Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/02/GHSA-3j4c-6c9j-p6jj/GHSA-3j4c-6c9j-p6jj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3j4c-6c9j-p6jj",
-  "modified": "2025-02-13T15:31:25Z",
+  "modified": "2026-01-29T21:30:24Z",
   "published": "2025-02-13T15:31:25Z",
   "aliases": [
     "CVE-2025-1270"

advisories/unreviewed/2025/03/GHSA-6jf7-p33c-7gw9/GHSA-6jf7-p33c-7gw9.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-77"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/03/GHSA-7729-f2m7-vm5h/GHSA-7729-f2m7-vm5h.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-77"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/03/GHSA-h2w7-2v8j-jgm7/GHSA-h2w7-2v8j-jgm7.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-276"
+      "CWE-276",
+      "CWE-522"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/08/GHSA-7xgx-qhr4-hx93/GHSA-7xgx-qhr4-hx93.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/12/GHSA-9fqr-94hm-qxr9/GHSA-9fqr-94hm-qxr9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9fqr-94hm-qxr9",
-  "modified": "2025-12-05T21:30:23Z",
+  "modified": "2026-01-29T21:30:25Z",
   "published": "2025-12-05T15:30:26Z",
   "aliases": [
     "CVE-2025-13654"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13654"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/zevv/duc/commit/8638c4365ffd9e1966bdef8af6339dbee8c17e66"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/zevv/duc/releases/tag/1.4.6"

advisories/unreviewed/2026/01/GHSA-2fw7-6f7r-fx94/GHSA-2fw7-6f7r-fx94.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2fw7-6f7r-fx94",
-  "modified": "2026-01-28T21:31:23Z",
+  "modified": "2026-01-29T21:30:30Z",
   "published": "2026-01-28T21:31:23Z",
   "aliases": [
     "CVE-2025-13984"
   ],
   "details": "Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-942"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-28T20:16:07Z"

advisories/unreviewed/2026/01/GHSA-2hmm-wj33-38p5/GHSA-2hmm-wj33-38p5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2hmm-wj33-38p5",
-  "modified": "2026-01-22T18:30:34Z",
+  "modified": "2026-01-29T21:30:28Z",
   "published": "2026-01-22T18:30:34Z",
   "aliases": [
     "CVE-2025-68003"
   ],
   "details": "Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:16:06Z"

advisories/unreviewed/2026/01/GHSA-2v9g-x366-jgmx/GHSA-2v9g-x366-jgmx.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2v9g-x366-jgmx",
+  "modified": "2026-01-29T21:30:31Z",
+  "published": "2026-01-29T21:30:31Z",
+  "aliases": [
+    "CVE-2025-69604"
+  ],
+  "details": "An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69604"
+    },
+    {
+      "type": "WEB",
+      "url": "https://shirt-pocket.com/SuperDuper/SuperDuperDescription.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.shirtpocket.com/blog/index.php/shadedgrey/comments/superduper_v312_now_available"
+    },
+    {
+      "type": "WEB",
+      "url": "http://shirt.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-29T20:16:09Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-2xq9-f9fw-jgf9/GHSA-2xq9-f9fw-jgf9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2xq9-f9fw-jgf9",
-  "modified": "2026-01-28T21:31:24Z",
+  "modified": "2026-01-29T21:30:30Z",
   "published": "2026-01-28T21:31:24Z",
   "aliases": [
     "CVE-2025-71004"
   ],
   "details": "A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-28T21:16:09Z"