Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit dd63257bd8a8 · 2026-03-16T16:23:52.000Z
GHSA-5pwr-322w-8jr4 GHSA-6jj5-j4j8-8473 GHSA-hqmj-h5c6-369m
diff --git a/advisories/github-reviewed/2026/03/GHSA-5pwr-322w-8jr4/GHSA-5pwr-322w-8jr4.json b/advisories/github-reviewed/2026/03/GHSA-5pwr-322w-8jr4/GHSA-5pwr-322w-8jr4.json
@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5pwr-322w-8jr4",
+  "modified": "2026-03-16T16:22:29Z",
+  "published": "2026-03-16T16:22:29Z",
+  "aliases": [
+    "CVE-2026-27459"
+  ],
+  "summary": "pyOpenSSL DTLS cookie callback buffer overflow",
+  "details": "If a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer.\n\nCookie values that are too long are now rejected.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "pyopenssl"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "22.0.0"
+            },
+            {
+              "fixed": "26.0.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/pyca/pyopenssl"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-16T16:22:29Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-6jj5-j4j8-8473/GHSA-6jj5-j4j8-8473.json b/advisories/github-reviewed/2026/03/GHSA-6jj5-j4j8-8473/GHSA-6jj5-j4j8-8473.json
@@ -0,0 +1,67 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6jj5-j4j8-8473",
+  "modified": "2026-03-16T16:22:56Z",
+  "published": "2026-03-16T16:22:56Z",
+  "aliases": [
+    "CVE-2026-28499"
+  ],
+  "summary": "LeafKit's HTML escaping may be skipped for Collection values, enabling XSS",
+  "details": "### Summary\nLeafKit HTML-escaping is not working correctly when a template prints a collection (Array / Dictionary) via `#(value)`. This can result in XSS, allowing potentially untrusted input to be rendered unescaped.\n\n### Details\nLeafKit attempts to escape expressions during serialization, but due to [`LeafData.htmlEscaped()`](https://github.com/vapor/leaf-kit/blob/8ff06839d8b3ddf74032d2ade01e3453eb556d30/Sources/LeafKit/LeafData/LeafData.swift#L322)'s implementation, when the escaped type's conversion to `String` is marked as `.ambiguous` (as it is the case for Arrays and Dictionaries), an unescaped `self` is returned.\n\n> **Note: I recommend first looking at the POC, before taking a look at the details below, as it is simple.** In the detailed, verbose analysis below, I explored the functions involved in more detail, in hopes that it will help you understand and locate this issue.\n\n#### The issue's detailed analysis:\n1. Leaf expression serialization eventually reaches `LeafSerializer`'s `serialize` private function below.  This is where the `leafData` is `.htmlEscaped()`, and then serialized.\n\nhttps://github.com/vapor/leaf-kit/blob/8ff06839d8b3ddf74032d2ade01e3453eb556d30/Sources/LeafKit/LeafSerialize/LeafSerializer.swift#L60-L66\n\n2. The `LeafData.htmlEscaped()` method uses the `LeafData.string` computed property to convert itself to a string. Then, it calls the `htmlEscaped()` method on it. However, if the string conversion fails, notice that an unescaped, unsafe `self` is returned (line 324 below):\n\nhttps://github.com/vapor/leaf-kit/blob/8ff06839d8b3ddf74032d2ade01e3453eb556d30/Sources/LeafKit/LeafData/LeafData.swift#L321-L328\n\n\n3. Regarding why `.string` may return nil, if the escaped value is not a string already, a convesion is attempted, which may fail.\n\nhttps://github.com/vapor/leaf-kit/blob/8ff06839d8b3ddf74032d2ade01e3453eb556d30/Sources/LeafKit/LeafData/LeafData.swift#L211-L216\n\nIn this specific case, the conversion fails at line 303 below, when `conversion.is >= level` is checked. The check fails because [`.array` and `.dictionary` conversions to `.string` are deemed `.ambiguous`](https://github.com/vapor/leaf-kit/blob/8ff06839d8b3ddf74032d2ade01e3453eb556d30/Sources/LeafKit/LeafData/LeafData.swift#L525-L535). If we forcefully allow ambiguous conversions, the vulnerability disappears, as the conversion is successful.\n\nhttps://github.com/vapor/leaf-kit/blob/8ff06839d8b3ddf74032d2ade01e3453eb556d30/Sources/LeafKit/LeafData/LeafData.swift#L295-L319\n\n5. Coming back to `LeafSerializer`'s `serialize` private method, we are now interested in finding out what happens after `LeafData.htmlEscaped()` returns self. Recall from `1.` that the output was then `.serialized()`. Thus, the unescaped `LeafData` follows the normal serialization path, as if it were HTML-escaped. More specifically, serialization is done [here](https://github.com/vapor/leaf-kit/blob/8ff06839d8b3ddf74032d2ade01e3453eb556d30/Sources/LeafKit/LeafData/LeafDataStorage.swift#L52-L63), where `.map` / `.mapValues` is called, unsafely serializing each element of the dictionary.