Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 0f76ecfea275 · 2025-10-29T14:49:30.000Z
GHSA-5xf2-f6ch-6p8r GHSA-7f5h-v6xp-fcq8 GHSA-867c-p784-5q6g GHSA-q8j9-34qf-7vq7 GHSA-qcpr-679q-rhm2
diff --git a/advisories/github-reviewed/2025/09/GHSA-5xf2-f6ch-6p8r/GHSA-5xf2-f6ch-6p8r.json b/advisories/github-reviewed/2025/09/GHSA-5xf2-f6ch-6p8r/GHSA-5xf2-f6ch-6p8r.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5xf2-f6ch-6p8r",
-  "modified": "2025-09-22T18:04:21Z",
+  "modified": "2025-10-29T14:48:34Z",
   "published": "2025-09-22T18:04:20Z",
   "aliases": [
     "CVE-2025-40843"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-5xf2-f6ch-6p8r"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40843"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/Ericsson/codechecker/commit/4122eb1b43d00c880e4f0747d2ca0a674feb7a50"
@@ -59,6 +63,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-09-22T18:04:20Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-28T19:15:41Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/10/GHSA-7f5h-v6xp-fcq8/GHSA-7f5h-v6xp-fcq8.json b/advisories/github-reviewed/2025/10/GHSA-7f5h-v6xp-fcq8/GHSA-7f5h-v6xp-fcq8.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7f5h-v6xp-fcq8",
-  "modified": "2025-10-28T20:38:01Z",
+  "modified": "2025-10-29T14:48:52Z",
   "published": "2025-10-28T20:38:01Z",
   "aliases": [
     "CVE-2025-62727"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
@@ -64,6 +68,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-28T20:38:01Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-28T21:15:40Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/10/GHSA-867c-p784-5q6g/GHSA-867c-p784-5q6g.json b/advisories/github-reviewed/2025/10/GHSA-867c-p784-5q6g/GHSA-867c-p784-5q6g.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-867c-p784-5q6g",
-  "modified": "2025-10-28T20:14:09Z",
+  "modified": "2025-10-29T14:48:58Z",
   "published": "2025-10-28T20:14:09Z",
   "aliases": [
     "CVE-2025-62796"
@@ -40,6 +40,14 @@
       "type": "WEB",
       "url": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-867c-p784-5q6g"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62796"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/PrivateBin/PrivateBin/pull/1550"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/PrivateBin/PrivateBin/commit/c4f8482b3072be7ae012cace1b3f5658dcc3b42e"
@@ -57,6 +65,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-28T20:14:09Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-28T21:15:40Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/10/GHSA-q8j9-34qf-7vq7/GHSA-q8j9-34qf-7vq7.json b/advisories/github-reviewed/2025/10/GHSA-q8j9-34qf-7vq7/GHSA-q8j9-34qf-7vq7.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q8j9-34qf-7vq7",
-  "modified": "2025-10-28T17:31:32Z",
+  "modified": "2025-10-29T14:47:34Z",
   "published": "2025-10-28T17:31:32Z",
   "aliases": [
     "CVE-2025-27093"
@@ -18,7 +18,7 @@
     {
       "package": {
         "ecosystem": "Go",
-        "name": "github.com/bishopfox/sliver"
+        "name": "github.com/BishopFox/sliver"
       },
       "ranges": [
         {
@@ -28,22 +28,33 @@
               "introduced": "0"
             },
             {
-              "last_affected": "1.5.43"
+              "fixed": "1.5.44"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.5.43"
+      }
     }
   ],
   "references": [
     {
       "type": "WEB",
       "url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-q8j9-34qf-7vq7"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27093"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/BishopFox/sliver/commit/8e5c5f14506d6d60ebb3362e6b9857ab1e0d76ff"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/BishopFox/sliver/commit/9122878cbbcae543eb8210f616550382af2065fd"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/BishopFox/sliver"
