Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 06b0f7ce01f1 · 2025-12-11T15:52:51.000Z
GHSA-6h2f-wjhf-4wjx GHSA-6w82-v552-wjw2 GHSA-898v-775g-777c GHSA-9rwj-6rc7-p77c GHSA-f4cf-9rvr-2rcx GHSA-m654-769v-qjv7 GHSA-mr6f-h57v-rpj5 GHSA-wqv2-4wpg-8hc9 GHSA-x93p-w2ch-fg67
diff --git a/advisories/github-reviewed/2025/12/GHSA-6h2f-wjhf-4wjx/GHSA-6h2f-wjhf-4wjx.json b/advisories/github-reviewed/2025/12/GHSA-6h2f-wjhf-4wjx/GHSA-6h2f-wjhf-4wjx.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6h2f-wjhf-4wjx",
-  "modified": "2025-12-10T20:21:54Z",
+  "modified": "2025-12-11T15:51:44Z",
   "published": "2025-12-10T20:21:54Z",
   "aliases": [
     "CVE-2025-67720"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/Mayuri-Chan/pyrofork/security/advisories/GHSA-6h2f-wjhf-4wjx"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67720"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/Mayuri-Chan/pyrofork/commit/2f2d515575cc9c360bd74340a61a1d2b1e1f1f95"
@@ -59,6 +63,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-10T20:21:54Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-11T02:16:19Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/12/GHSA-6w82-v552-wjw2/GHSA-6w82-v552-wjw2.json b/advisories/github-reviewed/2025/12/GHSA-6w82-v552-wjw2/GHSA-6w82-v552-wjw2.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6w82-v552-wjw2",
-  "modified": "2025-12-10T20:02:23Z",
+  "modified": "2025-12-11T15:49:34Z",
   "published": "2025-12-09T17:24:21Z",
   "aliases": [
     "CVE-2025-67648"
@@ -97,6 +97,10 @@
       "type": "WEB",
       "url": "https://github.com/shopware/shopware/security/advisories/GHSA-6w82-v552-wjw2"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67648"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/shopware/shopware/commit/c9242c02c84595d9fa3e2adf6a264bc90a657b58"
@@ -113,6 +117,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-09T17:24:21Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-11T00:16:23Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/12/GHSA-898v-775g-777c/GHSA-898v-775g-777c.json b/advisories/github-reviewed/2025/12/GHSA-898v-775g-777c/GHSA-898v-775g-777c.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-898v-775g-777c",
-  "modified": "2025-12-09T19:16:37Z",
+  "modified": "2025-12-11T15:49:17Z",
   "published": "2025-12-09T17:19:42Z",
   "aliases": [
     "CVE-2025-67510"
@@ -43,9 +43,21 @@
       "type": "WEB",
       "url": "https://github.com/neuron-core/neuron-ai/security/advisories/GHSA-898v-775g-777c"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67510"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/neuron-core/neuron-ai/commit/44bab85d92bf162898ee48d0bcef6ba0d29b59c9"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/neuron-core/neuron-ai"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/neuron-core/neuron-ai/releases/tag/2.8.12"
     }
   ],
   "database_specific": {
@@ -56,6 +68,6 @@
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-09T17:19:42Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-10T23:15:48Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/12/GHSA-9rwj-6rc7-p77c/GHSA-9rwj-6rc7-p77c.json b/advisories/github-reviewed/2025/12/GHSA-9rwj-6rc7-p77c/GHSA-9rwj-6rc7-p77c.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9rwj-6rc7-p77c",
-  "modified": "2025-12-10T18:43:24Z",
+  "modified": "2025-12-11T15:49:44Z",
   "published": "2025-12-10T00:02:21Z",
   "aliases": [
     "CVE-2025-67644"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67644"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a"
@@ -56,6 +60,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-10T00:02:21Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-11T00:16:23Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/12/GHSA-f4cf-9rvr-2rcx/GHSA-f4cf-9rvr-2rcx.json b/advisories/github-reviewed/2025/12/GHSA-f4cf-9rvr-2rcx/GHSA-f4cf-9rvr-2rcx.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f4cf-9rvr-2rcx",
-  "modified": "2025-12-10T20:02:40Z",
+  "modified": "2025-12-11T15:51:21Z",
   "published": "2025-12-10T18:20:01Z",
   "aliases": [
     "CVE-2025-67717"
@@ -84,6 +84,10 @@
       "type": "WEB",
       "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-f4cf-9rvr-2rcx"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67717"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/zitadel/zitadel/commit/826039c6208fe71df57b3a94c982b5ac5b0af12c"
@@ -100,6 +104,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-10T18:20:01Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-11T01:16:01Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/12/GHSA-m654-769v-qjv7/GHSA-m654-769v-qjv7.json b/advisories/github-reviewed/2025/12/GHSA-m654-769v-qjv7/GHSA-m654-769v-qjv7.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m654-769v-qjv7",
