github
diff --git a/‎advisories/github-reviewed/2026/01/GHSA-6497-prx7-gpmq/GHSA-6497-prx7-gpmq.json‎
Lines changed: 78 additions & 0 deletions b/‎advisories/github-reviewed/2026/01/GHSA-6497-prx7-gpmq/GHSA-6497-prx7-gpmq.json‎
Lines changed: 78 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2026/01/GHSA-vcf3-26xf-fw4m/GHSA-vcf3-26xf-fw4m.json‎
Lines changed: 96 additions & 0 deletions b/‎advisories/github-reviewed/2026/01/GHSA-vcf3-26xf-fw4m/GHSA-vcf3-26xf-fw4m.json‎
Lines changed: 96 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/01/GHSA-6497-prx7-gpmq/GHSA-6497-prx7-gpmq.json‎
Lines changed: 0 additions & 40 deletions b/‎advisories/unreviewed/2026/01/GHSA-6497-prx7-gpmq/GHSA-6497-prx7-gpmq.json‎
Lines changed: 0 additions & 40 deletions
diff --git a/‎advisories/unreviewed/2026/01/GHSA-vcf3-26xf-fw4m/GHSA-vcf3-26xf-fw4m.json‎
Lines changed: 0 additions & 44 deletions b/‎advisories/unreviewed/2026/01/GHSA-vcf3-26xf-fw4m/GHSA-vcf3-26xf-fw4m.json‎
Lines changed: 0 additions & 44 deletions
@@ -0,0 +1,78 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6497-prx7-gpmq",
+  "modified": "2026-02-01T18:09:10Z",
+  "published": "2026-01-30T21:30:22Z",
+  "aliases": [
+    "CVE-2025-69662"
+  ],
+  "summary": "geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure",
+  "details": "SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "geopandas"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.1.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69662"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/geopandas/geopandas/issues/3679"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/geopandas/geopandas/pull/3681"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/geopandas/geopandas/commit/6aa8ef14ffdee4ba1044349ab948e1a1fbfaf419"
+    },
+    {
+      "type": "WEB",
+      "url": "https://aydinnyunus.github.io/2025/12/27/sql-injection-geopandas"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/geopandas/geopandas"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/geopandas/geopandas/releases/tag/v1.1.2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-202",
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-01T18:09:10Z",
+    "nvd_published_at": "2026-01-30T19:16:11Z"
+  }
+}
@@ -0,0 +1,96 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vcf3-26xf-fw4m",
+  "modified": "2026-02-01T18:09:41Z",
+  "published": "2026-01-30T21:30:22Z",
+  "aliases": [
+    "CVE-2025-62349"
+  ],
+  "summary": "Salt Authentication Protocol Version Downgrade Allows Minion Impersonation",
+  "details": "Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "salt"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3006.12"
+            },
+            {
+              "fixed": "3006.17"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "salt"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3007.4"
+            },
+            {
+              "fixed": "3007.9"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62349"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/saltstack/salt/issues/68467"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/saltstack/salt/commit/3d5708acae16d039a1e2b5529c8e14a0d3255611"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.saltproject.io/en/latest/topics/releases/3006.17.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.saltproject.io/en/latest/topics/releases/3007.9.html"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/saltstack/salt"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-01T18:09:41Z",
+    "nvd_published_at": "2026-01-30T19:16:11Z"
+  }
+}