Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 2f48f50e53fb · 2026-03-20T21:25:56.000Z
GHSA-3xm7-qw7j-qc8v GHSA-4663-4mpg-879v GHSA-5rvc-5cwx-g5x8 GHSA-7g27-v5wj-jr75 GHSA-8qvf-mr4w-9x2c GHSA-958m-gxmc-mccm GHSA-gjgx-rvqr-6w6v GHSA-hh8v-hgvp-g3f5 GHSA-mmgp-wc2j-qcv7 GHSA-mvpm-v6q4-m2pf GHSA-p9hg-pq3q-v9gv GHSA-vv3x-j2x5-36jc
diff --git a/advisories/github-reviewed/2026/03/GHSA-3xm7-qw7j-qc8v/GHSA-3xm7-qw7j-qc8v.json b/advisories/github-reviewed/2026/03/GHSA-3xm7-qw7j-qc8v/GHSA-3xm7-qw7j-qc8v.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3xm7-qw7j-qc8v",
-  "modified": "2026-03-18T12:59:42Z",
+  "modified": "2026-03-20T21:23:29Z",
   "published": "2026-03-18T12:59:42Z",
   "aliases": [
     "CVE-2026-33060"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/ondata/ckan-mcp-server/security/advisories/GHSA-3xm7-qw7j-qc8v"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33060"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/kysely-org/kysely/commit/0a602bff2f442f6c26d5e047ca8f8715179f6d24"
@@ -56,6 +60,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-18T12:59:42Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T08:16:11Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-4663-4mpg-879v/GHSA-4663-4mpg-879v.json b/advisories/github-reviewed/2026/03/GHSA-4663-4mpg-879v/GHSA-4663-4mpg-879v.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4663-4mpg-879v",
-  "modified": "2026-03-18T16:09:24Z",
+  "modified": "2026-03-20T21:23:36Z",
   "published": "2026-03-18T16:09:24Z",
   "aliases": [
     "CVE-2026-33066"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4663-4mpg-879v"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33066"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428"
@@ -56,6 +60,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-18T16:09:24Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T09:16:14Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-5rvc-5cwx-g5x8/GHSA-5rvc-5cwx-g5x8.json b/advisories/github-reviewed/2026/03/GHSA-5rvc-5cwx-g5x8/GHSA-5rvc-5cwx-g5x8.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5rvc-5cwx-g5x8",
-  "modified": "2026-03-18T20:11:27Z",
+  "modified": "2026-03-20T21:24:36Z",
   "published": "2026-03-18T20:11:27Z",
   "aliases": [
     "CVE-2026-33192"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-5rvc-5cwx-g5x8"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33192"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/free5gc/free5gc/issues/784"
@@ -60,6 +64,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-18T20:11:27Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T09:16:16Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-7g27-v5wj-jr75/GHSA-7g27-v5wj-jr75.json b/advisories/github-reviewed/2026/03/GHSA-7g27-v5wj-jr75/GHSA-7g27-v5wj-jr75.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7g27-v5wj-jr75",
-  "modified": "2026-03-18T20:06:36Z",
+  "modified": "2026-03-20T21:24:03Z",
   "published": "2026-03-18T20:06:36Z",
   "aliases": [
     "CVE-2026-33064"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-7g27-v5wj-jr75"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33064"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/free5gc/free5gc/issues/781"
@@ -59,11 +63,12 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-476"
+      "CWE-476",
+      "CWE-478"
     ],
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-18T20:06:36Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T08:16:12Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-8qvf-mr4w-9x2c/GHSA-8qvf-mr4w-9x2c.json b/advisories/github-reviewed/2026/03/GHSA-8qvf-mr4w-9x2c/GHSA-8qvf-mr4w-9x2c.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8qvf-mr4w-9x2c",
-  "modified": "2026-03-18T20:01:21Z",
+  "modified": "2026-03-20T21:23:22Z",
   "published": "2026-03-18T20:01:21Z",
   "aliases": [
     "CVE-2026-33054"
@@ -43,9 +43,21 @@
       "type": "WEB",
       "url": "https://github.com/mesop-dev/mesop/security/advisories/GHSA-8qvf-mr4w-9x2c"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33054"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mesop-dev/mesop/commit/c6b382f363b73ac32c402a2db3aadc7784f66a5b"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/mesop-dev/mesop"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mesop-dev/mesop/releases/tag/v1.2.3"
