github
diff --git a/‎…-577h-p2hh-v4mv/GHSA-577h-p2hh-v4mv.json‎ ‎…-577h-p2hh-v4mv/GHSA-577h-p2hh-v4mv.json‎advisories/unreviewed/2025/12/GHSA-577h-p2hh-v4mv/GHSA-577h-p2hh-v4mv.json renamed to advisories/github-reviewed/2025/12/GHSA-577h-p2hh-v4mv/GHSA-577h-p2hh-v4mv.json
Lines changed: 42 additions & 5 deletions b/‎…-577h-p2hh-v4mv/GHSA-577h-p2hh-v4mv.json‎ ‎…-577h-p2hh-v4mv/GHSA-577h-p2hh-v4mv.json‎advisories/unreviewed/2025/12/GHSA-577h-p2hh-v4mv/GHSA-577h-p2hh-v4mv.json renamed to advisories/github-reviewed/2025/12/GHSA-577h-p2hh-v4mv/GHSA-577h-p2hh-v4mv.json
Lines changed: 42 additions & 5 deletions
diff --git a/‎advisories/unreviewed/2024/03/GHSA-2jw4-27vv-49jx/GHSA-2jw4-27vv-49jx.json‎
Lines changed: 2 additions & 2 deletions b/‎advisories/unreviewed/2024/03/GHSA-2jw4-27vv-49jx/GHSA-2jw4-27vv-49jx.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎advisories/unreviewed/2024/03/GHSA-r6c2-64cx-qqr6/GHSA-r6c2-64cx-qqr6.json‎
Lines changed: 2 additions & 2 deletions b/‎advisories/unreviewed/2024/03/GHSA-r6c2-64cx-qqr6/GHSA-r6c2-64cx-qqr6.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎advisories/unreviewed/2024/03/GHSA-x7gm-q293-r7gv/GHSA-x7gm-q293-r7gv.json‎
Lines changed: 2 additions & 2 deletions b/‎advisories/unreviewed/2024/03/GHSA-x7gm-q293-r7gv/GHSA-x7gm-q293-r7gv.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎advisories/unreviewed/2024/04/GHSA-pw55-22x2-xqg6/GHSA-pw55-22x2-xqg6.json‎
Lines changed: 2 additions & 2 deletions b/‎advisories/unreviewed/2024/04/GHSA-pw55-22x2-xqg6/GHSA-pw55-22x2-xqg6.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-2mmx-jx99-8cmf/GHSA-2mmx-jx99-8cmf.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/10/GHSA-2mmx-jx99-8cmf/GHSA-2mmx-jx99-8cmf.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-5wf2-hxf9-8hxr/GHSA-5wf2-hxf9-8hxr.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/10/GHSA-5wf2-hxf9-8hxr/GHSA-5wf2-hxf9-8hxr.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-67pv-grc5-6pf5/GHSA-67pv-grc5-6pf5.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/10/GHSA-67pv-grc5-6pf5/GHSA-67pv-grc5-6pf5.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-hxw6-3gmw-qjx9/GHSA-hxw6-3gmw-qjx9.json‎
Lines changed: 1 addition & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-hxw6-3gmw-qjx9/GHSA-hxw6-3gmw-qjx9.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-xx9v-q9cc-wq54/GHSA-xx9v-q9cc-wq54.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/10/GHSA-xx9v-q9cc-wq54/GHSA-xx9v-q9cc-wq54.json‎
Lines changed: 8 additions & 3 deletions
@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-577h-p2hh-v4mv",
-  "modified": "2026-01-16T21:30:30Z",
+  "modified": "2026-01-21T21:30:47Z",
   "published": "2025-12-06T00:31:36Z",
   "aliases": [
     "CVE-2025-34291"
   ],
+  "summary": "Langflow CORS misconfiguration enables Account Takeover and RCE",
   "details": "Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.",
   "severity": [
     {
@@ -14,17 +15,53 @@
     },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "langflow"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "1.6.9"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "affected": [],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34291"
     },
     {
       "type": "WEB",
+      "url": "https://github.com/langflow-ai/langflow/pull/10139"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/langflow-ai/langflow/pull/10696"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/langflow-ai/langflow/pull/9240"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/langflow-ai/langflow/pull/9441"
+    },
+    {
+      "type": "PACKAGE",
       "url": "https://github.com/langflow-ai/langflow"
     },
     {
@@ -41,8 +78,8 @@
       "CWE-346"
     ],
     "severity": "CRITICAL",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-01-21T21:30:47Z",
     "nvd_published_at": "2025-12-05T23:15:47Z"
   }
 }
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2jw4-27vv-49jx",
-  "modified": "2024-03-28T06:30:46Z",
+  "modified": "2026-01-21T21:30:27Z",
   "published": "2024-03-28T06:30:46Z",
   "aliases": [
     "CVE-2024-30244"
   ],
-  "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.\n\n",
+  "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.",
   "severity": [
     {
       "type": "CVSS_V3",
 