@@ -56,6 +67,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-28T17:31:32Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-28T20:15:47Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/10/GHSA-qcpr-679q-rhm2/GHSA-qcpr-679q-rhm2.json b/advisories/github-reviewed/2025/10/GHSA-qcpr-679q-rhm2/GHSA-qcpr-679q-rhm2.json
@@ -1,14 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qcpr-679q-rhm2",
-  "modified": "2025-10-28T17:45:05Z",
+  "modified": "2025-10-29T14:48:45Z",
   "published": "2025-10-28T17:45:04Z",
   "aliases": [
     "CVE-2025-59837"
   ],
   "summary": "Astro's bypass of image proxy domain validation leads to SSRF and potential XSS",
   "details": "### Summary\n\nThis is a patch bypass of CVE-2025-58179 in commit [9ecf359](https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252). The fix blocks `http://`, `https://` and `//`, but can be bypassed using backslashes (`\\`) - the endpoint still issues a server-side fetch.\n\n### PoC\n[https://astro.build/_image?href=\\\\raw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg&f=svg](https://astro.build/_image?href=%5C%5Craw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg&f=svg)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -35,6 +40,18 @@
       "type": "WEB",
       "url": "https://github.com/withastro/astro/security/advisories/GHSA-qcpr-679q-rhm2"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59837"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/withastro/astro/commit/1e2499e8ea83ebfa233a18a7499e1ccf169e56f4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/withastro/astro"
@@ -48,6 +65,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-28T17:45:04Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-28T20:15:49Z"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-q8j9-34qf-7vq7",`
`4`		`- "modified": "2025-10-28T17:31:32Z",`
	`4`	`+ "modified": "2025-10-29T14:47:34Z",`
`5`	`5`	`"published": "2025-10-28T17:31:32Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2025-27093"`
`@@ -18,7 +18,7 @@`
`18`	`18`	`{`
`19`	`19`	`"package": {`
`20`	`20`	`"ecosystem": "Go",`
`21`		`- "name": "github.com/bishopfox/sliver"`
	`21`	`+ "name": "github.com/BishopFox/sliver"`
`22`	`22`	`},`
`23`	`23`	`"ranges": [`
`24`	`24`	`{`
`@@ -28,22 +28,33 @@`
`28`	`28`	`"introduced": "0"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`		`- "last_affected": "1.5.43"`
	`31`	`+ "fixed": "1.5.44"`
`32`	`32`	`}`
`33`	`33`	`]`
`34`	`34`	`}`
`35`		`- ]`
	`35`	`+ ],`
	`36`	`+ "database_specific": {`
	`37`	`+ "last_known_affected_version_range": "<= 1.5.43"`
	`38`	`+ }`
`36`	`39`	`}`
`37`	`40`	`],`
`38`	`41`	`"references": [`
`39`	`42`	`{`
`40`	`43`	`"type": "WEB",`
`41`	`44`	`"url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-q8j9-34qf-7vq7"`
`42`	`45`	`},`
	`46`	`+ {`
	`47`	`+ "type": "ADVISORY",`
	`48`	`+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27093"`
	`49`	`+ },`
`43`	`50`	`{`
`44`	`51`	`"type": "WEB",`
`45`	`52`	`"url": "https://github.com/BishopFox/sliver/commit/8e5c5f14506d6d60ebb3362e6b9857ab1e0d76ff"`
`46`	`53`	`},`
	`54`	`+ {`
	`55`	`+ "type": "WEB",`
	`56`	`+ "url": "https://github.com/BishopFox/sliver/commit/9122878cbbcae543eb8210f616550382af2065fd"`
	`57`	`+ },`
`47`	`58`	`{`
`48`	`59`	`"type": "PACKAGE",`
`49`	`60`	`"url": "https://github.com/BishopFox/sliver"`
`@@ -56,6 +67,6 @@`
`56`	`67`	`"severity": "MODERATE",`
`57`	`68`	`"github_reviewed": true,`
`58`	`69`	`"github_reviewed_at": "2025-10-28T17:31:32Z",`
`59`		`- "nvd_published_at": null`
	`70`	`+ "nvd_published_at": "2025-10-28T20:15:47Z"`
`60`	`71`	`}`
`61`	`72`	`}`