Skip to content

Commit fd59444

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-vrw9-g62v-7fmf GHSA-6p6h-rqr6-62mv GHSA-frpp-8pwq-hjrx GHSA-6p6h-rqr6-62mv
1 parent 9b1b2fa commit fd59444

4 files changed

Lines changed: 120 additions & 50 deletions

File tree

advisories/github-reviewed/2025/09/GHSA-vrw9-g62v-7fmf/GHSA-vrw9-g62v-7fmf.json

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-vrw9-g62v-7fmf",
4-
"modified": "2025-09-24T20:10:59Z",
4+
"modified": "2026-01-27T21:06:02Z",
55
"published": "2025-09-24T18:30:31Z",
66
"aliases": [
77
"CVE-2025-57350"
@@ -28,7 +28,7 @@
2828
"introduced": "0"
2929
},
3030
{
31-
"last_affected": "2.0.10"
31+
"fixed": "2.0.13"
3232
}
3333
]
3434
}
@@ -44,13 +44,25 @@
4444
"type": "WEB",
4545
"url": "https://github.com/Keyang/node-csvtojson/issues/498"
4646
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/Keyang/node-csvtojson/issues/502"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/Keyang/node-csvtojson/commit/4caeebd13b67be63282a7bbed3ca0cf9813f4bfc"
54+
},
4755
{
4856
"type": "PACKAGE",
4957
"url": "https://github.com/Keyang/node-csvtojson"
5058
},
5159
{
5260
"type": "WEB",
5361
"url": "https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57350"
62+
},
63+
{
64+
"type": "WEB",
65+
"url": "https://security.snyk.io/vuln/SNYK-JS-CSVTOJSON-13109616"
5466
}
5567
],
5668
"database_specific": {

advisories/github-reviewed/2026/01/GHSA-6p6h-rqr6-62mv/GHSA-6p6h-rqr6-62mv.json

Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6p6h-rqr6-62mv",
4+
"modified": "2026-01-27T21:04:10Z",
5+
"published": "2026-01-26T21:30:36Z",
6+
"aliases": [
7+
"CVE-2025-11687"
8+
],
9+
"summary": "GI-DocGen vulnerable to Reflected XSS via unescaped query strings",
10+
"details": "A flaw was found in GI-DocGen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter (reflected DOM XSS).",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "gi-docgen"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "2025.5"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11687"
42+
},
43+
{
44+
"type": "WEB",
45+
"url": "https://access.redhat.com/security/cve/CVE-2025-11687"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403536"
50+
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://github.com/GNOME/gi-docgen"
54+
},
55+
{
56+
"type": "WEB",
57+
"url": "https://gitlab.gnome.org/GNOME/gi-docgen/-/commit/65d16b8ac178900602da540c8f5df4f52d5e8cf6"
58+
},
59+
{
60+
"type": "WEB",
61+
"url": "https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228"
62+
}
63+
],
64+
"database_specific": {
65+
"cwe_ids": [
66+
"CWE-79"
67+
],
68+
"severity": "MODERATE",
69+
"github_reviewed": true,
70+
"github_reviewed_at": "2026-01-27T21:04:10Z",
71+
"nvd_published_at": "2026-01-26T20:16:07Z"
72+
}
73+
}

advisories/unreviewed/2026/01/GHSA-frpp-8pwq-hjrx/GHSA-frpp-8pwq-hjrx.json renamed to advisories/github-reviewed/2026/01/GHSA-frpp-8pwq-hjrx/GHSA-frpp-8pwq-hjrx.json

Lines changed: 33 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,40 +1,69 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-frpp-8pwq-hjrx",
4-
"modified": "2026-01-26T21:30:36Z",
4+
"modified": "2026-01-27T21:05:43Z",
55
"published": "2026-01-26T21:30:36Z",
66
"aliases": [
77
"CVE-2025-14969"
88
],
9+
"summary": "Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion",
910
"details": "A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "org.hibernate.reactive:hibernate-reactive-core"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "4.2.1"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14969"
2142
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/hibernate/hibernate-reactive/commit/cd7f104e10de918004707ca0e26e3840976f780a"
46+
},
2247
{
2348
"type": "WEB",
2449
"url": "https://access.redhat.com/security/cve/CVE-2025-14969"
2550
},
2651
{
2752
"type": "WEB",
2853
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423822"
54+
},
55+
{
56+
"type": "PACKAGE",
57+
"url": "https://github.com/hibernate/hibernate-reactive"
2958
}
3059
],
3160
"database_specific": {
3261
"cwe_ids": [
3362
"CWE-772"
3463
],
3564
"severity": "MODERATE",
36-
"github_reviewed": false,
37-
"github_reviewed_at": null,
65+
"github_reviewed": true,
66+
"github_reviewed_at": "2026-01-27T21:05:43Z",
3867
"nvd_published_at": "2026-01-26T20:16:08Z"
3968
}
4069
}

advisories/unreviewed/2026/01/GHSA-6p6h-rqr6-62mv/GHSA-6p6h-rqr6-62mv.json

Lines changed: 0 additions & 44 deletions
This file was deleted.

0 commit comments

Comments
 (0)