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r6c2-64cx-qqr6",
-  "modified": "2024-03-27T09:30:40Z",
+  "modified": "2026-01-21T21:30:27Z",
   "published": "2024-03-27T09:30:40Z",
   "aliases": [
     "CVE-2024-30197"
   ],
-  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.\n\n",
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.",
   "severity": [
     {
       "type": "CVSS_V3",
 
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x7gm-q293-r7gv",
-  "modified": "2024-03-27T09:30:40Z",
+  "modified": "2026-01-21T21:30:26Z",
   "published": "2024-03-27T09:30:40Z",
   "aliases": [
     "CVE-2024-30193"
   ],
-  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.\n\n",
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.",
   "severity": [
     {
       "type": "CVSS_V3",
 
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pw55-22x2-xqg6",
-  "modified": "2024-04-07T18:30:30Z",
+  "modified": "2026-01-21T21:30:27Z",
   "published": "2024-04-07T18:30:30Z",
   "aliases": [
     "CVE-2024-31280"
   ],
-  "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.\n\n",
+  "details": "Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.",
   "severity": [
     {
       "type": "CVSS_V3",
 
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2mmx-jx99-8cmf",
-  "modified": "2025-10-28T21:30:33Z",
+  "modified": "2026-01-21T21:30:28Z",
   "published": "2025-10-28T21:30:33Z",
   "aliases": [
     "CVE-2025-43017"
   ],
   "details": "HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5wf2-hxf9-8hxr",
-  "modified": "2025-10-01T12:30:30Z",
+  "modified": "2026-01-21T21:30:27Z",
   "published": "2025-10-01T12:30:30Z",
   "aliases": [
     "CVE-2023-53489"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.\n\nsyzkaller reported [0] memory leaks of an UDP socket and ZEROCOPY\nskbs.  We can reproduce the problem with these sequences:\n\n  sk = socket(AF_INET, SOCK_DGRAM, 0)\n  sk.setsockopt(SOL_SOCKET, SO_TIMESTAMPING, SOF_TIMESTAMPING_TX_SOFTWARE)\n  sk.setsockopt(SOL_SOCKET, SO_ZEROCOPY, 1)\n  sk.sendto(b'', MSG_ZEROCOPY, ('127.0.0.1', 53))\n  sk.close()\n\nsendmsg() calls msg_zerocopy_alloc(), which allocates a skb, sets\nskb->cb->ubuf.refcnt to 1, and calls sock_hold().  Here, struct\nubuf_info_msgzc indirectly holds a refcnt of the socket.  When the\nskb is sent, __skb_tstamp_tx() clones it and puts the clone into\nthe socket's error queue with the TX timestamp.\n\nWhen the original skb is received locally, skb_copy_ubufs() calls\nskb_unclone(), and pskb_expand_head() increments skb->cb->ubuf.refcnt.\nThis additional count is decremented while freeing the skb, but struct\nubuf_info_msgzc still has a refcnt, so __msg_zerocopy_callback() is\nnot called.\n\nThe last refcnt is not released unless we retrieve the TX timestamped\nskb by recvmsg().  Since we clear the error queue in inet_sock_destruct()\nafter the socket's refcnt reaches 0, there is a circular dependency.\nIf we close() the socket holding such skbs, we never call sock_put()\nand leak the count, sk, and skb.\n\nTCP has the same problem, and commit e0c8bccd40fc (\"net: stream:\npurge sk_error_queue in sk_stream_kill_queues()\") tried to fix it\nby calling skb_queue_purge() during close().  However, there is a\nsmall chance that skb queued in a qdisc or device could be put\ninto the error queue after the skb_queue_purge() call.\n\nIn __skb_tstamp_tx(), the cloned skb should not have a reference\nto the ubuf to remove the circular dependency, but skb_clone() does\nnot call skb_copy_ubufs() for zerocopy skb.  So, we need to call\nskb_orphan_frags_rx() for the cloned skb to call skb_copy_ubufs().