Skip to content

Commit 5c91077

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-8mhm-8wmq-8793 GHSA-8qw7-rqx6-9gqj GHSA-x8pv-gc6r-gh6r
1 parent cc92d63 commit 5c91077

3 files changed

Lines changed: 154 additions & 0 deletions

File tree

advisories/unreviewed/2026/04/GHSA-8mhm-8wmq-8793/GHSA-8mhm-8wmq-8793.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8mhm-8wmq-8793",
4+
"modified": "2026-04-02T03:31:32Z",
5+
"published": "2026-04-02T03:31:32Z",
6+
"aliases": [
7+
"CVE-2026-5317"
8+
],
9+
"details": "A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5317"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://gist.github.com/d0razi/2ff8a0e812f74dd6fe7f2843931bb90c"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/780561"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/354649"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/354649/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-119"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-04-02T01:16:01Z"
51+
}
52+
}

advisories/unreviewed/2026/04/GHSA-8qw7-rqx6-9gqj/GHSA-8qw7-rqx6-9gqj.json

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8qw7-rqx6-9gqj",
4+
"modified": "2026-04-02T03:31:32Z",
5+
"published": "2026-04-02T03:31:32Z",
6+
"aliases": [
7+
"CVE-2026-5318"
8+
],
9+
"details": "A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5318"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/LibRaw/LibRaw/issues/794"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/LibRaw/LibRaw/issues/794#issuecomment-4065342499"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/LibRaw/LibRaw"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/biniamf/pocs/tree/main/libraw_lljpeg"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/submit/780538"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/vuln/354650"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://vuldb.com/vuln/354650/cti"
57+
}
58+
],
59+
"database_specific": {
60+
"cwe_ids": [
61+
"CWE-119"
62+
],
63+
"severity": "MODERATE",
64+
"github_reviewed": false,
65+
"github_reviewed_at": null,
66+
"nvd_published_at": "2026-04-02T03:16:07Z"
67+
}
68+
}

advisories/unreviewed/2026/04/GHSA-x8pv-gc6r-gh6r/GHSA-x8pv-gc6r-gh6r.json

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-x8pv-gc6r-gh6r",
4+
"modified": "2026-04-02T03:31:31Z",
5+
"published": "2026-04-02T03:31:31Z",
6+
"aliases": [
7+
"CVE-2026-1243"
8+
],
9+
"details": "IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1243"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.ibm.com/support/pages/node/7268006"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [],
29+
"severity": "MODERATE",
30+
"github_reviewed": false,
31+
"github_reviewed_at": null,
32+
"nvd_published_at": "2026-04-02T01:16:01Z"
33+
}
34+
}

0 commit comments

Comments
 (0)