Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/10/GHSA-7p24-rq5q-3rrv/GHSA-7p24-rq5q-3rrv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7p24-rq5q-3rrv",
-  "modified": "2025-10-16T18:30:23Z",
+  "modified": "2026-02-03T00:30:16Z",
   "published": "2025-10-16T15:30:43Z",
   "aliases": [
     "CVE-2025-22381"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/bugdotexe/Vulnerability-Research/tree/main/CVE-2025-22381"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pescada-dev/CVE-2025-22381"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v6c5-9mp4-mwq4",
-  "modified": "2026-02-02T12:31:14Z",
+  "modified": "2026-02-03T00:30:17Z",
   "published": "2025-11-26T15:34:12Z",
   "aliases": [
     "CVE-2025-13601"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-13601"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:1736"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:1652"

advisories/unreviewed/2026/01/GHSA-39h2-3mq3-959g/GHSA-39h2-3mq3-959g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-39h2-3mq3-959g",
-  "modified": "2026-01-26T15:30:49Z",
+  "modified": "2026-02-03T00:30:17Z",
   "published": "2026-01-21T00:31:42Z",
   "aliases": [
     "CVE-2025-11468"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0"

advisories/unreviewed/2026/01/GHSA-4wp9-cf5h-v2g5/GHSA-4wp9-cf5h-v2g5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4wp9-cf5h-v2g5",
-  "modified": "2026-01-28T18:30:41Z",
+  "modified": "2026-02-03T00:30:17Z",
   "published": "2026-01-21T00:31:43Z",
   "aliases": [
     "CVE-2026-21962"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://github.com/Ashwesker/Ashwesker-CVE-2026-21962"
     },
+    {
+      "type": "WEB",
+      "url": "https://web.archive.org/web/20260129165916/https://github.com/Ashwesker/Ashwesker-CVE-2026-21962/issues/1"
+    },
     {
       "type": "WEB",
       "url": "https://www.oracle.com/security-alerts/cpujan2026.html"

advisories/unreviewed/2026/01/GHSA-mr6c-6hx8-737r/GHSA-mr6c-6hx8-737r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mr6c-6hx8-737r",
-  "modified": "2026-01-29T21:30:30Z",
+  "modified": "2026-02-03T00:30:17Z",
   "published": "2026-01-29T21:30:30Z",
   "aliases": [
     "CVE-2025-63649"
   ],
   "details": "An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-29T20:16:08Z"

advisories/unreviewed/2026/01/GHSA-vmpg-m2mf-cwrv/GHSA-vmpg-m2mf-cwrv.json

@@ -30,7 +30,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-120"
+      "CWE-120",
+      "CWE-20"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2026/02/GHSA-2rh6-mp5g-j2gf/GHSA-2rh6-mp5g-j2gf.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rh6-mp5g-j2gf",
+  "modified": "2026-02-03T00:30:18Z",
+  "published": "2026-02-03T00:30:18Z",
+  "aliases": [
+    "CVE-2025-36436"
+  ],
+  "details": "IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007  is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36436"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7259318"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-02T23:15:59Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-2rrf-rvr2-f97v/GHSA-2rrf-rvr2-f97v.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2rrf-rvr2-f97v",
-  "modified": "2026-02-02T09:30:31Z",
+  "modified": "2026-02-03T00:30:18Z",
   "published": "2026-02-02T09:30:31Z",
   "aliases": [
     "CVE-2026-20403"
   ],
   "details": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-787"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-02-02T09:15:54Z"

advisories/unreviewed/2026/02/GHSA-33j4-gghf-cv63/GHSA-33j4-gghf-cv63.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-33j4-gghf-cv63",
+  "modified": "2026-02-03T00:30:18Z",
+  "published": "2026-02-03T00:30:18Z",
+  "aliases": [
+    "CVE-2025-12679"
+  ],
+  "details": "A vulnerability in Brocade SANnav before 2.4.0b prints the \nPassword-Based Encryption (PBE) key in plaintext in the system audit log\n file. The vulnerability could allow a remote authenticated attacker \nwith access to the audit logs to access the pbe key.\n\nNote: The vulnerability is only triggered during a migration and not \nin a new installation. The system audit logs are accessible only to a \nprivileged user on the server.\n\n\n\nThese audit logs are the local server VM’s audit logs and are not \ncontrolled by SANnav. These logs are only visible to the server admin of\n the host server and are not visible to the SANnav admin or any SANnav \nuser.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12679"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36845"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-312"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-02T23:15:58Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-39fr-2fph-j42r/GHSA-39fr-2fph-j42r.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-39fr-2fph-j42r",
+  "modified": "2026-02-03T00:30:19Z",
+  "published": "2026-02-03T00:30:19Z",
+  "aliases": [
+    "CVE-2025-61640"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js.\n\nThis issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61640"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phabricator.wikimedia.org/T402075"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T00:16:09Z"
+  }
+}