Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2025/11/GHSA-24hm-wm2h-h8w7/GHSA-24hm-wm2h-h8w7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-24hm-wm2h-h8w7",
-  "modified": "2025-12-01T23:57:53Z",
+  "modified": "2026-01-29T03:30:58Z",
   "published": "2025-11-28T06:32:06Z",
   "aliases": [
     "CVE-2025-66371"
@@ -55,6 +55,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/iterasdev/peppol-py/releases/tag/1.1.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://invoice.secvuln.info"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2026/01/GHSA-8p9x-46gm-qfx2/GHSA-8p9x-46gm-qfx2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8p9x-46gm-qfx2",
-  "modified": "2026-01-27T18:01:26Z",
+  "modified": "2026-01-29T03:31:31Z",
   "published": "2026-01-27T18:01:26Z",
   "aliases": [
     "CVE-2026-22039"
@@ -59,6 +59,10 @@
       "type": "WEB",
       "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-8p9x-46gm-qfx2"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22039"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/kyverno/kyverno/commit/e0ba4de4f1e0ca325066d5095db51aec45b1407b"
@@ -80,6 +84,6 @@
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2026-01-27T18:01:26Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-01-27T17:16:12Z"
   }
 }

advisories/github-reviewed/2026/01/GHSA-r2rj-wwm5-x6mq/GHSA-r2rj-wwm5-x6mq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r2rj-wwm5-x6mq",
-  "modified": "2026-01-27T18:02:22Z",
+  "modified": "2026-01-29T03:31:12Z",
   "published": "2026-01-27T18:02:22Z",
   "aliases": [
     "CVE-2026-23881"
@@ -59,6 +59,10 @@
       "type": "WEB",
       "url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-r2rj-wwm5-x6mq"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23881"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/kyverno/kyverno/commit/7a651be3a8c78dcabfbf4178b8d89026bf3b850f"
@@ -79,6 +83,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-01-27T18:02:22Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-01-27T17:16:12Z"
   }
 }

advisories/github-reviewed/2026/01/GHSA-vc8c-j3xm-xj73/GHSA-vc8c-j3xm-xj73.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vc8c-j3xm-xj73",
-  "modified": "2026-01-27T00:48:20Z",
+  "modified": "2026-01-29T03:28:33Z",
   "published": "2026-01-27T00:48:20Z",
   "aliases": [
     "CVE-2026-24116"
@@ -81,6 +81,10 @@
       "type": "WEB",
       "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24116"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/bytecodealliance/wasmtime/commit/728fa07184f8da2a046f48ef9b61f869dce133a6"
@@ -108,6 +112,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/bytecodealliance/wasmtime"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0006.html"
     }
   ],
   "database_specific": {
@@ -117,6 +125,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-01-27T00:48:20Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-01-27T19:16:16Z"
   }
 }

advisories/unreviewed/2025/02/GHSA-5ggv-478m-c2xw/GHSA-5ggv-478m-c2xw.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-77"
+      "CWE-77",
+      "CWE-78"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/02/GHSA-jj9w-p5wc-95q5/GHSA-jj9w-p5wc-95q5.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-284"
+      "CWE-284",
+      "CWE-434"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/03/GHSA-j6jw-hg33-x575/GHSA-j6jw-hg33-x575.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j6jw-hg33-x575",
-  "modified": "2025-03-01T00:31:55Z",
+  "modified": "2026-01-29T03:31:24Z",
   "published": "2025-03-01T00:31:55Z",
   "aliases": [
     "CVE-2024-1509"
   ],
   "details": "Brocade ASCG before 3.2.0 Web Interface  is not \nenforcing HSTS, as defined by RFC 6797. HSTS is an optional response \nheader that can be configured on the server to instruct the browser to \nonly communicate via HTTPS. The lack of HSTS allows downgrade attacks, \nSSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking \nprotections.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/09/GHSA-4pvg-877c-6rg9/GHSA-4pvg-877c-6rg9.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4pvg-877c-6rg9",
-  "modified": "2025-09-10T12:30:20Z",
+  "modified": "2026-01-29T03:31:24Z",
   "published": "2025-09-10T12:30:20Z",
   "aliases": [
     "CVE-2025-10213"
   ],
   "details": "DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\\Users\\<user>\\AppData\\Local\\Microsoft\\WindowsApps\\' directory, which could lead to arbitrary code execution and persistence.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-3f5c-485h-v36h/GHSA-3f5c-485h-v36h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3f5c-485h-v36h",
-  "modified": "2026-01-22T18:30:33Z",
+  "modified": "2026-01-29T03:31:26Z",
   "published": "2026-01-22T18:30:33Z",
   "aliases": [
     "CVE-2025-67620"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CleverSoft Anon anon2x allows Reflected XSS.This issue affects Anon: from n/a through <= 2.2.10.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:16:02Z"

advisories/unreviewed/2026/01/GHSA-4676-qh4g-4h4x/GHSA-4676-qh4g-4h4x.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4676-qh4g-4h4x",
-  "modified": "2026-01-22T18:30:34Z",
+  "modified": "2026-01-29T03:31:26Z",
   "published": "2026-01-22T18:30:34Z",
   "aliases": [
     "CVE-2025-67947"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through <= 3.0.11.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:16:04Z"