Publish Advisories

GHSA-2h2m-v2mg-656c
GHSA-8478-rmjg-mjj5
GHSA-frj9-9rwc-pw9j
GHSA-g92v-wpv7-6w22
GHSA-h9r9-2pxg-cx9m
GHSA-p6w8-q63m-72c8
GHSA-v585-mf6r-rqrc
GHSA-w8gw-qm8p-j9j3
GHSA-wq2m-r96q-crrf
GHSA-wqc5-485v-3hqh

Author: advisory-database[bot]

advisories/github-reviewed/2026/02/GHSA-2h2m-v2mg-656c/GHSA-2h2m-v2mg-656c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2h2m-v2mg-656c",
-  "modified": "2026-02-02T22:44:05Z",
+  "modified": "2026-02-03T21:40:06Z",
   "published": "2026-02-02T22:44:05Z",
   "aliases": [
     "CVE-2026-25484"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/security/advisories/GHSA-2h2m-v2mg-656c"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25484"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/commit/7e1dedf06038c8e70dce0187b7048d4ab8ffb75c"
@@ -89,6 +93,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-02T22:44:05Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-03T19:16:25Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-8478-rmjg-mjj5/GHSA-8478-rmjg-mjj5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8478-rmjg-mjj5",
-  "modified": "2026-02-02T22:43:00Z",
+  "modified": "2026-02-03T21:39:59Z",
   "published": "2026-02-02T22:43:00Z",
   "aliases": [
     "CVE-2026-25483"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/security/advisories/GHSA-8478-rmjg-mjj5"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25483"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/commit/4665a47c0961aee311a42af2ff94a7c470f0ad8c"
@@ -89,6 +93,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-02T22:43:00Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-03T19:16:25Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-frj9-9rwc-pw9j/GHSA-frj9-9rwc-pw9j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-frj9-9rwc-pw9j",
-  "modified": "2026-02-02T22:41:44Z",
+  "modified": "2026-02-03T21:39:52Z",
   "published": "2026-02-02T22:41:44Z",
   "aliases": [
     "CVE-2026-25482"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/security/advisories/GHSA-frj9-9rwc-pw9j"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25482"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/commit/d94d1c9832a47a1c383e375ae87c46c13935ba65"
@@ -89,6 +93,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-02T22:41:44Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-03T19:16:25Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-g92v-wpv7-6w22/GHSA-g92v-wpv7-6w22.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g92v-wpv7-6w22",
-  "modified": "2026-02-02T22:49:55Z",
+  "modified": "2026-02-03T21:40:21Z",
   "published": "2026-02-02T22:49:55Z",
   "aliases": [
     "CVE-2026-25486"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/security/advisories/GHSA-g92v-wpv7-6w22"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25486"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd772839ee"
@@ -63,6 +67,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-02T22:49:55Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-03T19:16:26Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-h9r9-2pxg-cx9m/GHSA-h9r9-2pxg-cx9m.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h9r9-2pxg-cx9m",
-  "modified": "2026-02-03T16:26:16Z",
+  "modified": "2026-02-03T21:40:58Z",
   "published": "2026-02-02T23:04:00Z",
   "aliases": [
     "CVE-2026-25522"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/security/advisories/GHSA-h9r9-2pxg-cx9m"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25522"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd772839ee"
@@ -89,6 +93,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-02T23:04:00Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-03T19:16:27Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-p6w8-q63m-72c8/GHSA-p6w8-q63m-72c8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p6w8-q63m-72c8",
-  "modified": "2026-02-02T22:51:51Z",
+  "modified": "2026-02-03T21:40:36Z",
   "published": "2026-02-02T22:51:51Z",
   "aliases": [
     "CVE-2026-25488"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/security/advisories/GHSA-p6w8-q63m-72c8"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25488"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd772839ee"
@@ -89,6 +93,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-02T22:51:51Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-03T19:16:26Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-v585-mf6r-rqrc/GHSA-v585-mf6r-rqrc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v585-mf6r-rqrc",
-  "modified": "2026-02-02T23:00:13Z",
+  "modified": "2026-02-03T21:40:44Z",
   "published": "2026-02-02T23:00:13Z",
   "aliases": [
     "CVE-2026-25489"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/security/advisories/GHSA-v585-mf6r-rqrc"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25489"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd772839ee"
@@ -89,6 +93,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-02T23:00:13Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-03T19:16:26Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-w8gw-qm8p-j9j3/GHSA-w8gw-qm8p-j9j3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w8gw-qm8p-j9j3",
-  "modified": "2026-02-02T22:45:03Z",
+  "modified": "2026-02-03T21:40:14Z",
   "published": "2026-02-02T22:45:03Z",
   "aliases": [
     "CVE-2026-25485"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/security/advisories/GHSA-w8gw-qm8p-j9j3"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25485"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd772839ee"
@@ -89,6 +93,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-02T22:45:03Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-03T19:16:26Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-wq2m-r96q-crrf/GHSA-wq2m-r96q-crrf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wq2m-r96q-crrf",
-  "modified": "2026-02-02T23:02:33Z",
+  "modified": "2026-02-03T21:40:50Z",
   "published": "2026-02-02T23:02:33Z",
   "aliases": [
     "CVE-2026-25490"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/security/advisories/GHSA-wq2m-r96q-crrf"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25490"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd772839ee"
@@ -89,6 +93,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-02T23:02:33Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-03T19:16:26Z"
   }
 }

advisories/github-reviewed/2026/02/GHSA-wqc5-485v-3hqh/GHSA-wqc5-485v-3hqh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wqc5-485v-3hqh",
-  "modified": "2026-02-02T22:51:16Z",
+  "modified": "2026-02-03T21:40:29Z",
   "published": "2026-02-02T22:51:16Z",
   "aliases": [
     "CVE-2026-25487"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/security/advisories/GHSA-wqc5-485v-3hqh"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25487"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd772839ee"
@@ -89,6 +93,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-02T22:51:16Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-03T19:16:26Z"
   }
 }