Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-v452-696f-f255/GHSA-v452-696f-f255.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v452-696f-f255",
-  "modified": "2022-05-24T17:37:51Z",
+  "modified": "2026-02-03T21:31:45Z",
   "published": "2022-05-24T17:37:51Z",
   "aliases": [
     "CVE-2020-35945"
   ],
   "details": "An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2025/10/GHSA-3cqg-r9w7-gjfg/GHSA-3cqg-r9w7-gjfg.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3cqg-r9w7-gjfg",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T21:31:46Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53657"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't tx before switchdev is fully configured\n\nThere is possibility that ice_eswitch_port_start_xmit might be\ncalled while some resources are still not allocated which might\ncause NULL pointer dereference. Fix this by checking if switchdev\nconfiguration was finished.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:49Z"

advisories/unreviewed/2025/10/GHSA-3p8v-593f-mgx8/GHSA-3p8v-593f-mgx8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3p8v-593f-mgx8",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T21:31:47Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53669"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix skb_copy_ubufs() vs BIG TCP\n\nDavid Ahern reported crashes in skb_copy_ubufs() caused by TCP tx zerocopy\nusing hugepages, and skb length bigger than ~68 KB.\n\nskb_copy_ubufs() assumed it could copy all payload using up to\nMAX_SKB_FRAGS order-0 pages.\n\nThis assumption broke when BIG TCP was able to put up to 512 KB per skb.\n\nWe did not hit this bug at Google because we use CONFIG_MAX_SKB_FRAGS=45\nand limit gso_max_size to 180000.\n\nA solution is to use higher order pages if needed.\n\nv2: add missing __GFP_COMP, or we leak memory.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:50Z"

advisories/unreviewed/2025/10/GHSA-3wc5-j3q5-m2xc/GHSA-3wc5-j3q5-m2xc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3wc5-j3q5-m2xc",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T21:31:46Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53665"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: don't dereference mddev after export_rdev()\n\nExcept for initial reference, mddev->kobject is referenced by\nrdev->kobject, and if the last rdev is freed, there is no guarantee that\nmddev is still valid. Hence mddev should not be used anymore after\nexport_rdev().\n\nThis problem can be triggered by following test for mdadm at very\nlow rate:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n        pill -9 $pid\n        echo clear > /sys/block/md0/md/array_state\n}\n\ntrap 'clean_up_test' EXIT\n\nadd_by_sysfs() {\n        while true; do\n                echo $devt > /sys/block/md0/md/new_dev\n        done\n}\n\nremove_by_sysfs(){\n        while true; do\n                echo remove > /sys/block/md0/md/dev-${devname}/state\n        done\n}\n\necho md0 > /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs &\npid=\"$pid $!\"\n\nremove_by_sysfs &\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\ngeneral protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bcb: 0000 [#4] PREEMPT SMP\nCPU: 0 PID: 1292 Comm: test Tainted: G      D W          6.5.0-rc2-00121-g01e55c376936 #562\nRIP: 0010:md_wakeup_thread+0x9e/0x320 [md_mod]\nCall Trace:\n <TASK>\n mddev_unlock+0x1b6/0x310 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix this problem by don't dereference mddev after export_rdev().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:50Z"

advisories/unreviewed/2025/10/GHSA-4832-crwv-4gfx/GHSA-4832-crwv-4gfx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4832-crwv-4gfx",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T21:31:47Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53676"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()\n\nThe function lio_target_nacl_info_show() uses sprintf() in a loop to print\ndetails for every iSCSI connection in a session without checking for the\nbuffer length. With enough iSCSI connections it's possible to overflow the\nbuffer provided by configfs and corrupt the memory.\n\nThis patch replaces sprintf() with sysfs_emit_at() that checks for buffer\nboundries.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:51Z"

