Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2026/01/GHSA-rqfh-9r24-8c9r/GHSA-rqfh-9r24-8c9r.json

@@ -0,0 +1,72 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rqfh-9r24-8c9r",
+  "modified": "2026-01-26T21:31:41Z",
+  "published": "2026-01-26T21:31:41Z",
+  "aliases": [
+    "CVE-2026-24400"
+  ],
+  "summary": "AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion",
+  "details": "An XML External Entity (XXE) vulnerability exists in `org.assertj.core.util.xml.XmlStringPrettyFormatter`: the `toXmlDocument(String)` method initializes `DocumentBuilderFactory` with default settings, without disabling DTDs or external entities. This formatter is used by the `isXmlEqualTo(CharSequence)` assertion for `CharSequence` values.\n\nAn application is vulnerable only when it uses untrusted XML input with one of the following methods:\n\n- `isXmlEqualTo(CharSequence)` from `org.assertj.core.api.AbstractCharSequenceAssert`\n- `xmlPrettyFormat(String)` from `org.assertj.core.util.xml.XmlStringPrettyFormatter`\n\n### Impact\n\nIf untrusted XML input is processed by the methods mentioned above (e.g., in test environments handling external fixture files), an attacker could:\n\n- **Read arbitrary local files** via `file://` URIs (e.g., `/etc/passwd`, application configuration files)\n- **Perform Server-Side Request Forgery (SSRF)** via HTTP/HTTPS URIs\n- **Cause Denial of Service** via \"Billion Laughs\" entity expansion attacks\n\n### Mitigation\n\n`isXmlEqualTo(CharSequence)` has been deprecated in favor of [XMLUnit](https://www.xmlunit.org/) in version 3.18.0 and will be removed in version 4.0. Users of affected versions should, in order of preference:\n\n1. Replace `isXmlEqualTo(CharSequence)` with XMLUnit, or\n2. Upgrade to version 3.27.7, or\n3. Avoid using `isXmlEqualTo(CharSequence)` or `XmlStringPrettyFormatter` with untrusted input.\n\n`XmlStringPrettyFormatter` has historically been considered a utility for `isXmlEqualTo(CharSequence)` rather than a feature for AssertJ users, so it is deprecated in version 3.27.7 and removed in version 4.0, with no replacement.\n\n### References\n\n- [CWE-611: Improper Restriction of XML External Entity Reference](https://cwe.mitre.org/data/definitions/611.html)\n- [OWASP XXE Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.assertj:assertj-core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.4.0"
+            },
+            {
+              "fixed": "3.27.7"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 3.27.6"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/assertj/assertj/security/advisories/GHSA-rqfh-9r24-8c9r"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/assertj/assertj"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/assertj/assertj/releases/tag/assertj-build-3.27.7"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-611"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-01-26T21:31:41Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/01/GHSA-v253-rj99-jwpq/GHSA-v253-rj99-jwpq.json

@@ -0,0 +1,66 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-v253-rj99-jwpq",
+  "modified": "2026-01-26T21:29:58Z",
+  "published": "2026-01-26T21:29:58Z",
+  "aliases": [
+    "CVE-2026-24131"
+  ],
+  "summary": "pnpm has Path Traversal via arbitrary file permission modification ",
+  "details": "### Summary\nWhen pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root. A malicious npm package can specify `\"directories\": {\"bin\": \"../../../../tmp\"}` to escape the package directory, causing pnpm to chmod 755 files at arbitrary locations.\n\n**Note:** Only affects Unix/Linux/macOS. Windows is not affected (`fixBin` gated by `EXECUTABLE_SHEBANG_SUPPORTED`).\n\n### Details\nVulnerable code in `pkg-manager/package-bins/src/index.ts:15-21`:\n\n```typescript\nif (manifest.directories?.bin) {\n  const binDir = path.join(pkgPath, manifest.directories.bin)  // NO VALIDATION\n  const files = await findFiles(binDir)\n  // ... files outside package returned, then chmod 755'd\n}\n```\n\nThe `bin` field IS protected with `isSubdir()` at line 53, but `directories.bin` lacks this check.\n\n### PoC\n```bash\n# Create malicious package\nmkdir /tmp/malicious-pkg\necho '{\"name\":\"malicious\",\"version\":\"1.0.0\",\"directories\":{\"bin\":\"../../../../tmp/target\"}}' > /tmp/malicious-pkg/package.json\n\n# Create sensitive file\nmkdir -p /tmp/target\necho \"secret\" > /tmp/target/secret.sh\nchmod 600 /tmp/target/secret.sh  # Private\n\n# Install\npnpm add file:/tmp/malicious-pkg\n\n# Check permissions\nls -la /tmp/target/secret.sh  # Now 755 (world-readable)\n```\n\n### Impact\n- Supply-chain attack via npm packages\n- File permissions changed from 600 to 755 (world-readable)\n- Affects non-dotfiles in predictable paths (dotfiles excluded by tinyglobby default)\n\n### Suggested Fix\nAdd `isSubdir` validation for `directories.bin` paths in `pkg-manager/package-bins/src/index.ts`, matching the existing validation in `commandsFromBin()`:\n\n```typescript\nif (manifest.directories?.bin) {\n  const binDir = path.join(pkgPath, manifest.directories.bin)\n  if (!isSubdir(pkgPath, binDir)) {\n    return []  // Reject paths outside package\n  }\n  // ...\n}\n```",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "pnpm"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "10.28.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/pnpm/pnpm/security/advisories/GHSA-v253-rj99-jwpq"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pnpm/pnpm/commit/17432ad5bbed5c2e77255ca6d56a1449bbcfd943"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/pnpm/pnpm"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pnpm/pnpm/releases/tag/v10.28.2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22",
+      "CWE-732"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-01-26T21:29:58Z",
+    "nvd_published_at": null
+  }
+}