     }
   ],
   "database_specific": {
@@ -55,6 +67,6 @@
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-18T20:01:21Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T07:16:13Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-958m-gxmc-mccm/GHSA-958m-gxmc-mccm.json b/advisories/github-reviewed/2026/03/GHSA-958m-gxmc-mccm/GHSA-958m-gxmc-mccm.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-958m-gxmc-mccm",
-  "modified": "2026-03-18T20:07:17Z",
+  "modified": "2026-03-20T21:24:12Z",
   "published": "2026-03-18T20:07:17Z",
   "aliases": [
     "CVE-2026-33065"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-958m-gxmc-mccm"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33065"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/free5gc/free5gc/issues/783"
@@ -64,6 +68,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-18T20:07:17Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T08:16:12Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-gjgx-rvqr-6w6v/GHSA-gjgx-rvqr-6w6v.json b/advisories/github-reviewed/2026/03/GHSA-gjgx-rvqr-6w6v/GHSA-gjgx-rvqr-6w6v.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gjgx-rvqr-6w6v",
-  "modified": "2026-03-18T20:05:00Z",
+  "modified": "2026-03-20T21:23:51Z",
   "published": "2026-03-18T20:05:00Z",
   "aliases": [
     "CVE-2026-33057"
@@ -43,6 +43,14 @@
       "type": "WEB",
       "url": "https://github.com/mesop-dev/mesop/security/advisories/GHSA-gjgx-rvqr-6w6v"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33057"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mesop-dev/mesop/commit/825f55970c20686de3f28e2c66df4d74e9d4db47"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/mesop-dev/mesop"
@@ -55,6 +63,6 @@
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-18T20:05:00Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T08:16:11Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-hh8v-hgvp-g3f5/GHSA-hh8v-hgvp-g3f5.json b/advisories/github-reviewed/2026/03/GHSA-hh8v-hgvp-g3f5/GHSA-hh8v-hgvp-g3f5.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hh8v-hgvp-g3f5",
-  "modified": "2026-03-19T19:04:24Z",
+  "modified": "2026-03-20T21:25:29Z",
   "published": "2026-03-19T19:04:24Z",
   "aliases": [
     "CVE-2026-33347"
   ],
   "summary": "league/commonmark has an embed extension allowed_domains bypass",
-  "details": "### Impact\n\nThe `DomainFilteringAdapter` in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like `youtube.com.evil` passes the allowlist check when `youtube.com` is an allowed domain.\n\nThis enables two attack vectors:\n\n- **SSRF**: The `OscaroteroEmbedAdapter` makes server-side HTTP requests to the embed URL via the `embed/embed` library. A bypassed domain filter causes the server to make outbound requests to an attacker-controlled host, potentially probing internal services or exfiltrating request metadata.\n- **XSS**: `EmbedRenderer` outputs the oEmbed response HTML directly into the page with no sanitization. An attacker controlling the bypassed domain can return arbitrary HTML/JavaScript in their oEmbed response, which is rendered verbatim.\n\nAny application using the `Embed` extension and relying on `allowed_domains` to restrict domains when processing untrusted Markdown input is affected.\n\n### Patches\n\nThis has been patched in version **2.8.2**. The fix replaces the regex-based domain check with explicit hostname parsing using `parse_url()`, ensuring exact domain and subdomain matching only.\n\n### Workarounds\n\n- Disable the `Embed` extension, or restrict its use to trusted users\n- Provide your own domain-filtering implementation of `EmbedAdapterInterface`\n- Enable a [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) and outbound firewall restrictions",
