Skip to content

Commit c1eb2ff

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-24j9-x2wg-9qv6 GHSA-2943-crp8-38xx GHSA-3mcx-6wxm-qr8v GHSA-8647-755q-fw9p GHSA-ff24-4prj-gpmj GHSA-fvcv-3m26-pcqx GHSA-fw9q-39r9-c252 GHSA-r854-jrxh-36qx GHSA-rv64-5gf8-9qq8 GHSA-wvhv-qcqf-f3cx GHSA-x4m4-345f-5h5g GHSA-24j9-x2wg-9qv6 GHSA-rv64-5gf8-9qq8 GHSA-x4m4-345f-5h5g
1 parent c16772c commit c1eb2ff

File tree

14 files changed

+709
-137
lines changed

14 files changed

+709
-137
lines changed

advisories/github-reviewed/2026/04/GHSA-24j9-x2wg-9qv6/GHSA-24j9-x2wg-9qv6.json

Lines changed: 217 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,217 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-24j9-x2wg-9qv6",
4+
"modified": "2026-04-10T21:38:56Z",
5+
"published": "2026-04-09T21:31:30Z",
6+
"aliases": [
7+
"CVE-2026-34500"
8+
],
9+
"summary": "Apache Tomcat: CLIENT_CERT authentication does not fail as expected",
10+
"details": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "org.apache.tomcat:tomcat-catalina"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "9.0.92"
29+
},
30+
{
31+
"fixed": "9.0.117"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Maven",
40+
"name": "org.apache.tomcat:tomcat-catalina"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "10.1.22"
48+
},
49+
{
50+
"fixed": "10.1.54"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Maven",
59+
"name": "org.apache.tomcat:tomcat-catalina"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "11.0.0-M14"
67+
},
68+
{
69+
"fixed": "11.0.21"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Maven",
78+
"name": "org.apache.tomcat:tomcat"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "9.0.92"
86+
},
87+
{
88+
"fixed": "9.0.117"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Maven",
97+
"name": "org.apache.tomcat:tomcat"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "10.1.22"
105+
},
106+
{
107+
"fixed": "10.1.54"
108+
}
109+
]
110+
}
111+
]
112+
},
113+
{
114+
"package": {
115+
"ecosystem": "Maven",
116+
"name": "org.apache.tomcat:tomcat"
117+
},
118+
"ranges": [
119+
{
120+
"type": "ECOSYSTEM",
121+
"events": [
122+
{
123+
"introduced": "11.0.0-M14"
124+
},
125+
{
126+
"fixed": "11.0.21"
127+
}
128+
]
129+
}
130+
]
131+
},
132+
{
133+
"package": {
134+
"ecosystem": "Maven",
135+
"name": "org.apache.tomcat.embed:tomcat-embed-core"
136+
},
137+
"ranges": [
138+
{
139+
"type": "ECOSYSTEM",
140+
"events": [
141+
{
142+
"introduced": "9.0.92"
143+
},
144+
{
145+
"fixed": "9.0.117"
146+
}
147+
]
148+
}
149+
]
150+
},
151+
{
152+
"package": {
153+
"ecosystem": "Maven",
154+
"name": "org.apache.tomcat.embed:tomcat-embed-core"
155+
},
156+
"ranges": [
157+
{
158+
"type": "ECOSYSTEM",
159+
"events": [
160+
{
161+
"introduced": "10.1.22"
162+
},
163+
{
164+
"fixed": "10.1.54"
165+
}
166+
]
167+
}
168+
]
169+
},
170+
{
171+
"package": {
172+
"ecosystem": "Maven",
173+
"name": "org.apache.tomcat.embed:tomcat-embed-core"
174+
},
175+
"ranges": [
176+
{
177+
"type": "ECOSYSTEM",
178+
"events": [
179+
{
180+
"introduced": "11.0.0-M14"
181+
},
182+
{
183+
"fixed": "11.0.21"
184+
}
185+
]
186+
}
187+
]
188+
}
189+
],
190+
"references": [
191+
{
192+
"type": "ADVISORY",
193+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34500"
194+
},
195+
{
196+
"type": "PACKAGE",
197+
"url": "https://github.com/apache/tomcat"
198+
},
199+
{
200+
"type": "WEB",
201+
"url": "https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2"
202+
},
203+
{
204+
"type": "WEB",
205+
"url": "http://www.openwall.com/lists/oss-security/2026/04/09/29"
206+
}
207+
],
208+
"database_specific": {
209+
"cwe_ids": [
210+
"CWE-287"
211+
],
212+
"severity": "MODERATE",
213+
"github_reviewed": true,
214+
"github_reviewed_at": "2026-04-10T21:38:56Z",
215+
"nvd_published_at": "2026-04-09T20:16:25Z"
216+
}
217+
}

advisories/github-reviewed/2026/04/GHSA-2943-crp8-38xx/GHSA-2943-crp8-38xx.json

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2943-crp8-38xx",
4-
"modified": "2026-04-10T20:00:28Z",
4+
"modified": "2026-04-10T21:37:27Z",
55
"published": "2026-04-10T20:00:28Z",
66
"aliases": [
77
"CVE-2026-40188"
@@ -40,6 +40,10 @@
4040
"type": "WEB",
4141
"url": "https://github.com/patrickhener/goshs/security/advisories/GHSA-2943-crp8-38xx"
4242
},
43+
{
44+
"type": "ADVISORY",
45+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40188"
46+
},
4347
{
4448
"type": "WEB",
4549
"url": "https://github.com/patrickhener/goshs/commit/141c188ce270ffbec087844a50e5e695b7da7744"
@@ -60,6 +64,6 @@
6064
"severity": "HIGH",
6165
"github_reviewed": true,
6266
"github_reviewed_at": "2026-04-10T20:00:28Z",
63-
"nvd_published_at": null
67+
"nvd_published_at": "2026-04-10T20:16:23Z"
6468
}
6569
}

