Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-28hp-2gv6-gjp8/GHSA-28hp-2gv6-gjp8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-28hp-2gv6-gjp8",
-  "modified": "2022-05-13T01:19:56Z",
+  "modified": "2025-12-18T00:34:04Z",
   "published": "2022-05-13T01:19:56Z",
   "aliases": [
     "CVE-2018-20685"

advisories/unreviewed/2022/05/GHSA-7g45-9xmp-g2w6/GHSA-7g45-9xmp-g2w6.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7g45-9xmp-g2w6",
-  "modified": "2022-07-26T00:01:00Z",
+  "modified": "2025-12-18T00:34:04Z",
   "published": "2022-05-24T17:07:07Z",
   "aliases": [
     "CVE-2019-20388"

advisories/unreviewed/2022/05/GHSA-c8qw-h3f6-fv63/GHSA-c8qw-h3f6-fv63.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c8qw-h3f6-fv63",
-  "modified": "2022-05-13T01:19:10Z",
+  "modified": "2025-12-18T00:34:04Z",
   "published": "2022-05-13T01:19:10Z",
   "aliases": [
     "CVE-2018-15473"

advisories/unreviewed/2022/05/GHSA-jh65-6gq2-4wq3/GHSA-jh65-6gq2-4wq3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jh65-6gq2-4wq3",
-  "modified": "2023-08-16T15:30:15Z",
+  "modified": "2025-12-18T00:34:04Z",
   "published": "2022-05-24T16:57:44Z",
   "aliases": [
     "CVE-2018-14465"
@@ -25,51 +25,63 @@
     },
     {
       "type": "WEB",
-      "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
+      "url": "https://www.debian.org/security/2019/dsa-4547"
     },
     {
       "type": "WEB",
-      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
+      "url": "https://usn.ubuntu.com/4252-2"
     },
     {
       "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN"
+      "url": "https://usn.ubuntu.com/4252-1"
     },
     {
       "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN"
+      "url": "https://support.apple.com/kb/HT210788"
     },
     {
       "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU"
+      "url": "https://security.netapp.com/advisory/ntap-20200120-0001"
+    },
+    {
+      "type": "WEB",
+      "url": "https://seclists.org/bugtraq/2019/Oct/28"
     },
     {
       "type": "WEB",
       "url": "https://seclists.org/bugtraq/2019/Dec/23"
     },
     {
       "type": "WEB",
-      "url": "https://seclists.org/bugtraq/2019/Oct/28"
+      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU"
     },
     {
       "type": "WEB",
-      "url": "https://security.netapp.com/advisory/ntap-20200120-0001"
+      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN"
     },
     {
       "type": "WEB",
-      "url": "https://support.apple.com/kb/HT210788"
+      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN"
     },
     {
       "type": "WEB",
-      "url": "https://usn.ubuntu.com/4252-1"
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU"
     },
     {
       "type": "WEB",
-      "url": "https://usn.ubuntu.com/4252-2"
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN"
     },
     {
       "type": "WEB",
-      "url": "https://www.debian.org/security/2019/dsa-4547"
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES"
     },
     {
       "type": "WEB",

advisories/unreviewed/2022/05/GHSA-jpw5-97m6-c8m2/GHSA-jpw5-97m6-c8m2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jpw5-97m6-c8m2",
-  "modified": "2022-05-13T01:16:28Z",
+  "modified": "2025-12-18T00:34:04Z",
   "published": "2022-05-13T01:16:28Z",
   "aliases": [
     "CVE-2018-1125"
@@ -62,6 +62,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-121",
       "CWE-787"
     ],
     "severity": "HIGH",

advisories/unreviewed/2022/05/GHSA-r6h3-3q3x-3wcr/GHSA-r6h3-3q3x-3wcr.json

@@ -110,7 +110,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-119"
+      "CWE-119",
+      "CWE-122"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2024/03/GHSA-79pv-8q24-469w/GHSA-79pv-8q24-469w.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-79pv-8q24-469w",
-  "modified": "2024-03-01T09:31:07Z",
+  "modified": "2025-12-18T00:34:05Z",
   "published": "2024-03-01T09:31:07Z",
   "aliases": [
     "CVE-2024-27950"
   ],
-  "details": "Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0.\n\n",
+  "details": "Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2025/11/GHSA-3qpq-4m92-9c3w/GHSA-3qpq-4m92-9c3w.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3qpq-4m92-9c3w",
-  "modified": "2025-11-21T15:31:28Z",
+  "modified": "2025-12-18T00:34:05Z",
   "published": "2025-11-21T15:31:28Z",
   "aliases": [
     "CVE-2025-66115"
   ],
   "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through <= 2.1.4.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-98"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-21T13:15:53Z"

advisories/unreviewed/2025/11/GHSA-jqjj-9hc3-x3q4/GHSA-jqjj-9hc3-x3q4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jqjj-9hc3-x3q4",
-  "modified": "2025-11-19T18:31:19Z",
+  "modified": "2025-12-18T00:34:05Z",
   "published": "2025-11-19T18:31:19Z",
   "aliases": [
     "CVE-2025-63221"
   ],
   "details": "The Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-19T16:15:48Z"

advisories/unreviewed/2025/12/GHSA-24wc-c957-8qx7/GHSA-24wc-c957-8qx7.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-24wc-c957-8qx7",
+  "modified": "2025-12-18T00:34:07Z",
+  "published": "2025-12-18T00:34:07Z",
+  "aliases": [
+    "CVE-2023-53919"
+  ],
+  "details": "PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53919"
+    },
+    {
+      "type": "WEB",
+      "url": "https://podcastgenerator.net"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/51454"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/podcastgenerator-stored-cross-site-scripting-via-freebox-content-field"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-17T23:15:50Z"
+  }
+}