+  "details": "### Impact\n\nThe `DomainFilteringAdapter` in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like `youtube.com.evil` passes the allowlist check when `youtube.com` is an allowed domain.\n\nThis enables two attack vectors:\n\n- **SSRF**: The `OscaroteroEmbedAdapter` makes server-side HTTP requests to the embed URL via the `embed/embed` library. A bypassed domain filter causes the server to make outbound requests to an attacker-controlled host, potentially probing internal services or exfiltrating request metadata.\n- **XSS**: `EmbedRenderer` outputs the oEmbed response HTML directly into the page with no sanitization. An attacker controlling the bypassed domain can return arbitrary HTML/JavaScript in their oEmbed response, which is rendered verbatim.\n\nAny application using the `Embed` extension and relying on `allowed_domains` to restrict domains when processing untrusted Markdown input is affected.\n\n### Patches\n\nThis has been patched in version **2.8.2**. The fix replaces the regex-based domain check with explicit hostname parsing using `parse_url()`, ensuring exact domain and subdomain matching only.\n\n### Workarounds\n\n- Disable the `Embed` extension, or restrict its use to trusted users\n- Provide your own domain-filtering implementation of `EmbedAdapterInterface`\n- Enable a [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) and outbound firewall restrictions\n\n### References\n\n- https://commonmark.thephpleague.com/2.x/extensions/embed/#configuration",
   "severity": [
     {
       "type": "CVSS_V4",
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "2.3.0"
             },
             {
               "fixed": "2.8.2"
diff --git a/advisories/github-reviewed/2026/03/GHSA-mmgp-wc2j-qcv7/GHSA-mmgp-wc2j-qcv7.json b/advisories/github-reviewed/2026/03/GHSA-mmgp-wc2j-qcv7/GHSA-mmgp-wc2j-qcv7.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mmgp-wc2j-qcv7",
-  "modified": "2026-03-19T12:42:10Z",
+  "modified": "2026-03-20T21:24:19Z",
   "published": "2026-03-19T12:42:09Z",
   "aliases": [
     "CVE-2026-33068"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/anthropics/claude-code/security/advisories/GHSA-mmgp-wc2j-qcv7"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33068"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/anthropics/claude-code"
@@ -52,6 +56,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-19T12:42:09Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T09:16:15Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-mvpm-v6q4-m2pf/GHSA-mvpm-v6q4-m2pf.json b/advisories/github-reviewed/2026/03/GHSA-mvpm-v6q4-m2pf/GHSA-mvpm-v6q4-m2pf.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mvpm-v6q4-m2pf",
-  "modified": "2026-03-18T16:09:34Z",
+  "modified": "2026-03-20T21:23:43Z",
   "published": "2026-03-18T16:09:34Z",
   "aliases": [
     "CVE-2026-33067"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-mvpm-v6q4-m2pf"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33067"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/siyuan-note/siyuan"
@@ -52,6 +56,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-18T16:09:34Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T09:16:14Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-p9hg-pq3q-v9gv/GHSA-p9hg-pq3q-v9gv.json b/advisories/github-reviewed/2026/03/GHSA-p9hg-pq3q-v9gv/GHSA-p9hg-pq3q-v9gv.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p9hg-pq3q-v9gv",
-  "modified": "2026-03-18T20:11:15Z",
+  "modified": "2026-03-20T21:24:27Z",
   "published": "2026-03-18T20:11:15Z",
   "aliases": [
     "CVE-2026-33191"
@@ -40,10 +40,18 @@
       "type": "WEB",
       "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-p9hg-pq3q-v9gv"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33191"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/free5gc/udm/pull/79"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/free5gc/udm/commit/88de9fa74a1b3f3522e53b4cfa2d184712ffa4ee"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/free5gc/udm"
@@ -57,6 +65,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-18T20:11:15Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T08:16:12Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-vv3x-j2x5-36jc/GHSA-vv3x-j2x5-36jc.json b/advisories/github-reviewed/2026/03/GHSA-vv3x-j2x5-36jc/GHSA-vv3x-j2x5-36jc.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vv3x-j2x5-36jc",
-  "modified": "2026-03-18T20:07:25Z",
+  "modified": "2026-03-20T21:24:44Z",
   "published": "2026-03-18T20:07:24Z",
   "aliases": [
     "CVE-2026-33080"
@@ -59,9 +59,25 @@
       "type": "WEB",