advisories/unreviewed/2022/05/GHSA-4994-8w6g-9jvw/GHSA-4994-8w6g-9jvw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4994-8w6g-9jvw",
-  "modified": "2022-05-13T01:08:25Z",
+  "modified": "2026-01-26T21:30:29Z",
   "published": "2022-05-13T01:08:25Z",
   "aliases": [
     "CVE-2018-14634"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://www.exploit-db.com/exploits/45516"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634"
+    },
     {
       "type": "WEB",
       "url": "https://usn.ubuntu.com/3779-1"

advisories/unreviewed/2025/06/GHSA-mrv6-5rxr-645f/GHSA-mrv6-5rxr-645f.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mrv6-5rxr-645f",
-  "modified": "2025-06-12T15:31:23Z",
+  "modified": "2026-01-26T21:30:30Z",
   "published": "2025-06-12T15:31:23Z",
   "aliases": [
     "CVE-2025-49198"

advisories/unreviewed/2025/06/GHSA-r564-8356-q3fh/GHSA-r564-8356-q3fh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r564-8356-q3fh",
-  "modified": "2025-06-12T15:31:23Z",
+  "modified": "2026-01-26T21:30:30Z",
   "published": "2025-06-12T15:31:23Z",
   "aliases": [
     "CVE-2025-49195"

advisories/unreviewed/2025/07/GHSA-24p2-xmcw-rpv8/GHSA-24p2-xmcw-rpv8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-24p2-xmcw-rpv8",
-  "modified": "2025-07-10T09:32:30Z",
+  "modified": "2026-01-26T21:30:30Z",
   "published": "2025-07-10T09:32:30Z",
   "aliases": [
     "CVE-2025-38295"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create()\n\nThe Amlogic DDR PMU driver meson_ddr_pmu_create() function incorrectly uses\nsmp_processor_id(), which assumes disabled preemption. This leads to kernel\nwarnings during module loading because meson_ddr_pmu_create() can be called\nin a preemptible context.\n\nFollowing kernel warning and stack trace:\n[   31.745138] [   T2289] BUG: using smp_processor_id() in preemptible [00000000] code: (udev-worker)/2289\n[   31.745154] [   T2289] caller is debug_smp_processor_id+0x28/0x38\n[   31.745172] [   T2289] CPU: 4 UID: 0 PID: 2289 Comm: (udev-worker) Tainted: GW 6.14.0-0-MANJARO-ARM #1 59519addcbca6ba8de735e151fd7b9e97aac7ff0\n[   31.745181] [   T2289] Tainted: [W]=WARN\n[   31.745183] [   T2289] Hardware name: Hardkernel ODROID-N2Plus (DT)\n[   31.745188] [   T2289] Call trace:\n[   31.745191] [   T2289]  show_stack+0x28/0x40 (C)\n[   31.745199] [   T2289]  dump_stack_lvl+0x4c/0x198\n[   31.745205] [   T2289]  dump_stack+0x20/0x50\n[   31.745209] [   T2289]  check_preemption_disabled+0xec/0xf0\n[   31.745213] [   T2289]  debug_smp_processor_id+0x28/0x38\n[   31.745216] [   T2289]  meson_ddr_pmu_create+0x200/0x560 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]\n[   31.745237] [   T2289]  g12_ddr_pmu_probe+0x20/0x38 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]\n[   31.745246] [   T2289]  platform_probe+0x98/0xe0\n[   31.745254] [   T2289]  really_probe+0x144/0x3f8\n[   31.745258] [   T2289]  __driver_probe_device+0xb8/0x180\n[   31.745261] [   T2289]  driver_probe_device+0x54/0x268\n[   31.745264] [   T2289]  __driver_attach+0x11c/0x288\n[   31.745267] [   T2289]  bus_for_each_dev+0xfc/0x160\n[   31.745274] [   T2289]  driver_attach+0x34/0x50\n[   31.745277] [   T2289]  bus_add_driver+0x160/0x2b0\n[   31.745281] [   T2289]  driver_register+0x78/0x120\n[   31.745285] [   T2289]  __platform_driver_register+0x30/0x48\n[   31.745288] [   T2289]  init_module+0x30/0xfe0 [meson_ddr_pmu_g12 8095101c49676ad138d9961e3eddaee10acca7bd]\n[   31.745298] [   T2289]  do_one_initcall+0x11c/0x438\n[   31.745303] [   T2289]  do_init_module+0x68/0x228\n[   31.745311] [   T2289]  load_module+0x118c/0x13a8\n[   31.745315] [   T2289]  __arm64_sys_finit_module+0x274/0x390\n[   31.745320] [   T2289]  invoke_syscall+0x74/0x108\n[   31.745326] [   T2289]  el0_svc_common+0x90/0xf8\n[   31.745330] [   T2289]  do_el0_svc+0x2c/0x48\n[   31.745333] [   T2289]  el0_svc+0x60/0x150\n[   31.745337] [   T2289]  el0t_64_sync_handler+0x80/0x118\n[   31.745341] [   T2289]  el0t_64_sync+0x1b8/0x1c0\n\nChanges replaces smp_processor_id() with raw_smp_processor_id() to\nensure safe CPU ID retrieval in preemptible contexts.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:28Z"

