Publish Advisories

GHSA-mwmh-7px9-4c23
GHSA-vvw2-h478-xwr3

Author: advisory-database[bot]

advisories/github-reviewed/2025/10/GHSA-mwmh-7px9-4c23/GHSA-mwmh-7px9-4c23.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mwmh-7px9-4c23",
-  "modified": "2025-10-29T22:20:50Z",
+  "modified": "2025-11-04T17:05:59Z",
   "published": "2025-10-29T22:20:50Z",
   "aliases": [
     "CVE-2025-64101"
@@ -25,14 +25,33 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "2.0.0"
             },
             {
               "fixed": "2.71.18"
             }
           ]
         }
       ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/zitadel/zitadel/v2"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.80.0-v2.20.0.20251029090537-72a5c33e6ac3"
+            }
+          ]
+        }
+      ]
     }
   ],
   "references": [

…-vvw2-h478-xwr3/GHSA-vvw2-h478-xwr3.json …-vvw2-h478-xwr3/GHSA-vvw2-h478-xwr3.jsonadvisories/unreviewed/2025/11/GHSA-vvw2-h478-xwr3/GHSA-vvw2-h478-xwr3.json renamed to advisories/github-reviewed/2025/11/GHSA-vvw2-h478-xwr3/GHSA-vvw2-h478-xwr3.json advisories/unreviewed/2025/11/GHSA-vvw2-h478-xwr3/GHSA-vvw2-h478-xwr3.json renamed to advisories/github-reviewed/2025/11/GHSA-vvw2-h478-xwr3/GHSA-vvw2-h478-xwr3.json

@@ -1,24 +1,49 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vvw2-h478-xwr3",
-  "modified": "2025-11-04T15:31:35Z",
+  "modified": "2025-11-04T17:05:45Z",
   "published": "2025-11-04T15:31:35Z",
   "aliases": [
     "CVE-2025-12695"
   ],
+  "summary": "DSPy does not properly restrict file reads",
   "details": "The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "dspy"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.0.3"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12695"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/stanfordnlp/dspy"
+    },
     {
       "type": "WEB",
       "url": "https://research.jfrog.com/vulnerabilities/dspy-sandbox-escape-arbitrary-file-read-jfsa-2025-001495652"
@@ -29,8 +54,8 @@
       "CWE-653"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-11-04T17:05:45Z",
     "nvd_published_at": "2025-11-04T14:15:34Z"
   }
 }