       "url": "https://github.com/filamentphp/filament/security/advisories/GHSA-vv3x-j2x5-36jc"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33080"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/filamentphp/filament/commit/efa041aeeb4b1a99acd48aaa05584993c926d1ed"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/filamentphp/filament"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/filamentphp/filament/releases/tag/v4.8.5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/filamentphp/filament/releases/tag/v5.3.5"
     }
   ],
   "database_specific": {
@@ -72,6 +88,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-18T20:07:24Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-20T09:16:16Z"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,13 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-hh8v-hgvp-g3f5",`
`4`		`- "modified": "2026-03-19T19:04:24Z",`
	`4`	`+ "modified": "2026-03-20T21:25:29Z",`
`5`	`5`	`"published": "2026-03-19T19:04:24Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2026-33347"`
`8`	`8`	`],`
`9`	`9`	`"summary": "league/commonmark has an embed extension allowed_domains bypass",`
`10`		- "details": "### Impact\n\nThe `DomainFilteringAdapter` in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like `youtube.com.evil` passes the allowlist check when `youtube.com` is an allowed domain.\n\nThis enables two attack vectors:\n\n- SSRF: The `OscaroteroEmbedAdapter` makes server-side HTTP requests to the embed URL via the `embed/embed` library. A bypassed domain filter causes the server to make outbound requests to an attacker-controlled host, potentially probing internal services or exfiltrating request metadata.\n- XSS: `EmbedRenderer` outputs the oEmbed response HTML directly into the page with no sanitization. An attacker controlling the bypassed domain can return arbitrary HTML/JavaScript in their oEmbed response, which is rendered verbatim.\n\nAny application using the `Embed` extension and relying on `allowed_domains` to restrict domains when processing untrusted Markdown input is affected.\n\n### Patches\n\nThis has been patched in version 2.8.2. The fix replaces the regex-based domain check with explicit hostname parsing using `parse_url()`, ensuring exact domain and subdomain matching only.\n\n### Workarounds\n\n- Disable the `Embed` extension, or restrict its use to trusted users\n- Provide your own domain-filtering implementation of `EmbedAdapterInterface`\n- Enable a [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) and outbound firewall restrictions",
	`10`	+ "details": "### Impact\n\nThe `DomainFilteringAdapter` in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like `youtube.com.evil` passes the allowlist check when `youtube.com` is an allowed domain.\n\nThis enables two attack vectors:\n\n- SSRF: The `OscaroteroEmbedAdapter` makes server-side HTTP requests to the embed URL via the `embed/embed` library. A bypassed domain filter causes the server to make outbound requests to an attacker-controlled host, potentially probing internal services or exfiltrating request metadata.\n- XSS: `EmbedRenderer` outputs the oEmbed response HTML directly into the page with no sanitization. An attacker controlling the bypassed domain can return arbitrary HTML/JavaScript in their oEmbed response, which is rendered verbatim.\n\nAny application using the `Embed` extension and relying on `allowed_domains` to restrict domains when processing untrusted Markdown input is affected.\n\n### Patches\n\nThis has been patched in version 2.8.2. The fix replaces the regex-based domain check with explicit hostname parsing using `parse_url()`, ensuring exact domain and subdomain matching only.\n\n### Workarounds\n\n- Disable the `Embed` extension, or restrict its use to trusted users\n- Provide your own domain-filtering implementation of `EmbedAdapterInterface`\n- Enable a [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) and outbound firewall restrictions\n\n### References\n\n- https://commonmark.thephpleague.com/2.x/extensions/embed/#configuration",
`11`	`11`	`"severity": [`
`12`	`12`	`{`
`13`	`13`	`"type": "CVSS_V4",`
`@@ -25,7 +25,7 @@`
`25`	`25`	`"type": "ECOSYSTEM",`
`26`	`26`	`"events": [`
`27`	`27`	`{`
`28`		`- "introduced": "0"`
	`28`	`+ "introduced": "2.3.0"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`	`31`	`"fixed": "2.8.2"`