Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 6a6ae1434768 · 2026-01-27T15:32:26.000Z
GHSA-vgvm-wwrq-c4xw GHSA-84xh-pwc6-7g4g GHSA-499f-rpfh-94vx GHSA-5xrp-6693-jjx9 GHSA-9m4g-m3p5-p6gm GHSA-fm67-x2fw-2g76 GHSA-gpp2-hwq5-2xp4 GHSA-m4rj-q4ph-fr4v GHSA-r2jv-fwfr-4j8c GHSA-r2rp-r5cj-6c6x GHSA-xc99-2v4m-jv2w
diff --git a/advisories/unreviewed/2023/07/GHSA-vgvm-wwrq-c4xw/GHSA-vgvm-wwrq-c4xw.json b/advisories/unreviewed/2023/07/GHSA-vgvm-wwrq-c4xw/GHSA-vgvm-wwrq-c4xw.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vgvm-wwrq-c4xw",
-  "modified": "2025-09-18T21:30:54Z",
+  "modified": "2026-01-27T15:30:26Z",
   "published": "2023-07-06T21:14:53Z",
   "aliases": [
     "CVE-2023-29240"
diff --git a/advisories/unreviewed/2025/02/GHSA-84xh-pwc6-7g4g/GHSA-84xh-pwc6-7g4g.json b/advisories/unreviewed/2025/02/GHSA-84xh-pwc6-7g4g/GHSA-84xh-pwc6-7g4g.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-84xh-pwc6-7g4g",
-  "modified": "2026-01-23T21:30:33Z",
+  "modified": "2026-01-27T15:30:26Z",
   "published": "2025-02-05T18:34:46Z",
   "aliases": [
     "CVE-2025-23419"
diff --git a/advisories/unreviewed/2026/01/GHSA-499f-rpfh-94vx/GHSA-499f-rpfh-94vx.json b/advisories/unreviewed/2026/01/GHSA-499f-rpfh-94vx/GHSA-499f-rpfh-94vx.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-499f-rpfh-94vx",
-  "modified": "2026-01-16T15:31:25Z",
+  "modified": "2026-01-27T15:30:27Z",
   "published": "2026-01-16T15:31:25Z",
   "aliases": [
     "CVE-2026-0696"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.themissinglink.com.au/security-advisories/cve-2026-0696"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2026/01/GHSA-5xrp-6693-jjx9/GHSA-5xrp-6693-jjx9.json b/advisories/unreviewed/2026/01/GHSA-5xrp-6693-jjx9/GHSA-5xrp-6693-jjx9.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5xrp-6693-jjx9",
+  "modified": "2026-01-27T15:30:32Z",
+  "published": "2026-01-27T15:30:32Z",
+  "aliases": [
+    "CVE-2026-1470"
+  ],
+  "details": "n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.\n\nAn authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1470"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04"
+    },
+    {
+      "type": "WEB",
+      "url": "https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-95"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T15:15:57Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-9m4g-m3p5-p6gm/GHSA-9m4g-m3p5-p6gm.json b/advisories/unreviewed/2026/01/GHSA-9m4g-m3p5-p6gm/GHSA-9m4g-m3p5-p6gm.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9m4g-m3p5-p6gm",
+  "modified": "2026-01-27T15:30:32Z",
+  "published": "2026-01-27T15:30:32Z",
+  "aliases": [
+    "CVE-2026-1489"
+  ],
+  "details": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2026-1489"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433348"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T15:15:57Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-fm67-x2fw-2g76/GHSA-fm67-x2fw-2g76.json b/advisories/unreviewed/2026/01/GHSA-fm67-x2fw-2g76/GHSA-fm67-x2fw-2g76.json
@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-20"
+    ],
     "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2026/01/GHSA-gpp2-hwq5-2xp4/GHSA-gpp2-hwq5-2xp4.json b/advisories/unreviewed/2026/01/GHSA-gpp2-hwq5-2xp4/GHSA-gpp2-hwq5-2xp4.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gpp2-hwq5-2xp4",
-  "modified": "2026-01-23T18:31:28Z",
+  "modified": "2026-01-27T15:30:26Z",
   "published": "2026-01-16T15:31:25Z",
   "aliases": [
     "CVE-2026-0695"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.themissinglink.com.au/security-advisories/cve-2026-0695"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2026/01/GHSA-m4rj-q4ph-fr4v/GHSA-m4rj-q4ph-fr4v.json b/advisories/unreviewed/2026/01/GHSA-m4rj-q4ph-fr4v/GHSA-m4rj-q4ph-fr4v.json