-  "modified": "2025-12-10T20:11:40Z",
+  "modified": "2025-12-11T15:51:30Z",
   "published": "2025-12-10T20:11:40Z",
   "aliases": [
     "CVE-2025-67718"
@@ -59,10 +59,18 @@
       "type": "WEB",
       "url": "https://github.com/formio/formio/security/advisories/GHSA-m654-769v-qjv7"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67718"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/formio/formio/commit/1665b7c99e3cf3246db7ff0b4ff732231dc6903b"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/formio/formio/commit/1836bdd9f55f5888ff397c257b2108c09d3de478"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/formio/formio"
@@ -75,6 +83,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-10T20:11:40Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-11T01:16:01Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/12/GHSA-mr6f-h57v-rpj5/GHSA-mr6f-h57v-rpj5.json b/advisories/github-reviewed/2025/12/GHSA-mr6f-h57v-rpj5/GHSA-mr6f-h57v-rpj5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mr6f-h57v-rpj5",
-  "modified": "2025-12-10T21:55:26Z",
+  "modified": "2025-12-11T15:51:53Z",
   "published": "2025-12-10T21:35:58Z",
   "aliases": [
     "CVE-2025-67716"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-mr6f-h57v-rpj5"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67716"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/auth0/nextjs-auth0/commit/35eb321de3345ccf23e8c0d6f66c9f2f2f57d26c"
@@ -56,6 +60,6 @@
     "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-10T21:35:58Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-11T01:16:00Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/12/GHSA-wqv2-4wpg-8hc9/GHSA-wqv2-4wpg-8hc9.json b/advisories/github-reviewed/2025/12/GHSA-wqv2-4wpg-8hc9/GHSA-wqv2-4wpg-8hc9.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wqv2-4wpg-8hc9",
-  "modified": "2025-12-10T20:02:32Z",
+  "modified": "2025-12-11T15:51:11Z",
   "published": "2025-12-10T17:18:37Z",
   "aliases": [
     "CVE-2025-67713"
@@ -10,8 +10,8 @@
   "details": "### Summary\n`redirect_url` is treated as safe when `url.Parse(...).IsAbs()` is false. Protocol-relative URLs like `//ikotaslabs.com` have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites.\n\n### Details\n- `url.Parse(\"//ikotaslabs.com\")` => empty Scheme, Host=\"ikotaslabs.com\".\n- `IsAbs()` returns false for `//ikotaslabs.com`, so the code treats it as allowed.\n- Browser resolves `//ikotaslabs.com` to current-origin scheme (e.g. `https://ikotaslabs.com`), enabling phishing flows after login.\n\n### PoC\n1. Send or visit: `http://localhost/login?redirect_url=//ikotaslabs.com`  \n2. Complete normal login flow.  \n3. After login the app redirects to `https://ikotaslabs.com` (or `http://` depending on origin).\n\n### Acknowledgements  \nThis vulnerability was discovered using the automated vulnerability analysis tools **VulScribe** and **PwnML**.  \nThe research and tool development were conducted with support from the **MITOU Advanced Program (未踏アドバンスト事業)**,  \nadministered by the **Information-technology Promotion Agency (IPA), Japan**.",
   "severity": [
     {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/miniflux/v2/security/advisories/GHSA-wqv2-4wpg-8hc9"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67713"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/miniflux/v2/commit/76df99f3a3db234cf6b312be5e771485213d03c7"
@@ -56,9 +60,9 @@
     "cwe_ids": [
       "CWE-601"
     ],
-    "severity": "LOW",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-10T17:18:37Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-11T01:16:00Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/12/GHSA-x93p-w2ch-fg67/GHSA-x93p-w2ch-fg67.json b/advisories/github-reviewed/2025/12/GHSA-x93p-w2ch-fg67/GHSA-x93p-w2ch-fg67.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x93p-w2ch-fg67",
-  "modified": "2025-12-10T20:02:47Z",
+  "modified": "2025-12-11T15:50:05Z",
   "published": "2025-12-10T18:20:55Z",
   "aliases": [
     "CVE-2025-67719"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/ibexa/user/security/advisories/GHSA-x93p-w2ch-fg67"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67719"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/ibexa/user/commit/9d485bf385e6401c9f7ee80287d8ccd00f73dcf4"
@@ -60,6 +64,6 @@
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-10T18:20:55Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-11T02:16:18Z"
   }
 }