advisories/unreviewed/2025/07/GHSA-35h8-mcvx-mrm6/GHSA-35h8-mcvx-mrm6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-35h8-mcvx-mrm6",
-  "modified": "2025-07-10T09:32:29Z",
+  "modified": "2026-01-26T21:30:30Z",
   "published": "2025-07-10T09:32:29Z",
   "aliases": [
     "CVE-2025-38288"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels\n\nCorrect kernel call trace when calling smp_processor_id() when called in\npreemptible kernels by using raw_smp_processor_id().\n\nsmp_processor_id() checks to see if preemption is disabled and if not,\nissue an error message followed by a call to dump_stack().\n\nBrief example of call trace:\nkernel:  check_preemption_disabled: 436 callbacks suppressed\nkernel:  BUG: using smp_processor_id() in preemptible [00000000]\n         code: kworker/u1025:0/2354\nkernel:  caller is pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel:  CPU: 129 PID: 2354 Comm: kworker/u1025:0\nkernel:  ...\nkernel:  Workqueue: writeback wb_workfn (flush-253:0)\nkernel:  Call Trace:\nkernel:   <TASK>\nkernel:   dump_stack_lvl+0x34/0x48\nkernel:   check_preemption_disabled+0xdd/0xe0\nkernel:   pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel:  ...",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:27Z"

advisories/unreviewed/2025/07/GHSA-9ww5-wgf4-8cfm/GHSA-9ww5-wgf4-8cfm.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9ww5-wgf4-8cfm",
-  "modified": "2025-11-03T18:31:32Z",
+  "modified": "2026-01-26T21:30:30Z",
   "published": "2025-07-28T12:30:36Z",
   "aliases": [
     "CVE-2025-38494"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -57,7 +62,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-28T12:15:31Z"