\n\n### PoC\n<!-- _Complete instructions, including specific configuration details, to reproduce the vulnerability._ -->\n\nIn a new Vapor project created with `vapor new poc -n --leaf`, use a simple leaf template like the following:\n```html\n<!doctype html>\n<html>\n    <body>\n    <h1>#(username)</h1>\n      <h2>someDict:</h2>\n      <p>#(someDict)</p>\n  </body>\n</html>\n```\n\nAnd the following `routes.swift`:\n```swift\nimport Vapor\n\nstruct User: Encodable {\n    var username: String\n    var someDict: [String: String]\n}\n\nfunc routes(_ app: Application) throws {\n    app.get { req async throws in\n        try await req.view.render(\"index\", User(\n            username: \"Escaped XSS - <img src=x onerror=alert(1)>\",\n            someDict: [\"<img src=x onerror=alert(1337)>\":\"<img src=x onerror=alert(31337)>\"]\n        ))\n    }\n}\n\n```\n\nBy running and accessing the server in a browser, XSS should be triggered twice (with `alert(1337)` and `alert(31337)`). `var someDict: [String: String]` could also be replaced with an array / dictionary of a different type, such as another `Encodable` stuct.\n\nAlso note that, in a real concerning scenario, the array / dictionary would contain (i.e. reflect) data inputted by the user.\n\n### Impact\nThis is a cross-site scripting (XSS) vulnerability in rendered Leaf templates. Vapor/Leaf applications that render user-controlled data inside arrays or dictionaries using `#(value)` may be impacted.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "SwiftURL",
+        "name": "leaf-kit"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.14.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/vapor/leaf-kit/security/advisories/GHSA-6jj5-j4j8-8473"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/vapor/leaf-kit/commit/6044b844caa858a0c5f2505ac166f5a057c990dc"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/vapor/leaf-kit"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/vapor/leaf-kit/releases/tag/1.14.2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-116",
+      "CWE-79",
+      "CWE-80"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-16T16:22:56Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-hqmj-h5c6-369m/GHSA-hqmj-h5c6-369m.json b/advisories/github-reviewed/2026/03/GHSA-hqmj-h5c6-369m/GHSA-hqmj-h5c6-369m.json
@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hqmj-h5c6-369m",
+  "modified": "2026-03-16T16:23:28Z",
+  "published": "2026-03-16T16:23:28Z",
+  "aliases": [
+    "CVE-2026-28500"
+  ],
+  "summary": "ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack",
+  "details": "### Summary\n\nA security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts.\n### The Technical Flaw\nThe vulnerability is located in onnx/hub.py. The security gate uses a short-circuit evaluation that prioritizes the \"silent\" preference over the trust requirement:\n```Python\nif not _verify_repo_ref(repo) and not silent:\n    # This block (Warning + User Input) is SKIPPED if silent=True\n    print(\"The model repo... is not trusted\")\n    if input().lower() != \"y\":\n        return None\n```\n**Key Points of Failure**:\nComplete Suppression: If a developer or a third-party library sets silent=True, the application will download and execute models from any attacker-controlled GitHub repository without notifying the user.\n**Integrity Verification Bypass**: The SHA256 integrity check validates the model against a manifest file. Since the attacker controls the repository, they also control the manifest, allowing them to provide a \"valid\" hash for a malicious model.\n### Impact\nThis vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities , an attacker can silently exfiltrate sensitive files ( SSH keys, cloud credentials) from the victim's machine the moment the model is loaded.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "onnx"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "1.20.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/onnx/onnx/security/advisories/GHSA-hqmj-h5c6-369m"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-28500.md"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/onnx/onnx"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-345",
+      "CWE-494",
+      "CWE-693"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-16T16:23:28Z",
+    "nvd_published_at": null
+  }
+}
