Publish Advisories

GHSA-cf57-c578-7jvv
GHSA-39hr-239p-fhqc
GHSA-3rg7-wf37-54rm
GHSA-c978-wq47-pvvw
GHSA-vm2f-46xc-5jc3

Author: advisory-database[bot]

advisories/github-reviewed/2025/10/GHSA-cf57-c578-7jvv/GHSA-cf57-c578-7jvv.json

@@ -1,15 +1,21 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cf57-c578-7jvv",
-  "modified": "2025-11-05T22:14:39Z",
+  "modified": "2025-11-15T03:11:17Z",
   "published": "2025-10-30T17:08:12Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2025-64716"
+  ],
   "summary": "Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode",
   "details": "### Summary\n\nWhen using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to `javascript:` URLs, it could still trigger dangerous behavior in some cases.\n\n`GET https://example.com/.within.website/?redir=javascript:alert()` responds with `Location: javascript:alert()`.\n\n### Impact\n\nAnybody with a subrequest authentication seems affected. Using `javascript:` URLs will probably be blocked by most modern browsers, but using custom protocols for third-party applications might still trigger dangerous operations.\n\n### Note\n\nThis was originally reported by @mbiesiad against Weblate.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N"
     }
   ],
   "affected": [
@@ -38,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/TecharoHQ/anubis/security/advisories/GHSA-cf57-c578-7jvv"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64716"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/TecharoHQ/anubis/commit/7ed1753fcced351c81961bf520a7bfb2caac6e88"
@@ -56,9 +66,9 @@
       "CWE-601",
       "CWE-79"
     ],
-    "severity": "LOW",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-30T17:08:12Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-13T03:16:29Z"
   }
 }

advisories/github-reviewed/2025/11/GHSA-39hr-239p-fhqc/GHSA-39hr-239p-fhqc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-39hr-239p-fhqc",
-  "modified": "2025-11-12T21:27:22Z",
+  "modified": "2025-11-15T03:12:52Z",
   "published": "2025-11-12T21:27:22Z",
   "aliases": [
     "CVE-2025-64099"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-39hr-239p-fhqc"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64099"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/OpenIdentityPlatform/OpenAM/commit/4254b34b2b8b4867f2e7fccfac73904213d48510"
@@ -55,11 +59,12 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-74",
       "CWE-94"
     ],
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-12T21:27:22Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-12T19:15:38Z"
   }
 }

advisories/github-reviewed/2025/11/GHSA-3rg7-wf37-54rm/GHSA-3rg7-wf37-54rm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3rg7-wf37-54rm",
-  "modified": "2025-11-12T21:50:37Z",
+  "modified": "2025-11-15T03:13:30Z",
   "published": "2025-11-12T21:50:37Z",
   "aliases": [
     "CVE-2025-64500"
@@ -135,6 +135,10 @@
       "type": "WEB",
       "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64500"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac"
@@ -163,6 +167,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-12T21:50:37Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-12T22:15:50Z"
   }
 }

advisories/github-reviewed/2025/11/GHSA-c978-wq47-pvvw/GHSA-c978-wq47-pvvw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c978-wq47-pvvw",
-  "modified": "2025-11-12T21:30:11Z",
+  "modified": "2025-11-15T03:13:07Z",
   "published": "2025-11-12T21:30:11Z",
   "aliases": [
     "CVE-2025-64170"
@@ -40,13 +40,21 @@
       "type": "WEB",
       "url": "https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64170"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/trifectatechfoundation/sudo-rs/commit/0e3d3837aec3ee9fb5dcb8bfe11e8adb367f58f4"
     },
     {
       "type": "PACKAGE",
       "url": "https://github.com/trifectatechfoundation/sudo-rs"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.10"
     }
   ],
   "database_specific": {
@@ -56,6 +64,6 @@
     "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-12T21:30:11Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-12T21:15:53Z"
   }
 }

advisories/github-reviewed/2025/11/GHSA-vm2f-46xc-5jc3/GHSA-vm2f-46xc-5jc3.json

@@ -51,6 +51,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-125",
       "CWE-22"
     ],
     "severity": "MODERATE",