Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 3cbb7e8bd10c · 2026-03-13T03:32:31.000Z
GHSA-5vfc-ccj9-49j9 GHSA-9g4r-rvq7-7xrq GHSA-mj9m-c5pr-rxw7
diff --git a/advisories/unreviewed/2026/03/GHSA-5vfc-ccj9-49j9/GHSA-5vfc-ccj9-49j9.json b/advisories/unreviewed/2026/03/GHSA-5vfc-ccj9-49j9/GHSA-5vfc-ccj9-49j9.json
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5vfc-ccj9-49j9",
-  "modified": "2026-03-05T00:31:11Z",
+  "modified": "2026-03-13T03:30:30Z",
   "published": "2026-03-05T00:31:11Z",
   "aliases": [
     "CVE-2026-22052"
   ],
   "details": "ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
diff --git a/advisories/unreviewed/2026/03/GHSA-9g4r-rvq7-7xrq/GHSA-9g4r-rvq7-7xrq.json b/advisories/unreviewed/2026/03/GHSA-9g4r-rvq7-7xrq/GHSA-9g4r-rvq7-7xrq.json
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9g4r-rvq7-7xrq",
-  "modified": "2026-03-05T12:30:30Z",
+  "modified": "2026-03-13T03:30:30Z",
   "published": "2026-03-05T12:30:30Z",
   "aliases": [
     "CVE-2026-21628"
   ],
   "details": "A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X"
diff --git a/advisories/unreviewed/2026/03/GHSA-mj9m-c5pr-rxw7/GHSA-mj9m-c5pr-rxw7.json b/advisories/unreviewed/2026/03/GHSA-mj9m-c5pr-rxw7/GHSA-mj9m-c5pr-rxw7.json
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mj9m-c5pr-rxw7",
-  "modified": "2026-03-05T12:30:30Z",
+  "modified": "2026-03-13T03:30:31Z",
   "published": "2026-03-05T12:30:30Z",
   "aliases": [
     "CVE-2026-3236"
   ],
   "details": "In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