advisories/github-reviewed/2026/04/GHSA-3mcx-6wxm-qr8v/GHSA-3mcx-6wxm-qr8v.json

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3mcx-6wxm-qr8v",
4-
"modified": "2026-04-10T19:48:08Z",
4+
"modified": "2026-04-10T21:37:11Z",
55
"published": "2026-04-10T19:47:31Z",
66
"aliases": [
77
"CVE-2026-40177"
@@ -40,6 +40,10 @@
4040
"type": "WEB",
4141
"url": "https://github.com/ajenti/ajenti/security/advisories/GHSA-3mcx-6wxm-qr8v"
4242
},
43+
{
44+
"type": "ADVISORY",
45+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40177"
46+
},
4347
{
4448
"type": "PACKAGE",
4549
"url": "https://github.com/ajenti/ajenti"
@@ -52,6 +56,6 @@
5256
"severity": "CRITICAL",
5357
"github_reviewed": true,
5458
"github_reviewed_at": "2026-04-10T19:47:31Z",
55-
"nvd_published_at": null
59+
"nvd_published_at": "2026-04-10T20:16:22Z"
5660
}
5761
}

advisories/github-reviewed/2026/04/GHSA-8647-755q-fw9p/GHSA-8647-755q-fw9p.json

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-8647-755q-fw9p",
4-
"modified": "2026-04-10T19:54:41Z",
4+
"modified": "2026-04-10T21:37:21Z",
55
"published": "2026-04-10T19:54:41Z",
66
"aliases": [
77
"CVE-2026-40178"
@@ -43,6 +43,10 @@
4343
"type": "WEB",
4444
"url": "https://github.com/ajenti/ajenti/security/advisories/GHSA-8647-755q-fw9p"
4545
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40178"
49+
},
4650
{
4751
"type": "PACKAGE",
4852
"url": "https://github.com/ajenti/ajenti"
@@ -56,6 +60,6 @@
5660
"severity": "MODERATE",
5761
"github_reviewed": true,
5862
"github_reviewed_at": "2026-04-10T19:54:41Z",
59-
"nvd_published_at": null
63+
"nvd_published_at": "2026-04-10T20:16:23Z"
6064
}
6165
}

advisories/github-reviewed/2026/04/GHSA-ff24-4prj-gpmj/GHSA-ff24-4prj-gpmj.json

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-ff24-4prj-gpmj",
4-
"modified": "2026-04-10T20:59:27Z",
4+
"modified": "2026-04-10T21:37:59Z",
55
"published": "2026-04-10T20:59:27Z",
66
"aliases": [
77
"CVE-2026-40242"
@@ -43,6 +43,10 @@
4343
"type": "WEB",
4444
"url": "https://github.com/getarcaneapp/arcane/security/advisories/GHSA-ff24-4prj-gpmj"
4545
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40242"
49+
},
4650
{
4751
"type": "PACKAGE",
4852
"url": "https://github.com/getarcaneapp/arcane"
@@ -59,6 +63,6 @@
5963
"severity": "HIGH",
6064
"github_reviewed": true,
6165
"github_reviewed_at": "2026-04-10T20:59:27Z",
62-
"nvd_published_at": null
66+
"nvd_published_at": "2026-04-10T21:16:27Z"
6367
}
6468
}

advisories/github-reviewed/2026/04/GHSA-fvcv-3m26-pcqx/GHSA-fvcv-3m26-pcqx.json

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-fvcv-3m26-pcqx",
4-
"modified": "2026-04-10T19:47:16Z",
4+
"modified": "2026-04-10T21:37:07Z",
55
"published": "2026-04-10T19:47:16Z",
66
"aliases": [
77
"CVE-2026-40175"
@@ -40,6 +40,14 @@
4040
"type": "WEB",
4141
"url": "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx"
4242
},
43+
{
44+
"type": "ADVISORY",
45+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40175"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/axios/axios/pull/10660"
50+
},
4351
{
4452
"type": "WEB",
4553
"url": "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1"
@@ -62,6 +70,6 @@
6270
"severity": "CRITICAL",
6371
"github_reviewed": true,
6472
"github_reviewed_at": "2026-04-10T19:47:16Z",
65-
"nvd_published_at": null
73+
"nvd_published_at": "2026-04-10T20:16:22Z"
6674
}
6775
}

advisories/github-reviewed/2026/04/GHSA-fw9q-39r9-c252/GHSA-fw9q-39r9-c252.json

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-fw9q-39r9-c252",
4-
"modified": "2026-04-10T20:18:03Z",
4+
"modified": "2026-04-10T21:37:36Z",
55
"published": "2026-04-10T20:18:02Z",
66
"aliases": [
77
"CVE-2026-40190"
@@ -43,6 +43,10 @@
4343
"type": "WEB",
4444
"url": "https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-fw9q-39r9-c252"
4545
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40190"
49+
},
4650
{
4751
"type": "WEB",
4852
"url": "https://github.com/langchain-ai/langsmith-sdk/pull/2690"
@@ -63,6 +67,6 @@
6367
"severity": "MODERATE",
6468
"github_reviewed": true,
6569
"github_reviewed_at": "2026-04-10T20:18:02Z",
66-
"nvd_published_at": null
70+
"nvd_published_at": "2026-04-10T20:16:24Z"
6771
}
6872
}

0 commit comments

Comments
 (0)