@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-400"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2026/01/GHSA-r2jv-fwfr-4j8c/GHSA-r2jv-fwfr-4j8c.json b/advisories/unreviewed/2026/01/GHSA-r2jv-fwfr-4j8c/GHSA-r2jv-fwfr-4j8c.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r2jv-fwfr-4j8c",
+  "modified": "2026-01-27T15:30:31Z",
+  "published": "2026-01-27T15:30:31Z",
+  "aliases": [
+    "CVE-2026-1213"
+  ],
+  "details": "All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1213"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ASKBOT/askbot-devel/commit/3da3d75f35204aa71633c7a315327ba39cb6295d"
+    },
+    {
+      "type": "WEB",
+      "url": "https://askbot.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fluidattacks.com/advisories/ghost"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T14:15:55Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-r2rp-r5cj-6c6x/GHSA-r2rp-r5cj-6c6x.json b/advisories/unreviewed/2026/01/GHSA-r2rp-r5cj-6c6x/GHSA-r2rp-r5cj-6c6x.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r2rp-r5cj-6c6x",
+  "modified": "2026-01-27T15:30:31Z",
+  "published": "2026-01-27T15:30:31Z",
+  "aliases": [
+    "CVE-2026-1484"
+  ],
+  "details": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2026-1484"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433259"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T14:15:56Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/01/GHSA-xc99-2v4m-jv2w/GHSA-xc99-2v4m-jv2w.json b/advisories/unreviewed/2026/01/GHSA-xc99-2v4m-jv2w/GHSA-xc99-2v4m-jv2w.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xc99-2v4m-jv2w",
+  "modified": "2026-01-27T15:30:31Z",
+  "published": "2026-01-27T15:30:31Z",
+  "aliases": [
+    "CVE-2026-1485"
+  ],
+  "details": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2026-1485"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433325"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T14:15:56Z"
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-vgvm-wwrq-c4xw",`
`4`		`- "modified": "2025-09-18T21:30:54Z",`
	`4`	`+ "modified": "2026-01-27T15:30:26Z",`
`5`	`5`	`"published": "2023-07-06T21:14:53Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2023-29240"`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-84xh-pwc6-7g4g",`
`4`		`- "modified": "2026-01-23T21:30:33Z",`
	`4`	`+ "modified": "2026-01-27T15:30:26Z",`
`5`	`5`	`"published": "2025-02-05T18:34:46Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2025-23419"`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-499f-rpfh-94vx",`
`4`		`- "modified": "2026-01-16T15:31:25Z",`
	`4`	`+ "modified": "2026-01-27T15:30:27Z",`
`5`	`5`	`"published": "2026-01-16T15:31:25Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2026-0696"`
`@@ -22,6 +22,10 @@`
`22`	`22`	`{`
`23`	`23`	`"type": "WEB",`
`24`	`24`	`"url": "https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix"`
	`25`	`+ },`
	`26`	`+ {`
	`27`	`+ "type": "WEB",`
	`28`	`+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2026-0696"`
`25`	`29`	`}`
`26`	`30`	`],`
`27`	`31`	`"database_specific": {`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-gpp2-hwq5-2xp4",`
`4`		`- "modified": "2026-01-23T18:31:28Z",`
	`4`	`+ "modified": "2026-01-27T15:30:26Z",`
`5`	`5`	`"published": "2026-01-16T15:31:25Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2026-0695"`
`@@ -22,6 +22,10 @@`
`22`	`22`	`{`
`23`	`23`	`"type": "WEB",`
`24`	`24`	`"url": "https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix"`
	`25`	`+ },`
	`26`	`+ {`
	`27`	`+ "type": "WEB",`
	`28`	`+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2026-0695"`
`25`	`29`	`}`
`26`	`30`	`],`
`27`	`31`	`"database_specific": {`