Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2021/07/GHSA-jxhc-q857-3j6g/GHSA-jxhc-q857-3j6g.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jxhc-q857-3j6g",
-  "modified": "2021-08-30T22:21:20Z",
+  "modified": "2026-04-06T23:12:46Z",
   "published": "2021-07-12T16:58:33Z",
   "aliases": [
     "CVE-2021-32740"
   ],
   "summary": "Regular Expression Denial of Service in Addressable templates",
-  "details": "### Impact\n\nWithin the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected.\n\n### Patches\n\nThe vulnerability was introduced in version 2.3.0 (previously yanked) and has been present in all subsequent versions up to, and including, 2.7.0. It is fixed in version 2.8.0.\n\n### Workarounds\n\nThe vulnerability can be avoided by only creating Template objects from trusted sources that have been validated not to produce catastrophic backtracking.\n\n### References\n\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n- https://cwe.mitre.org/data/definitions/1333.html\n- https://www.regular-expressions.info/catastrophic.html\n\n### For more information\nIf you have any questions or comments about this advisory:\n* [Open an issue](https://github.com/sporkmonger/addressable/issues)\n",
+  "details": "### Impact\n\nWithin the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected.\n\n### Patches\n\nThe vulnerability was introduced in version 2.3.0 (previously yanked) and has been present in all subsequent versions up to, and including, 2.7.0. It is fixed in version 2.8.0.\n\n### Workarounds\n\nThe vulnerability can be avoided by only creating Template objects from trusted sources that have been validated not to produce catastrophic backtracking.\n\n### References\n\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n- https://cwe.mitre.org/data/definitions/1333.html\n- https://www.regular-expressions.info/catastrophic.html\n\n### For more information\nIf you have any questions or comments about this advisory:\n* [Open an issue](https://github.com/sporkmonger/addressable/issues)",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -82,6 +82,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-1333",
       "CWE-400"
     ],
     "severity": "HIGH",

advisories/github-reviewed/2026/03/GHSA-f8xp-wvcx-p6f4/GHSA-f8xp-wvcx-p6f4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f8xp-wvcx-p6f4",
-  "modified": "2026-03-31T22:31:54Z",
+  "modified": "2026-04-06T23:09:44Z",
   "published": "2026-03-31T22:31:54Z",
   "aliases": [
     "CVE-2026-25726"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/cloudreve/cloudreve/security/advisories/GHSA-f8xp-wvcx-p6f4"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25726"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/cloudreve/cloudreve"
@@ -56,6 +60,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-31T22:31:54Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-03T20:16:02Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-hqmj-h5c6-369m/GHSA-hqmj-h5c6-369m.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hqmj-h5c6-369m",
-  "modified": "2026-03-25T18:51:54Z",
+  "modified": "2026-04-06T23:11:55Z",
   "published": "2026-03-16T16:23:28Z",
   "aliases": [
     "CVE-2026-28500"
   ],
   "summary": "ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack",
-  "details": "## What's the issue\nPassing `silent=True` to `onnx.hub.load()` kills all trust warnings and user prompts. This means a model can be downloaded from any unverified GitHub repo with zero user awareness.\n \n```python\nif not _verify_repo_ref(repo) and not silent:\n    # completely skipped when silent=True\n    print(\"The model repo... is not trusted\")\n    if input().lower() != \"y\":\n        return None\n```\n \nOn top of that, the SHA256 integrity check is useless here — it validates against a manifest that lives in the same repo the attacker controls, so the hash will always match.\n\n \n## Impact\nAny pipeline using `hub.load()` with `silent=True` and an external repo string is silently loading whatever the repo owner ships. If that model executes arbitrary code on load, the attacker has access to the machine.\n \n## Resolved by removing the feature",
+  "details": "## What's the issue\nPassing `silent=True` to `onnx.hub.load()` kills all trust warnings and user prompts. This means a model can be downloaded from any unverified GitHub repo with zero user awareness.\n \n```python\nif not _verify_repo_ref(repo) and not silent:\n    # completely skipped when silent=True\n    print(\"The model repo... is not trusted\")\n    if input().lower() != \"y\":\n        return None\n```\n \nOn top of that, the SHA256 integrity check is useless here — it validates against a manifest that lives in the same repo the attacker controls, so the hash will always match.\n\n \n## Impact\nAny pipeline using `hub.load()` with `silent=True` and an external repo string is silently loading whatever the repo owner ships. If that model executes arbitrary code on load, the attacker has access to the machine.\n \n## Resolved by removing the feature \n## References\n \n- [Write-up](https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-28500.md)",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -28,11 +28,14 @@
               "introduced": "0"
             },
             {
-              "last_affected": "1.20.1"
+              "fixed": "1.21.0"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.20.1"
+      }
     }
   ],
   "references": [