advisories/unreviewed/2025/10/GHSA-6fcq-vj78-w895/GHSA-6fcq-vj78-w895.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6fcq-vj78-w895",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T21:31:46Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53662"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}\n\nIf the filename casefolding fails, we'll be leaking memory from the\nfscrypt_name struct, namely from the 'crypto_buf.name' member.\n\nMake sure we free it in the error path on both ext4_fname_setup_filename()\nand ext4_fname_prepare_lookup() functions.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:49Z"

advisories/unreviewed/2025/10/GHSA-75gq-3wgg-m886/GHSA-75gq-3wgg-m886.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-75gq-3wgg-m886",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T21:31:46Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53666"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd938x: fix missing mbhc init error handling\n\nMBHC initialisation can fail so add the missing error handling to avoid\ndereferencing an error pointer when later configuring the jack:\n\n    Unable to handle kernel paging request at virtual address fffffffffffffff8\n\n    pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n    lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n\n    Call trace:\n     wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n     wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n     snd_soc_component_set_jack+0x28/0x8c [snd_soc_core]\n     qcom_snd_wcd_jack_setup+0x7c/0x19c [snd_soc_qcom_common]\n     sc8280xp_snd_init+0x20/0x2c [snd_soc_sc8280xp]\n     snd_soc_link_init+0x28/0x90 [snd_soc_core]\n     snd_soc_bind_card+0x628/0xbfc [snd_soc_core]\n     snd_soc_register_card+0xec/0x104 [snd_soc_core]\n     devm_snd_soc_register_card+0x4c/0xa4 [snd_soc_core]\n     sc8280xp_platform_probe+0xf0/0x108 [snd_soc_sc8280xp]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:50Z"

advisories/unreviewed/2025/10/GHSA-7v48-2x62-5ff3/GHSA-7v48-2x62-5ff3.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7v48-2x62-5ff3",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T21:31:47Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53673"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -> 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... <no iso_* activity on sk/conn> ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G            E      6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:51Z"

advisories/unreviewed/2025/10/GHSA-8wgv-64x2-9hjp/GHSA-8wgv-64x2-9hjp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8wgv-64x2-9hjp",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T21:31:47Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53675"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ses: Fix possible desc_ptr out-of-bounds accesses\n\nSanitize possible desc_ptr out-of-bounds accesses in\nses_enclosure_data_process().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:51Z"

advisories/unreviewed/2025/10/GHSA-92f6-rh29-hfq6/GHSA-92f6-rh29-hfq6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-92f6-rh29-hfq6",
-  "modified": "2025-10-07T18:31:10Z",
+  "modified": "2026-02-03T21:31:46Z",
   "published": "2025-10-07T18:31:10Z",
   "aliases": [
     "CVE-2023-53663"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Check instead of asserting on nested TSC scaling support\n\nCheck for nested TSC scaling support on nested SVM VMRUN instead of\nasserting that TSC scaling is exposed to L1 if L1's MSR_AMD64_TSC_RATIO\nhas diverged from KVM's default.  Userspace can trigger the WARN at will\nby writing the MSR and then updating guest CPUID to hide the feature\n(modifying guest CPUID is allowed anytime before KVM_RUN).  E.g. hacking\nKVM's state_test selftest to do\n\n\t\tvcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n\t\tvcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699\n           nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd]\n  Call Trace:\n   <TASK>\n   enter_svm_guest_mode+0x114/0x560 [kvm_amd]\n   nested_svm_vmrun+0x260/0x330 [kvm_amd]\n   vmrun_interception+0x29/0x30 [kvm_amd]\n   svm_invoke_exit_handler+0x35/0x100 [kvm_amd]\n   svm_handle_exit+0xe7/0x180 [kvm_amd]\n   kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n   kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n   __se_sys_ioctl+0x7a/0xc0\n   __x64_sys_ioctl+0x21/0x30\n   do_syscall_64+0x41/0x90\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd\n  RIP: 0033:0x45ca1b\n\nNote, the nested #VMEXIT path has the same flaw, but needs a different\nfix and will be handled separately.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-07T16:15:50Z"