advisories/unreviewed/2025/07/GHSA-f7v2-pww5-gxcf/GHSA-f7v2-pww5-gxcf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f7v2-pww5-gxcf",
-  "modified": "2025-07-10T15:31:26Z",
+  "modified": "2026-01-26T21:30:30Z",
   "published": "2025-07-10T09:32:29Z",
   "aliases": [
     "CVE-2025-38279"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do not include stack ptr register in precision backtracking bookkeeping\n\nYi Lai reported an issue ([1]) where the following warning appears\nin kernel dmesg:\n  [   60.643604] verifier backtracking bug\n  [   60.643635] WARNING: CPU: 10 PID: 2315 at kernel/bpf/verifier.c:4302 __mark_chain_precision+0x3a6c/0x3e10\n  [   60.648428] Modules linked in: bpf_testmod(OE)\n  [   60.650471] CPU: 10 UID: 0 PID: 2315 Comm: test_progs Tainted: G           OE       6.15.0-rc4-gef11287f8289-dirty #327 PREEMPT(full)\n  [   60.654385] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n  [   60.656682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  [   60.660475] RIP: 0010:__mark_chain_precision+0x3a6c/0x3e10\n  [   60.662814] Code: 5a 30 84 89 ea e8 c4 d9 01 00 80 3d 3e 7d d8 04 00 0f 85 60 fa ff ff c6 05 31 7d d8 04\n                       01 48 c7 c7 00 58 30 84 e8 c4 06 a5 ff <0f> 0b e9 46 fa ff ff 48 ...\n  [   60.668720] RSP: 0018:ffff888116cc7298 EFLAGS: 00010246\n  [   60.671075] RAX: 54d70e82dfd31900 RBX: ffff888115b65e20 RCX: 0000000000000000\n  [   60.673659] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 00000000ffffffff\n  [   60.676241] RBP: 0000000000000400 R08: ffff8881f6f23bd3 R09: 1ffff1103ede477a\n  [   60.678787] R10: dffffc0000000000 R11: ffffed103ede477b R12: ffff888115b60ae8\n  [   60.681420] R13: 1ffff11022b6cbc4 R14: 00000000fffffff2 R15: 0000000000000001\n  [   60.684030] FS:  00007fc2aedd80c0(0000) GS:ffff88826fa8a000(0000) knlGS:0000000000000000\n  [   60.686837] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [   60.689027] CR2: 000056325369e000 CR3: 000000011088b002 CR4: 0000000000370ef0\n  [   60.691623] Call Trace:\n  [   60.692821]  <TASK>\n  [   60.693960]  ? __pfx_verbose+0x10/0x10\n  [   60.695656]  ? __pfx_disasm_kfunc_name+0x10/0x10\n  [   60.697495]  check_cond_jmp_op+0x16f7/0x39b0\n  [   60.699237]  do_check+0x58fa/0xab10\n  ...\n\nFurther analysis shows the warning is at line 4302 as below:\n\n  4294                 /* static subprog call instruction, which\n  4295                  * means that we are exiting current subprog,\n  4296                  * so only r1-r5 could be still requested as\n  4297                  * precise, r0 and r6-r10 or any stack slot in\n  4298                  * the current frame should be zero by now\n  4299                  */\n  4300                 if (bt_reg_mask(bt) & ~BPF_REGMASK_ARGS) {\n  4301                         verbose(env, \"BUG regs %x\\n\", bt_reg_mask(bt));\n  4302                         WARN_ONCE(1, \"verifier backtracking bug\");\n  4303                         return -EFAULT;\n  4304                 }\n\nWith the below test (also in the next patch):\n  __used __naked static void __bpf_jmp_r10(void)\n  {\n\tasm volatile (\n\t\"r2 = 2314885393468386424 ll;\"\n\t\"goto +0;\"\n\t\"if r2 <= r10 goto +3;\"\n\t\"if r1 >= -1835016 goto +0;\"\n\t\"if r2 <= 8 goto +0;\"\n\t\"if r3 <= 0 goto +0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n  }\n\n  SEC(\"?raw_tp\")\n  __naked void bpf_jmp_r10(void)\n  {\n\tasm volatile (\n\t\"r3 = 0 ll;\"\n\t\"call __bpf_jmp_r10;\"\n\t\"r0 = 0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n  }\n\nThe following is the verifier failure log:\n  0: (18) r3 = 0x0                      ; R3_w=0\n  2: (85) call pc+2\n  caller:\n   R10=fp0\n  callee:\n   frame1: R1=ctx() R3_w=0 R10=fp0\n  5: frame1: R1=ctx() R3_w=0 R10=fp0\n  ; asm volatile (\"                                 \\ @ verifier_precision.c:184\n  5: (18) r2 = 0x20202000256c6c78       ; frame1: R2_w=0x20202000256c6c78\n  7: (05) goto pc+0\n  8: (bd) if r2 <= r10 goto pc+3        ; frame1: R2_w=0x20202000256c6c78 R10=fp0\n  9: (35) if r1 >= 0xffe3fff8 goto pc+0         ; frame1: R1=ctx()\n  10: (b5) if r2 <= 0x8 goto pc+0\n  mark_precise: frame1: last_idx 10 first_idx 0 subseq_idx -1\n  mark_precise: frame1: regs=r2 stack= before 9: (35) if r1 >= 0xffe3fff8 goto pc+0\n  mark_precise: frame1: regs=r2 stack= before 8: (bd) if r2 <= r10 goto pc+3\n  mark_preci\n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:26Z"