advisories/github-reviewed/2026/04/GHSA-3c8v-cfp5-9885/GHSA-3c8v-cfp5-9885.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3c8v-cfp5-9885",
-  "modified": "2026-04-03T02:43:59Z",
+  "modified": "2026-04-06T23:11:04Z",
   "published": "2026-04-03T02:43:59Z",
   "aliases": [
     "CVE-2026-34776"
@@ -97,6 +97,10 @@
       "type": "WEB",
       "url": "https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34776"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/electron/electron"
@@ -109,6 +113,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-03T02:43:59Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-04T00:16:18Z"
   }
 }

advisories/github-reviewed/2026/04/GHSA-3jr7-6hqp-x679/GHSA-3jr7-6hqp-x679.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3jr7-6hqp-x679",
-  "modified": "2026-04-03T21:54:36Z",
+  "modified": "2026-04-06T23:11:36Z",
   "published": "2026-04-03T21:54:36Z",
   "aliases": [
     "CVE-2026-34824"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/mesop-dev/mesop/security/advisories/GHSA-3jr7-6hqp-x679"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34824"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/mesop-dev/mesop/commit/760a2079b5c609038c826d24dfbcf9b0be98d987"
@@ -55,11 +59,12 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-125",
       "CWE-400"
     ],
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-03T21:54:36Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-03T23:17:05Z"
   }
 }

advisories/github-reviewed/2026/04/GHSA-3vff-hjqv-m7h8/GHSA-3vff-hjqv-m7h8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3vff-hjqv-m7h8",
-  "modified": "2026-04-03T21:36:07Z",
+  "modified": "2026-04-06T23:09:55Z",
   "published": "2026-04-03T21:36:07Z",
   "aliases": [
     "CVE-2026-33709"
@@ -43,9 +43,17 @@
       "type": "WEB",
       "url": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-3vff-hjqv-m7h8"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33709"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/jupyterhub/jupyterhub"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jupyterhub/jupyterhub/releases/tag/5.4.4"
     }
   ],
   "database_specific": {
@@ -55,6 +63,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-03T21:36:07Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-03T22:16:26Z"
   }
 }

advisories/github-reviewed/2026/04/GHSA-4p4r-m79c-wq3v/GHSA-4p4r-m79c-wq3v.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4p4r-m79c-wq3v",
-  "modified": "2026-04-03T02:37:24Z",
+  "modified": "2026-04-06T23:10:30Z",
   "published": "2026-04-03T02:37:24Z",
   "aliases": [
     "CVE-2026-34767"
@@ -97,6 +97,10 @@
       "type": "WEB",
       "url": "https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34767"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/electron/electron"
@@ -110,6 +114,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-03T02:37:24Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-04T00:16:17Z"
   }
 }

advisories/github-reviewed/2026/04/GHSA-532v-xpq5-8h95/GHSA-532v-xpq5-8h95.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-532v-xpq5-8h95",
-  "modified": "2026-04-03T02:42:27Z",
+  "modified": "2026-04-06T23:10:55Z",
   "published": "2026-04-03T02:42:27Z",
   "aliases": [
     "CVE-2026-34774"
@@ -78,6 +78,10 @@
       "type": "WEB",
       "url": "https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34774"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/electron/electron"
@@ -90,6 +94,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-03T02:42:27Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-04T00:16:18Z"
   }
 }

advisories/github-reviewed/2026/04/GHSA-5rqw-r77c-jp79/GHSA-5rqw-r77c-jp79.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5rqw-r77c-jp79",
-  "modified": "2026-04-03T02:46:16Z",
+  "modified": "2026-04-06T23:11:15Z",
   "published": "2026-04-03T02:46:16Z",
   "aliases": [
     "CVE-2026-34779"
@@ -97,6 +97,10 @@
       "type": "WEB",
       "url": "https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34779"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/electron/electron"
@@ -109,6 +113,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-04-03T02:46:16Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-04-04T00:16:19Z"
   }
 }

advisories/github-reviewed/2026/04/GHSA-63hf-3vf5-4wqf/GHSA-63hf-3vf5-4wqf.json

@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-63hf-3vf5-4wqf",
-  "modified": "2026-04-01T21:49:06Z",
+  "modified": "2026-04-06T23:12:09Z",
   "published": "2026-04-01T21:49:06Z",
   "aliases": [
     "CVE-2026-34520"
   ],
   "summary": "AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass",
   "details": "### Summary\n\nThe C parser (the default for most installs) accepted null bytes and control characters is response headers.\n\n### Impact\n\nAn attacker could send header values that are interpreted differently than expected due to the presence of control characters. For example, `request.url.origin()` may return a different value than the raw Host header, or what a reverse proxy interpreted it as., potentially resulting in some kind of security bypass.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"