raspap_rce.rb b/modules/exploits/unix/http/raspap_rce.rb
@@ -32,7 +32,7 @@ def initialize(info = {})
         'References' => [
           ['CVE', '2022-39986'],
           ['URL', 'https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2'],
-          ['URL', 'https://github.com/advisories/GHSA-7c28-wg7r-pg6f']
+          ['GHSA', '7c28-wg7r-pg6f']
         ],
         'Platform' => ['unix', 'linux'],
         'Privileged' => false,
diff --git a/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb b/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb
@@ -30,7 +30,7 @@ def initialize(info = {})
           'whotwagner'    # Metasploit Module
         ],
         'References' => [
-          ['URL', 'https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj'],
+          ['GHSA', 'h3c9-cmh8-7qpj'],
           ['CVE', '2023-26482']
         ],
         'Platform' => %w[linux unix],
diff --git a/modules/exploits/unix/webapp/zoneminder_snapshots.rb b/modules/exploits/unix/webapp/zoneminder_snapshots.rb
@@ -29,7 +29,7 @@ def initialize(info = {})
         ],
         'References' => [
           [ 'CVE', '2023-26035' ],
-          [ 'URL', 'https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr']
+          [ 'GHSA', '72rg-h4vf-29gr' ]
         ],
         'Privileged' => false,
         'Platform' => ['linux', 'unix'],
diff --git a/modules/post/linux/gather/rancher_audit_log_leak.rb b/modules/post/linux/gather/rancher_audit_log_leak.rb
@@ -27,7 +27,7 @@ def initialize(info = {})
         'Platform' => ['linux', 'unix'],
         'SessionTypes' => ['shell', 'meterpreter'],
         'References' => [
-          [ 'URL', 'https://github.com/rancher/rancher/security/advisories/GHSA-xfj7-qf8w-2gcr'],
+          [ 'GHSA', 'xfj7-qf8w-2gcr' ],
           [ 'URL', 'https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#api-audit-log-options'],
           [ 'CVE', '2023-22649']
         ],
