Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 09984e7cfc96 · 2025-11-20T19:32:08.000Z
GHSA-89mq-4x47-5v83 GHSA-r5fx-8r73-v86c GHSA-mhp6-pxh8-r675
diff --git a/advisories/github-reviewed/2019/11/GHSA-89mq-4x47-5v83/GHSA-89mq-4x47-5v83.json b/advisories/github-reviewed/2019/11/GHSA-89mq-4x47-5v83/GHSA-89mq-4x47-5v83.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-89mq-4x47-5v83",
-  "modified": "2022-01-04T19:51:20Z",
+  "modified": "2025-11-20T19:29:58Z",
   "published": "2019-11-20T15:29:43Z",
   "aliases": [
     "CVE-2019-10768"
   ],
-  "summary": "Prototype Pollution in angular",
-  "details": "Versions of `angular ` prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function `merge()` does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nUpgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.",
+  "summary": "angular Prototype Pollution vulnerability",
+  "details": "Versions of `angular ` prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function `merge()` does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.\n\n## Recommendation\n\nUpgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -54,15 +54,15 @@
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-534884"
+      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://www.npmjs.com/advisories/1343"
+      "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-534884"
     }
   ],
   "database_specific": {
diff --git a/advisories/github-reviewed/2020/02/GHSA-r5fx-8r73-v86c/GHSA-r5fx-8r73-v86c.json b/advisories/github-reviewed/2020/02/GHSA-r5fx-8r73-v86c/GHSA-r5fx-8r73-v86c.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r5fx-8r73-v86c",
-  "modified": "2022-08-02T16:22:26Z",
+  "modified": "2025-11-20T19:30:06Z",
   "published": "2020-02-14T23:08:49Z",
   "aliases": [
     "CVE-2019-14863"
diff --git a/advisories/github-reviewed/2020/06/GHSA-mhp6-pxh8-r675/GHSA-mhp6-pxh8-r675.json b/advisories/github-reviewed/2020/06/GHSA-mhp6-pxh8-r675/GHSA-mhp6-pxh8-r675.json
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mhp6-pxh8-r675",
-  "modified": "2023-09-08T20:50:35Z",
+  "modified": "2025-11-20T19:31:06Z",
   "published": "2020-06-18T14:19:58Z",
   "aliases": [
     "CVE-2020-7676"
   ],
-  "summary": "Cross site scripting in Angular",
+  "summary": "Angular vulnerable to Cross-site Scripting",
   "details": "angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping `<option>` elements in `<select>` ones changes parsing behavior, leading to possibly unsanitizing code.",
   "severity": [
     {
@@ -49,52 +49,92 @@
       "url": "https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd"
     },
     {
-      "type": "PACKAGE",
-      "url": "https://github.com/angular/angular.js"
+      "type": "WEB",
+      "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E"
     },
     {
       "type": "WEB",
       "url": "https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E"
+      "url": "https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E"
     },
     {
       "type": "WEB",
-      "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"
+      "url": "https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/angular/angular.js"
     }
   ],
   "database_specific": {
@@ -104,6 +144,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2020-06-18T14:09:41Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2020-06-08T14:15:13Z"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-r5fx-8r73-v86c",`
`4`		`- "modified": "2022-08-02T16:22:26Z",`
	`4`	`+ "modified": "2025-11-20T19:30:06Z",`
`5`	`5`	`"published": "2020-02-14T23:08:49Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2019-14863"`