Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 389924d9a664 · 2025-09-25T00:31:51.000Z
GHSA-23h3-v846-4gxf GHSA-4g3g-9jv2-fhx5 GHSA-p75m-894q-gmxh GHSA-w3fm-7p4x-vf2h GHSA-8mjq-32x3-22qf GHSA-pm99-pv2w-ghvr
diff --git a/advisories/unreviewed/2022/05/GHSA-23h3-v846-4gxf/GHSA-23h3-v846-4gxf.json b/advisories/unreviewed/2022/05/GHSA-23h3-v846-4gxf/GHSA-23h3-v846-4gxf.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-23h3-v846-4gxf",
-  "modified": "2022-05-17T04:04:45Z",
+  "modified": "2025-09-25T00:30:27Z",
   "published": "2022-05-17T04:04:45Z",
   "aliases": [
     "CVE-2014-0774"
@@ -14,6 +14,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0774"
     },
+    {
+      "type": "WEB",
+      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-02"
+    },
     {
       "type": "WEB",
       "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01"
@@ -29,7 +37,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-119"
+      "CWE-119",
+      "CWE-121"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,
diff --git a/advisories/unreviewed/2022/05/GHSA-4g3g-9jv2-fhx5/GHSA-4g3g-9jv2-fhx5.json b/advisories/unreviewed/2022/05/GHSA-4g3g-9jv2-fhx5/GHSA-4g3g-9jv2-fhx5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4g3g-9jv2-fhx5",
-  "modified": "2022-05-17T04:46:09Z",
+  "modified": "2025-09-25T00:30:27Z",
   "published": "2022-05-17T04:46:09Z",
   "aliases": [
     "CVE-2014-0778"
@@ -14,9 +14,17 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0778"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-105-01"
+    },
     {
       "type": "WEB",
       "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-105-01"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.progea.com/it-it/downloads/software.aspx"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2022/05/GHSA-p75m-894q-gmxh/GHSA-p75m-894q-gmxh.json b/advisories/unreviewed/2022/05/GHSA-p75m-894q-gmxh/GHSA-p75m-894q-gmxh.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p75m-894q-gmxh",
-  "modified": "2022-05-17T04:47:23Z",
+  "modified": "2025-09-25T00:30:27Z",
   "published": "2022-05-17T04:47:23Z",
   "aliases": [
     "CVE-2014-0777"
@@ -14,14 +14,23 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0777"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-100-01"
+    },
     {
       "type": "WEB",
       "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-100-01"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.ioserver.com"
     }
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-119"
+      "CWE-119",
+      "CWE-125"
     ],
     "severity": "HIGH",
     "github_reviewed": false,
diff --git a/advisories/unreviewed/2022/05/GHSA-w3fm-7p4x-vf2h/GHSA-w3fm-7p4x-vf2h.json b/advisories/unreviewed/2022/05/GHSA-w3fm-7p4x-vf2h/GHSA-w3fm-7p4x-vf2h.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w3fm-7p4x-vf2h",
-  "modified": "2022-05-14T01:44:13Z",
+  "modified": "2025-09-25T00:30:27Z",
   "published": "2022-05-14T01:44:13Z",
   "aliases": [
     "CVE-2014-0779"
@@ -14,6 +14,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0779"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-072-01"
+    },
     {
       "type": "WEB",
       "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01"
diff --git a/advisories/unreviewed/2025/09/GHSA-8mjq-32x3-22qf/GHSA-8mjq-32x3-22qf.json b/advisories/unreviewed/2025/09/GHSA-8mjq-32x3-22qf/GHSA-8mjq-32x3-22qf.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8mjq-32x3-22qf",
+  "modified": "2025-09-25T00:30:27Z",
+  "published": "2025-09-25T00:30:27Z",
+  "aliases": [
+    "CVE-2025-10894"
+  ],
+  "details": "Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10894"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2025-10894"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/supply-chain-attacks-NPM-packages"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396282"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wiz.io/blog/s1ngularity-supply-chain-attack"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-506"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-24T22:15:35Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/09/GHSA-pm99-pv2w-ghvr/GHSA-pm99-pv2w-ghvr.json b/advisories/unreviewed/2025/09/GHSA-pm99-pv2w-ghvr/GHSA-pm99-pv2w-ghvr.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pm99-pv2w-ghvr",
+  "modified": "2025-09-25T00:30:28Z",
+  "published": "2025-09-25T00:30:28Z",
+  "aliases": [
+    "CVE-2025-54520"
+  ],
+  "details": "Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54520"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8018.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1247"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-24T22:15:35Z"
+  }
+}
