Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v6c5-9mp4-mwq4",
-  "modified": "2026-01-22T18:30:29Z",
+  "modified": "2026-01-27T09:30:29Z",
   "published": "2025-11-26T15:34:12Z",
   "aliases": [
     "CVE-2025-13601"
@@ -31,6 +31,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0991"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:1323"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:1327"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-13601"

advisories/unreviewed/2026/01/GHSA-237f-mxrr-mcvr/GHSA-237f-mxrr-mcvr.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-237f-mxrr-mcvr",
+  "modified": "2026-01-27T09:30:30Z",
+  "published": "2026-01-27T09:30:30Z",
+  "aliases": [
+    "CVE-2026-24816"
+  ],
+  "details": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in datavane tis (tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules). This vulnerability is associated with program files ChangeDomainAction.Java.\n\nThis issue affects tis: before v4.3.0.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Red"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24816"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/datavane/tis/pull/444"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-835"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T09:15:52Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-23f4-hfmq-94mj/GHSA-23f4-hfmq-94mj.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-23f4-hfmq-94mj",
+  "modified": "2026-01-27T09:30:30Z",
+  "published": "2026-01-27T09:30:30Z",
+  "aliases": [
+    "CVE-2026-24807"
+  ],
+  "details": "Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java.\n\nThis issue affects quick-media: before v1.0.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24807"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/liuyueyi/quick-media/pull/123"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-347"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T09:15:50Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-23fx-gfqr-cvpx/GHSA-23fx-gfqr-cvpx.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-23fx-gfqr-cvpx",
+  "modified": "2026-01-27T09:30:30Z",
+  "published": "2026-01-27T09:30:30Z",
+  "aliases": [
+    "CVE-2026-24798"
+  ],
+  "details": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine (prog/3rdPartyLibs/miniupnpc modules). This vulnerability is associated with program files upnpreplyparse.C.\n\nThis issue affects DagorEngine: through dagor_2025_01_15.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Amber"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24798"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/GaijinEntertainment/DagorEngine/pull/136"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T09:15:49Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2f52-79rv-444c/GHSA-2f52-79rv-444c.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2f52-79rv-444c",
+  "modified": "2026-01-27T09:30:30Z",
+  "published": "2026-01-27T09:30:30Z",
+  "aliases": [
+    "CVE-2026-24820"
+  ],
+  "details": "Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C.\n\nThis issue affects WickedEngine: before 0.71.705.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24820"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/turanszkij/WickedEngine/pull/1054"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T09:15:52Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2rr6-9w84-3v7p/GHSA-2rr6-9w84-3v7p.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rr6-9w84-3v7p",
+  "modified": "2026-01-27T09:30:30Z",
+  "published": "2026-01-27T09:30:30Z",
+  "aliases": [
+    "CVE-2026-24814"
+  ],
+  "details": "Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is associated with program files sds.C.\n\nThis issue affects swoole-src: before 6.0.2.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Red"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24814"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/swoole/swoole-src/pull/5698"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-190"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T09:15:51Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2xjq-x834-qrr3/GHSA-2xjq-x834-qrr3.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2xjq-x834-qrr3",
+  "modified": "2026-01-27T09:30:30Z",
+  "published": "2026-01-27T09:30:30Z",
+  "aliases": [
+    "CVE-2026-24809"
+  ],
+  "details": "An issue from the component luaG_runerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:D/RE:M/U:Amber"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24809"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/praydog/REFramework/pull/1320"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T09:15:51Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3793-6r8q-vqxq/GHSA-3793-6r8q-vqxq.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3793-6r8q-vqxq",
+  "modified": "2026-01-27T09:30:29Z",
+  "published": "2026-01-27T09:30:29Z",
+  "aliases": [
+    "CVE-2026-1465"
+  ],
+  "details": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource (third_party/faad2-2.7/libfaad modules). This vulnerability is associated with program files bits.C, syntax.C.\n\nThis issue affects anyRTC-RTMP-OpenSource: before 1.0.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Amber"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1465"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/anyrtcIO-Community/anyRTC-RTMP-OpenSource/pull/166"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T09:15:48Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3jw7-fx6j-pr6g/GHSA-3jw7-fx6j-pr6g.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3jw7-fx6j-pr6g",
+  "modified": "2026-01-27T09:30:30Z",
+  "published": "2026-01-27T09:30:30Z",
+  "aliases": [
+    "CVE-2026-24813"
+  ],
+  "details": "NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vulnerability is associated with program files cJSON.Cpp.\n\nThis issue affects SKRoot-linuxKernelRoot.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Amber"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24813"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/abcz316/SKRoot-linuxKernelRoot/pull/116"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T09:15:51Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-3qgq-r69m-f2f7/GHSA-3qgq-r69m-f2f7.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3qgq-r69m-f2f7",
+  "modified": "2026-01-27T09:30:30Z",
+  "published": "2026-01-27T09:30:30Z",
+  "aliases": [
+    "CVE-2026-24812"
+  ],
+  "details": "Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inftrees.C.\n\nThis issue affects root: through 6.36.00-rc1.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24812"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/root-project/root/pull/18527"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-27T09:15:51Z"
+  }
+}