Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 3fad8e25b8f2 · 2025-11-05T22:17:26.000Z
GHSA-cf57-c578-7jvv GHSA-cfjq-28r2-4jv5 GHSA-f9f4-5859-29mf GHSA-fj2x-735w-74vq
diff --git a/advisories/github-reviewed/2025/10/GHSA-cf57-c578-7jvv/GHSA-cf57-c578-7jvv.json b/advisories/github-reviewed/2025/10/GHSA-cf57-c578-7jvv/GHSA-cf57-c578-7jvv.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cf57-c578-7jvv",
-  "modified": "2025-10-30T17:08:12Z",
+  "modified": "2025-11-05T22:14:39Z",
   "published": "2025-10-30T17:08:12Z",
   "aliases": [],
   "summary": "Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode",
@@ -45,6 +45,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/TecharoHQ/anubis"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2025-4086"
     }
   ],
   "database_specific": {
diff --git a/advisories/github-reviewed/2025/10/GHSA-cfjq-28r2-4jv5/GHSA-cfjq-28r2-4jv5.json b/advisories/github-reviewed/2025/10/GHSA-cfjq-28r2-4jv5/GHSA-cfjq-28r2-4jv5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cfjq-28r2-4jv5",
-  "modified": "2025-11-04T17:14:23Z",
+  "modified": "2025-11-05T22:14:13Z",
   "published": "2025-10-29T22:21:27Z",
   "aliases": [
     "CVE-2025-64103"
@@ -111,6 +111,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/zitadel/zitadel"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2025-4083"
     }
   ],
   "database_specific": {
diff --git a/advisories/github-reviewed/2025/10/GHSA-f9f4-5859-29mf/GHSA-f9f4-5859-29mf.json b/advisories/github-reviewed/2025/10/GHSA-f9f4-5859-29mf/GHSA-f9f4-5859-29mf.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f9f4-5859-29mf",
-  "modified": "2025-10-31T17:55:40Z",
+  "modified": "2025-11-05T22:15:57Z",
   "published": "2025-10-30T21:30:46Z",
   "aliases": [
     "CVE-2025-61141"
@@ -45,6 +45,10 @@
     {
       "type": "WEB",
       "url": "https://lukmanern.github.io/CVE-2025-61141.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2025-4088"
     }
   ],
   "database_specific": {
diff --git a/advisories/github-reviewed/2025/10/GHSA-fj2x-735w-74vq/GHSA-fj2x-735w-74vq.json b/advisories/github-reviewed/2025/10/GHSA-fj2x-735w-74vq/GHSA-fj2x-735w-74vq.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fj2x-735w-74vq",
-  "modified": "2025-10-30T17:10:40Z",
+  "modified": "2025-11-05T22:15:15Z",
   "published": "2025-10-30T17:10:40Z",
   "aliases": [],
   "summary": "gnark-crypto allows unchecked memory allocation during vector deserialization",
@@ -71,6 +71,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/Consensys/gnark-crypto"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2025-4087"
     }
   ],
   "database_specific": {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-cf57-c578-7jvv",`
`4`		`- "modified": "2025-10-30T17:08:12Z",`
	`4`	`+ "modified": "2025-11-05T22:14:39Z",`
`5`	`5`	`"published": "2025-10-30T17:08:12Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode",`
`@@ -45,6 +45,10 @@`
`45`	`45`	`{`
`46`	`46`	`"type": "PACKAGE",`
`47`	`47`	`"url": "https://github.com/TecharoHQ/anubis"`
	`48`	`+ },`
	`49`	`+ {`
	`50`	`+ "type": "WEB",`
	`51`	`+ "url": "https://pkg.go.dev/vuln/GO-2025-4086"`
`48`	`52`	`}`
`49`	`53`	`],`
`50`	`54`	`"database_specific": {`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-cfjq-28r2-4jv5",`
`4`		`- "modified": "2025-11-04T17:14:23Z",`
	`4`	`+ "modified": "2025-11-05T22:14:13Z",`
`5`	`5`	`"published": "2025-10-29T22:21:27Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2025-64103"`
`@@ -111,6 +111,10 @@`
`111`	`111`	`{`
`112`	`112`	`"type": "PACKAGE",`
`113`	`113`	`"url": "https://github.com/zitadel/zitadel"`
	`114`	`+ },`
	`115`	`+ {`
	`116`	`+ "type": "WEB",`
	`117`	`+ "url": "https://pkg.go.dev/vuln/GO-2025-4083"`
`114`	`118`	`}`
`115`	`119`	`],`
`116`	`120`	`"database_specific": {`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-f9f4-5859-29mf",`
`4`		`- "modified": "2025-10-31T17:55:40Z",`
	`4`	`+ "modified": "2025-11-05T22:15:57Z",`
`5`	`5`	`"published": "2025-10-30T21:30:46Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2025-61141"`
`@@ -45,6 +45,10 @@`
`45`	`45`	`{`
`46`	`46`	`"type": "WEB",`
`47`	`47`	`"url": "https://lukmanern.github.io/CVE-2025-61141.html"`
	`48`	`+ },`
	`49`	`+ {`
	`50`	`+ "type": "WEB",`
	`51`	`+ "url": "https://pkg.go.dev/vuln/GO-2025-4088"`
`48`	`52`	`}`
`49`	`53`	`],`
`50`	`54`	`"database_specific": {`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-fj2x-735w-74vq",`
`4`		`- "modified": "2025-10-30T17:10:40Z",`
	`4`	`+ "modified": "2025-11-05T22:15:15Z",`
`5`	`5`	`"published": "2025-10-30T17:10:40Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "gnark-crypto allows unchecked memory allocation during vector deserialization",`
`@@ -71,6 +71,10 @@`
`71`	`71`	`{`
`72`	`72`	`"type": "PACKAGE",`
`73`	`73`	`"url": "https://github.com/Consensys/gnark-crypto"`
	`74`	`+ },`
	`75`	`+ {`
	`76`	`+ "type": "WEB",`
	`77`	`+ "url": "https://pkg.go.dev/vuln/GO-2025-4087"`
`74`	`78`	`}`
`75`	`79`	`],`
`76`	`80`	`"database_specific": {`