Publish Advisories

GHSA-89vf-4333-qx8v
GHSA-2679-6mx9-h9xc
GHSA-4ggg-h7ph-26qr
GHSA-5gfj-64gh-mgmw
GHSA-chqc-8p9q-pq6q
GHSA-xrw6-gwf8-vvr9

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-89vf-4333-qx8v/GHSA-89vf-4333-qx8v.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-89vf-4333-qx8v",
-  "modified": "2026-03-25T20:47:31Z",
+  "modified": "2026-04-09T19:06:46Z",
   "published": "2026-03-23T20:53:28Z",
   "aliases": [
     "CVE-2026-33170"
   ],
   "summary": "Rails Active Support has a possible XSS vulnerability in SafeBuffer#%",
-  "details": "### Impact\n`SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly created buffer. If a `SafeBuffer` is mutated in place (e.g. via `gsub!`) and then formatted with `%` using untrusted arguments, the result incorrectly reports `html_safe? == true`, bypassing ERB auto-escaping and possibly leading to XSS.\n\n### Releases\nThe fixed releases are available at the normal locations.",
+  "details": "### Impact\n`SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly created buffer. If a `SafeBuffer` is mutated in place (e.g. via `gsub!`) and then formatted with `%` using untrusted arguments, the result incorrectly reports `html_safe? == true`, bypassing ERB auto-escaping and possibly leading to XSS.\n\n### Releases\nThe fixed releases are available at the normal locations.\n\n### Credit\nThis issue was responsibly reported by @ch4n3-yoon",
   "severity": [
     {
       "type": "CVSS_V4",

advisories/github-reviewed/2026/04/GHSA-2679-6mx9-h9xc/GHSA-2679-6mx9-h9xc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2679-6mx9-h9xc",
-  "modified": "2026-04-09T14:30:45Z",
+  "modified": "2026-04-09T19:06:14Z",
   "published": "2026-04-08T21:50:58Z",
   "aliases": [
     "CVE-2026-39987"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39987"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/marimo-team/marimo/pull/9098"
@@ -60,6 +64,6 @@
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-08T21:50:58Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-09T18:17:02Z"
   }
 }

advisories/github-reviewed/2026/04/GHSA-4ggg-h7ph-26qr/GHSA-4ggg-h7ph-26qr.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4ggg-h7ph-26qr",
-  "modified": "2026-04-09T14:31:07Z",
+  "modified": "2026-04-09T19:05:56Z",
   "published": "2026-04-08T19:53:48Z",
   "aliases": [
     "CVE-2026-39974"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-4ggg-h7ph-26qr"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39974"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/czlonkowski/n8n-mcp/commit/d9d847f230923d96e0857ccecf3a4dedcc9b0096"
@@ -63,6 +67,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-08T19:53:48Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-09T17:16:30Z"
   }
 }

advisories/github-reviewed/2026/04/GHSA-5gfj-64gh-mgmw/GHSA-5gfj-64gh-mgmw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5gfj-64gh-mgmw",
-  "modified": "2026-04-09T14:31:22Z",
+  "modified": "2026-04-09T19:06:04Z",
   "published": "2026-04-08T20:02:01Z",
   "aliases": [
     "CVE-2026-39981"
@@ -43,6 +43,14 @@
       "type": "WEB",
       "url": "https://github.com/Josh-XT/AGiXT/security/advisories/GHSA-5gfj-64gh-mgmw"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39981"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Josh-XT/AGiXT/commit/2079ea5a88fa671a921bf0b5eba887a5a1b73d5f"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/Josh-XT/AGiXT"
@@ -59,6 +67,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-08T20:02:01Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-09T18:17:02Z"
   }
 }

advisories/github-reviewed/2026/04/GHSA-chqc-8p9q-pq6q/GHSA-chqc-8p9q-pq6q.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-chqc-8p9q-pq6q",
-  "modified": "2026-04-09T14:31:27Z",
+  "modified": "2026-04-09T19:06:10Z",
   "published": "2026-04-08T20:02:25Z",
   "aliases": [
     "CVE-2026-39983"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39983"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/patrickjuchli/basic-ftp/commit/2ecc8e2c500c5234115f06fd1dbde1aa03d70f4b"
@@ -63,6 +67,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-08T20:02:25Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-09T18:17:02Z"
   }
 }

advisories/github-reviewed/2026/04/GHSA-xrw6-gwf8-vvr9/GHSA-xrw6-gwf8-vvr9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xrw6-gwf8-vvr9",
-  "modified": "2026-04-09T14:30:59Z",
+  "modified": "2026-04-09T19:05:46Z",
   "published": "2026-04-08T19:52:58Z",
   "aliases": [
     "CVE-2026-39959"
@@ -78,6 +78,10 @@
       "type": "WEB",
       "url": "https://github.com/tmds/Tmds.DBus/security/advisories/GHSA-xrw6-gwf8-vvr9"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39959"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/tmds/Tmds.DBus"
@@ -93,11 +97,12 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-290",
       "CWE-400"
     ],
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-08T19:52:58Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-09T17:16:30Z"
   }
 }