Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-77fm-4w36-vpp3/GHSA-77fm-4w36-vpp3.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-77fm-4w36-vpp3",
-  "modified": "2022-05-14T02:35:28Z",
+  "modified": "2026-04-13T18:30:34Z",
   "published": "2022-05-14T02:35:28Z",
   "aliases": [
     "CVE-2012-1854"
   ],
   "details": "Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka \"Visual Basic for Applications Insecure Library Loading Vulnerability,\" as exploited in the wild in July 2012.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -18,17 +23,27 @@
       "type": "WEB",
       "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046"
     },
+    {
+      "type": "WEB",
+      "url": "https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-046"
+    },
     {
       "type": "WEB",
       "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1854"
+    },
     {
       "type": "WEB",
       "url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html"
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-426"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2022/05/GHSA-wxg9-xx37-xj49/GHSA-wxg9-xx37-xj49.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wxg9-xx37-xj49",
-  "modified": "2025-05-05T18:30:45Z",
+  "modified": "2026-04-13T18:30:34Z",
   "published": "2022-05-24T17:26:11Z",
   "aliases": [
     "CVE-2020-9715"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-48.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715"
+    },
     {
       "type": "WEB",
       "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-991"

advisories/unreviewed/2023/02/GHSA-hjxr-gv9h-rjxc/GHSA-hjxr-gv9h-rjxc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hjxr-gv9h-rjxc",
-  "modified": "2023-02-14T21:30:30Z",
+  "modified": "2026-04-13T18:30:34Z",
   "published": "2023-02-14T21:30:30Z",
   "aliases": [
     "CVE-2023-21529"
@@ -22,10 +22,20 @@
     {
       "type": "WEB",
       "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21529"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations"
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-502"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2023/11/GHSA-5wf7-vwpm-xxwx/GHSA-5wf7-vwpm-xxwx.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5wf7-vwpm-xxwx",
-  "modified": "2023-11-14T18:30:29Z",
+  "modified": "2026-04-13T18:30:34Z",
   "published": "2023-11-14T18:30:29Z",
   "aliases": [
     "CVE-2023-36424"
@@ -22,10 +22,16 @@
     {
       "type": "WEB",
       "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36424"
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-125"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/10/GHSA-9f23-58rv-2hx4/GHSA-9f23-58rv-2hx4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9f23-58rv-2hx4",
-  "modified": "2025-10-15T18:31:48Z",
+  "modified": "2026-04-13T18:30:34Z",
   "published": "2025-10-14T06:31:13Z",
   "aliases": [
     "CVE-2025-11731"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403688"
     },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/151"
+    },
     {
       "type": "WEB",
       "url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78"

advisories/unreviewed/2025/11/GHSA-wmgf-g9pc-mvh3/GHSA-wmgf-g9pc-mvh3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wmgf-g9pc-mvh3",
-  "modified": "2025-12-16T18:31:31Z",
+  "modified": "2026-04-13T18:30:34Z",
   "published": "2025-11-11T18:30:21Z",
   "aliases": [
     "CVE-2025-60710"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710"
+    },
     {
       "type": "WEB",
       "url": "https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks"

advisories/unreviewed/2026/02/GHSA-r6vr-hwpr-qqch/GHSA-r6vr-hwpr-qqch.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r6vr-hwpr-qqch",
-  "modified": "2026-03-30T15:31:34Z",
+  "modified": "2026-04-13T18:30:34Z",
   "published": "2026-02-06T09:30:29Z",
   "aliases": [
     "CVE-2026-21643"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/0xBlackash/CVE-2026-21643/blob/main/cve-2026-21643.py"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21643"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/04/GHSA-3677-p5q3-vx7h/GHSA-3677-p5q3-vx7h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3677-p5q3-vx7h",
-  "modified": "2026-04-08T09:31:32Z",
+  "modified": "2026-04-13T18:30:38Z",
   "published": "2026-04-08T09:31:32Z",
   "aliases": [
     "CVE-2026-39510"
   ],
   "details": "Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.11.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-639"
     ],
-    "severity": null,
+    "severity": "LOW",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T09:16:25Z"

advisories/unreviewed/2026/04/GHSA-3gpw-5r2f-ch38/GHSA-3gpw-5r2f-ch38.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3gpw-5r2f-ch38",
+  "modified": "2026-04-13T18:30:40Z",
+  "published": "2026-04-13T18:30:40Z",
+  "aliases": [
+    "CVE-2025-31991"
+  ],
+  "details": "Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit.  This vulnerability is fixed in 5.1.7.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31991"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130138"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-307"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-13T16:16:24Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-45jv-8hvx-m25c/GHSA-45jv-8hvx-m25c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-45jv-8hvx-m25c",
-  "modified": "2026-04-08T09:31:33Z",
+  "modified": "2026-04-13T18:30:38Z",
   "published": "2026-04-08T09:31:32Z",
   "aliases": [
     "CVE-2026-39571"
   ],
   "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-497"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T09:16:28Z"