\n\n[0]:\nBUG: memory leak\nunreferenced object 0xffff88800c6d2d00 (size 1152):\n  comm \"syz-executor392\", pid 264, jiffies 4294785440 (age 13.044s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 cd af e8 81 00 00 00 00  ................\n    02 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............\n  backtrace:\n    [<0000000055636812>] sk_prot_alloc+0x64/0x2a0 net/core/sock.c:2024\n    [<0000000054d77b7a>] sk_alloc+0x3b/0x800 net/core/sock.c:2083\n    [<0000000066f3c7e0>] inet_create net/ipv4/af_inet.c:319 [inline]\n    [<0000000066f3c7e0>] inet_create+0x31e/0xe40 net/ipv4/af_inet.c:245\n    [<000000009b83af97>] __sock_create+0x2ab/0x550 net/socket.c:1515\n    [<00000000b9b11231>] sock_create net/socket.c:1566 [inline]\n    [<00000000b9b11231>] __sys_socket_create net/socket.c:1603 [inline]\n    [<00000000b9b11231>] __sys_socket_create net/socket.c:1588 [inline]\n    [<00000000b9b11231>] __sys_socket+0x138/0x250 net/socket.c:1636\n    [<000000004fb45142>] __do_sys_socket net/socket.c:1649 [inline]\n    [<000000004fb45142>] __se_sys_socket net/socket.c:1647 [inline]\n    [<000000004fb45142>] __x64_sys_socket+0x73/0xb0 net/socket.c:1647\n    [<0000000066999e0e>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n    [<0000000066999e0e>] do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80\n    [<0000000017f238c1>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nBUG: memory leak\nunreferenced object 0xffff888017633a00 (size 240):\n  comm \"syz-executor392\", pid 264, jiffies 4294785440 (age 13.044s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 2d 6d 0c 80 88 ff ff  .........-m.....\n  backtrace:\n    [<000000002b1c4368>] __alloc_skb+0x229/0x320 net/core/skbuff.c:497\n    [<00000000143579a6>] alloc_skb include/linux/skbuff.h:1265 [inline]\n    [<00000000143579a6>] sock_omalloc+0xaa/0x190 net/core/sock.c:2596\n    [<00000000be626478>] msg_zerocopy_alloc net/core/skbuff.c:1294 [inline]\n    [<00000000be626478>]\n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -52,8 +57,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-01T12:15:51Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-67pv-grc5-6pf5",
-  "modified": "2025-10-01T12:30:30Z",
+  "modified": "2026-01-21T21:30:27Z",
   "published": "2025-10-01T12:30:30Z",
   "aliases": [
     "CVE-2023-53488"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix possible panic during hotplug remove\n\nDuring hotplug remove it is possible that the update counters work\nmight be pending, and may run after memory has been freed.\nCancel the update counters work before freeing memory.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -49,7 +54,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-01T12:15:51Z"
 
@@ -26,6 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-22",
       "CWE-23"
     ],
     "severity": "MODERATE",
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xx9v-q9cc-wq54",
-  "modified": "2025-10-01T12:30:28Z",
+  "modified": "2026-01-21T21:30:27Z",
   "published": "2025-10-01T12:30:28Z",
   "aliases": [
     "CVE-2022-50439"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8173: Enable IRQ when pdata is ready\n\nIf the device does not come straight from reset, we might receive an IRQ\nbefore we are ready to handle it.\n\n\n[    2.334737] Unable to handle kernel read from unreadable memory at virtual address 00000000000001e4\n[    2.522601] Call trace:\n[    2.525040]  regmap_read+0x1c/0x80\n[    2.528434]  mt8173_afe_irq_handler+0x40/0xf0\n...\n[    2.598921]  start_kernel+0x338/0x42c",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-01T12:15:35Z"