Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/04/GHSA-782c-hpc8-pfgv/GHSA-782c-hpc8-pfgv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-782c-hpc8-pfgv",
-  "modified": "2022-04-23T00:40:22Z",
+  "modified": "2026-04-09T18:31:21Z",
   "published": "2022-04-23T00:40:22Z",
   "aliases": [
     "CVE-2012-5562"
   ],
   "details": "rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,7 +33,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-319"
+    ],
     "severity": "LOW",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/01/GHSA-2j3v-cxmf-cmp7/GHSA-2j3v-cxmf-cmp7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2j3v-cxmf-cmp7",
-  "modified": "2026-01-15T15:31:21Z",
+  "modified": "2026-04-09T18:31:22Z",
   "published": "2026-01-15T15:31:21Z",
   "aliases": [
     "CVE-2026-0990"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429959"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/01/GHSA-337w-h8w7-m899/GHSA-337w-h8w7-m899.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-337w-h8w7-m899",
-  "modified": "2026-03-24T12:30:24Z",
+  "modified": "2026-04-09T18:31:22Z",
   "published": "2026-01-26T21:30:36Z",
   "aliases": [
     "CVE-2025-9820"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:5606"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7329"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-9820"

advisories/unreviewed/2026/01/GHSA-3xfm-x84x-qwwq/GHSA-3xfm-x84x-qwwq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3xfm-x84x-qwwq",
-  "modified": "2026-01-15T15:31:21Z",
+  "modified": "2026-04-09T18:31:22Z",
   "published": "2026-01-15T15:31:21Z",
   "aliases": [
     "CVE-2026-0989"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429933"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/998"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/01/GHSA-cjqj-7q2q-jx9c/GHSA-cjqj-7q2q-jx9c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cjqj-7q2q-jx9c",
-  "modified": "2026-01-15T15:31:21Z",
+  "modified": "2026-04-09T18:31:22Z",
   "published": "2026-01-15T15:31:21Z",
   "aliases": [
     "CVE-2026-0992"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429975"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/02/GHSA-pm8w-jq9r-x5rp/GHSA-pm8w-jq9r-x5rp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pm8w-jq9r-x5rp",
-  "modified": "2026-04-07T12:31:15Z",
+  "modified": "2026-04-09T18:31:22Z",
   "published": "2026-02-09T15:30:31Z",
   "aliases": [
     "CVE-2025-14831"
@@ -59,6 +59,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:6738"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7329"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14831"

advisories/unreviewed/2026/03/GHSA-xrqh-48jh-pjv2/GHSA-xrqh-48jh-pjv2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xrqh-48jh-pjv2",
-  "modified": "2026-04-08T18:34:03Z",
+  "modified": "2026-04-09T18:31:22Z",
   "published": "2026-03-13T21:31:51Z",
   "aliases": [
     "CVE-2026-4111"
@@ -47,6 +47,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:7106"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7329"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-4111"

advisories/unreviewed/2026/04/GHSA-24q9-g4p7-45qp/GHSA-24q9-g4p7-45qp.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-24q9-g4p7-45qp",
+  "modified": "2026-04-09T18:31:26Z",
+  "published": "2026-04-09T18:31:26Z",
+  "aliases": [
+    "CVE-2025-15480"
+  ],
+  "details": "In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15480"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/canonical/ubuntu-desktop-provision/pull/1399"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/canonical/ubuntu-desktop-provision/pull/1400"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1258"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T16:16:25Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3ghp-8r47-4gj4/GHSA-3ghp-8r47-4gj4.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3ghp-8r47-4gj4",
+  "modified": "2026-04-09T18:31:28Z",
+  "published": "2026-04-09T18:31:28Z",
+  "aliases": [
+    "CVE-2026-5971"
+  ],
+  "details": "A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5971"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/FoundationAgents/MetaGPT/issues/1928"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/FoundationAgents/MetaGPT/issues/1956"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/FoundationAgents/MetaGPT"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/791734"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356525"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356525/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T18:17:04Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3wq5-x8p8-2v3p/GHSA-3wq5-x8p8-2v3p.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3wq5-x8p8-2v3p",
+  "modified": "2026-04-09T18:31:28Z",
+  "published": "2026-04-09T18:31:28Z",
+  "aliases": [
+    "CVE-2026-5329"
+  ],
+  "details": "Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker  to write to arbitrary internal server queues via a crafted monitoring message with a malicious queue name. The server handler that receives client monitoring messages does not sufficiently validate the queue name supplied by the client, allowing a rogue client to write arbitrary messages to privileged internal queues. This may lead to remote code execution on the Velociraptor server. Rapid7 Hosted Velociraptor instances are not affected by this vulnerability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5329"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.velociraptor.app/announcements/advisories/cve-2026-5329"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T18:17:04Z"
+  }
+}