diff --git a/advisories/github-reviewed/2024/06/GHSA-fwhr-88qx-h9g7/GHSA-fwhr-88qx-h9g7.json b/advisories/github-reviewed/2024/06/GHSA-fwhr-88qx-h9g7/GHSA-fwhr-88qx-h9g7.json
new file mode 100644
index 0000000000000..c30ea59986e8d
--- /dev/null
+++ b/advisories/github-reviewed/2024/06/GHSA-fwhr-88qx-h9g7/GHSA-fwhr-88qx-h9g7.json
@@ -0,0 +1,125 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fwhr-88qx-h9g7",
+  "modified": "2024-06-04T22:26:24Z",
+  "published": "2024-06-04T22:26:24Z",
+  "aliases": [
+    "CVE-2024-28103"
+  ],
+  "summary": "Missing security headers in Action Pack on non-HTML responses",
+  "details": "# Permissions-Policy is Only Served on HTML Content-Type\n\nThe application configurable Permissions-Policy is only served on responses\nwith an HTML related Content-Type.\n\nThis has been assigned the CVE identifier CVE-2024-28103.\n\n\nVersions Affected:  >= 6.1.0\nNot affected:       < 6.1.0\nFixed Versions:     6.1.7.8, 7.0.8.4, and 7.1.3.4\n\nImpact\n------\nResponses with a non-HTML Content-Type are not serving the configured Permissions-Policy. There are certain non-HTML Content-Types that would benefit from having the Permissions-Policy enforced.\n\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nN/A\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe supported release series in accordance with our \n[maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues)\nregarding security issues. They are in git-am format and consist of a\nsingle changeset.\n\n* 6-1-include-permissions-policy-header-on-non-html.patch - Patch for 6.1 series\n* 7-0-include-permissions-policy-header-on-non-html.patch - Patch for 7.0 series\n* 7-1-include-permissions-policy-header-on-non-html.patch - Patch for 7.1 series\n\n\n\nCredits\n-------\n\nThank you [shinkbr](https://hackerone.com/shinkbr) for reporting this!",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "RubyGems",
+        "name": "actionpack"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "6.1.0"
+            },
+            {
+              "fixed": "6.1.7.8"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "RubyGems",
+        "name": "actionpack"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "7.0.0"
+            },
+            {
+              "fixed": "7.0.8.4"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "RubyGems",
+        "name": "actionpack"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "7.1.0"
+            },
+            {
+              "fixed": "7.1.3.4"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "RubyGems",
+        "name": "actionpack"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "7.2.0.beta1"
+            },
+            {
+              "fixed": "7.2.0.beta2"
+            }
+          ]
+        }
+      ],
+      "versions": [
+        "7.2.0.beta1"
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28103"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/rails/rails"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2024-06-04T22:26:24Z",
+    "nvd_published_at": "2024-06-04T20:15:10Z"
+  }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2024/06/GHSA-prjp-h48f-jgf6/GHSA-prjp-h48f-jgf6.json b/advisories/github-reviewed/2024/06/GHSA-prjp-h48f-jgf6/GHSA-prjp-h48f-jgf6.json
new file mode 100644
index 0000000000000..04e111b569d23
--- /dev/null
+++ b/advisories/github-reviewed/2024/06/GHSA-prjp-h48f-jgf6/GHSA-prjp-h48f-jgf6.json
@@ -0,0 +1,87 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-prjp-h48f-jgf6",
+  "modified": "2024-06-04T22:26:22Z",
+  "published": "2024-06-04T22:26:22Z",
+  "aliases": [
+    "CVE-2024-32464"
+  ],
+  "summary": "ActionText ContentAttachment can Contain Unsanitized HTML",
+  "details": "Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML.\n\nThis has been assigned the CVE identifier CVE-2024-32464.\n\n\nVersions Affected:  >= 7.1.0\nNot affected:       < 7.1.0\nFixed Versions:     7.1.3.4\n\nImpact\n------\nThis could lead to a potential cross site scripting issue within the Trix editor.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nN/A\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our [maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues) regarding security issues. They are in git-am format and consist of a single changeset.\n\n* action_text_content_attachment_xss_7_1_stable.patch - Patch for 7.1 series\n\n\n\nCredits\n-------\n\nThank you [ooooooo_q](https://hackerone.com/ooooooo_q) for reporting this!",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "RubyGems",
+        "name": "actiontext"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "7.1.0"
+            },
+            {
+              "fixed": "7.1.3.4"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "RubyGems",
+        "name": "actiontext"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "7.2.0.beta1"
+            },
+            {
+              "fixed": "7.2.0.beta2"
+            }
+          ]
+        }
+      ],
+      "versions": [
+        "7.2.0.beta1"
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32464"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/rails/rails"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2024-06-04T22:26:22Z",
+    "nvd_published_at": "2024-06-04T20:15:11Z"
+  }
+}
\ No newline at end of file