Publish Advisories

GHSA-2v7h-6c67-v7p4
GHSA-6q56-mrmc-cph4
GHSA-f2p8-hh36-r2r8
GHSA-h7v7-pr65-4w53
GHSA-hvj6-2w8w-j3wj
GHSA-m592-cr2f-4qg5
GHSA-mwg5-cwh8-88m5
GHSA-pq2w-3m7x-qx76
GHSA-rfq2-gv2r-vgjg
GHSA-whj7-f2cg-8pv5
GHSA-x7h6-xxfr-j6pv
GHSA-xjvw-vc5c-qgj5

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-2v7h-6c67-v7p4/GHSA-2v7h-6c67-v7p4.json

@@ -26,6 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-362",
       "CWE-367"
     ],
     "severity": "MODERATE",

advisories/unreviewed/2026/01/GHSA-6q56-mrmc-cph4/GHSA-6q56-mrmc-cph4.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6q56-mrmc-cph4",
+  "modified": "2026-01-13T00:30:46Z",
+  "published": "2026-01-13T00:30:46Z",
+  "aliases": [
+    "CVE-2025-15514"
+  ],
+  "details": "Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15514"
+    },
+    {
+      "type": "WEB",
+      "url": "https://https://github.com/ollama/ollama"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/172df98b-07cd-41ea-a628-366f8cd525c0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://ollama.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/ollama-multi-modal-image-processing-null-pointer-dereference"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-395"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T23:15:51Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-f2p8-hh36-r2r8/GHSA-f2p8-hh36-r2r8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f2p8-hh36-r2r8",
-  "modified": "2026-01-12T21:30:34Z",
+  "modified": "2026-01-13T00:30:46Z",
   "published": "2026-01-12T21:30:34Z",
   "aliases": [
     "CVE-2025-67147"
   ],
   "details": "Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'login_id', 'pwfield', and 'login_key' parameters in (3) change_s_pwd.php. An unauthenticated or authenticated attacker can exploit these issues to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-12T21:15:59Z"

advisories/unreviewed/2026/01/GHSA-h7v7-pr65-4w53/GHSA-h7v7-pr65-4w53.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h7v7-pr65-4w53",
+  "modified": "2026-01-13T00:30:47Z",
+  "published": "2026-01-13T00:30:46Z",
+  "aliases": [
+    "CVE-2024-58339"
+  ],
+  "details": "LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prompt and executes them via vn.run_sql() without enforcing query execution limits In downstream deployments where untrusted users can supply prompts, an attacker can trigger expensive or unbounded SQL operations that exhaust CPU or memory resources, resulting in a denial-of-service condition. The vulnerable execution path occurs in llama_index/packs/vanna/base.py within custom_query().",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58339"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/run-llama/llama_index"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/a1d6c30d-fce0-412a-bd22-14e0d4c1fa1f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.llamaindex.ai"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/llamaindex-vannaqueryengine-sql-execution-allows-resource-exhaustion"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-770"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T23:15:51Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-hvj6-2w8w-j3wj/GHSA-hvj6-2w8w-j3wj.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hvj6-2w8w-j3wj",
+  "modified": "2026-01-13T00:30:45Z",
+  "published": "2026-01-13T00:30:45Z",
+  "aliases": [
+    "CVE-2025-67146"
+  ],
+  "details": "Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An unauthenticated remote attacker can exploit these issues to inject malicious SQL commands, leading to unauthorized data extraction, authentication bypass, or modification of database contents.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67146"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/AbhishekMali21/GYM-MANAGEMENT-SYSTEM/issues/4"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T22:16:07Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-m592-cr2f-4qg5/GHSA-m592-cr2f-4qg5.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m592-cr2f-4qg5",
+  "modified": "2026-01-13T00:30:47Z",
+  "published": "2026-01-13T00:30:46Z",
+  "aliases": [
+    "CVE-2024-14021"
+  ],
+  "details": "LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The function uses pickle.load() to deserialize multi_embed_store.pkl from a user-supplied persist_dir without validation. An attacker who can provide a crafted persist directory containing a malicious pickle file can trigger arbitrary code execution when the victim loads the index from disk.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-14021"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/run-llama/llama_index"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/ab4ceeb4-aa85-4d1c-aaca-4eda1b71fc12"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.llamaindex.ai"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/llamaindex-bgem3index-unsafe-deserialization"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-502"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T23:15:51Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-mwg5-cwh8-88m5/GHSA-mwg5-cwh8-88m5.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mwg5-cwh8-88m5",
+  "modified": "2026-01-13T00:30:46Z",
+  "published": "2026-01-13T00:30:45Z",
+  "aliases": [
+    "CVE-2025-12420"
+  ],
+  "details": "A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform.\n\nServiceNow has addressed this vulnerability by deploying a relevant security update to  hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:H/U:Amber"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12420"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2587329"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T22:16:07Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-pq2w-3m7x-qx76/GHSA-pq2w-3m7x-qx76.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pq2w-3m7x-qx76",
+  "modified": "2026-01-13T00:30:46Z",
+  "published": "2026-01-13T00:30:46Z",
+  "aliases": [
+    "CVE-2024-58340"
+  ],
+  "details": "LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58340"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/langchain-ai/langchain"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/e7ece02c-d4bb-4166-8e08-6baf4f8845bb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.langchain.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/langchain-mrkloutputparser-redos"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1333"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T23:15:51Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-rfq2-gv2r-vgjg/GHSA-rfq2-gv2r-vgjg.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rfq2-gv2r-vgjg",
+  "modified": "2026-01-13T00:30:47Z",
+  "published": "2026-01-13T00:30:46Z",
+  "aliases": [
+    "CVE-2026-22214"
+  ],
+  "details": "RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer without verifying that the current write index remains within bounds. An attacker capable of sending crafted serial or TCP-framed input can cause the current write index to exceed the buffer size, resulting in a write past the end of the stack buffer. This condition leads to memory corruption and application crash.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22214"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/RIOT-OS/RIOT"
+    },
+    {
+      "type": "WEB",
+      "url": "https://seclists.org/fulldisclosure/2026/Jan/16"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.riot-os.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/riot-os-stack-based-buffer-overflow-in-ethos-serial-frame-parser"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T23:15:52Z"
+  }
+}