Publish Advisories

GHSA-2xxx-fhc8-9qvq
GHSA-4r2f-6fm9-2qgh
GHSA-hv5g-q4h3-64q4

Author: advisory-database[bot]

advisories/github-reviewed/2022/04/GHSA-2xxx-fhc8-9qvq/GHSA-2xxx-fhc8-9qvq.json

@@ -1,12 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2xxx-fhc8-9qvq",
-  "modified": "2022-04-12T19:42:45Z",
+  "modified": "2026-01-22T20:38:59Z",
   "published": "2022-04-12T19:42:45Z",
-  "aliases": [],
-  "summary": "Missing `is_nil` requirement",
+  "aliases": [
+    "CVE-2017-20166"
+  ],
+  "summary": "Ecto missing `is_nil` requirement",
   "details": "Ecto will not raise on queries with non-explicit nil comparisons (ie if they aren't checked with `is_nil`).",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -32,6 +39,10 @@
     }
   ],
   "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20166"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/elixir-ecto/ecto/pull/2125"
@@ -51,7 +62,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": "MODERATE",
+    "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2022-04-12T19:42:45Z",
     "nvd_published_at": null

advisories/github-reviewed/2023/01/GHSA-4r2f-6fm9-2qgh/GHSA-4r2f-6fm9-2qgh.json

@@ -1,13 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4r2f-6fm9-2qgh",
-  "modified": "2023-01-13T19:21:37Z",
+  "modified": "2026-01-22T20:38:52Z",
   "published": "2023-01-10T06:30:25Z",
-  "aliases": [
-    "CVE-2017-20166"
-  ],
-  "summary": "Ecto lacks a protection mechanism",
-  "details": "Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between `is_nil` and `raise`.",
+  "withdrawn": "2026-01-22T20:38:52Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: Ecto lacks a protection mechanism",
+  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2xxx-fhc8-9qvq. This link is maintained to preserve external references.\n\n## Original Description\nEcto 2.2.0 lacks a certain protection mechanism associated with the interaction between `is_nil` and `raise`.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2024/01/GHSA-hv5g-q4h3-64q4/GHSA-hv5g-q4h3-64q4.json

@@ -1,13 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hv5g-q4h3-64q4",
-  "modified": "2024-01-26T19:58:39Z",
+  "modified": "2026-01-22T20:39:58Z",
   "published": "2024-01-19T21:30:37Z",
-  "aliases": [
-    "CVE-2024-23685"
-  ],
-  "summary": "Hard-coded credentials in org.folio:mod-remote-storage",
-  "details": "Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types.\n\n\n",
+  "withdrawn": "2026-01-22T20:39:58Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: Hard-coded credentials in org.folio:mod-remote-storage",
+  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m8v7-469p-5x89. This link is maintained to preserve external references.\n\n## Original Description\nHard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types.",
   "severity": [
     {
       "type": "CVSS_V3",