Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/04/GHSA-7wfr-865w-3mvg/GHSA-7wfr-865w-3mvg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7wfr-865w-3mvg",
-  "modified": "2025-04-29T15:31:50Z",
+  "modified": "2025-11-07T18:30:25Z",
   "published": "2025-04-29T03:30:33Z",
   "aliases": [
     "CVE-2025-24252"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24252"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cakescats/airborn-IOS-CVE-2025-24252/blob/main/airborn_arts_CVE-2025-24252_extractor.sh"
+    },
     {
       "type": "WEB",
       "url": "https://support.apple.com/en-us/122371"

advisories/unreviewed/2025/05/GHSA-2jgx-99cr-362f/GHSA-2jgx-99cr-362f.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2jgx-99cr-362f",
-  "modified": "2025-05-01T15:31:46Z",
+  "modified": "2025-11-07T18:30:25Z",
   "published": "2025-05-01T15:31:46Z",
   "aliases": [
     "CVE-2022-49779"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case\n\nIn __unregister_kprobe_top(), if the currently unregistered probe has\npost_handler but other child probes of the aggrprobe do not have\npost_handler, the post_handler of the aggrprobe is cleared. If this is\na ftrace-based probe, there is a problem. In later calls to\ndisarm_kprobe(), we will use kprobe_ftrace_ops because post_handler is\nNULL. But we're armed with kprobe_ipmodify_ops. This triggers a WARN in\n__disarm_kprobe_ftrace() and may even cause use-after-free:\n\n  Failed to disarm kprobe-ftrace at kernel_clone+0x0/0x3c0 (error -2)\n  WARNING: CPU: 5 PID: 137 at kernel/kprobes.c:1135 __disarm_kprobe_ftrace.isra.21+0xcf/0xe0\n  Modules linked in: testKprobe_007(-)\n  CPU: 5 PID: 137 Comm: rmmod Not tainted 6.1.0-rc4-dirty #18\n  [...]\n  Call Trace:\n   <TASK>\n   __disable_kprobe+0xcd/0xe0\n   __unregister_kprobe_top+0x12/0x150\n   ? mutex_lock+0xe/0x30\n   unregister_kprobes.part.23+0x31/0xa0\n   unregister_kprobe+0x32/0x40\n   __x64_sys_delete_module+0x15e/0x260\n   ? do_user_addr_fault+0x2cd/0x6b0\n   do_syscall_64+0x3a/0x90\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd\n   [...]\n\nFor the kprobe-on-ftrace case, we keep the post_handler setting to\nidentify this aggrprobe armed with kprobe_ipmodify_ops. This way we\ncan disarm it correctly.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:01Z"

advisories/unreviewed/2025/05/GHSA-6f24-wm2q-5fj6/GHSA-6f24-wm2q-5fj6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6f24-wm2q-5fj6",
-  "modified": "2025-05-02T18:31:34Z",
+  "modified": "2025-11-07T18:30:26Z",
   "published": "2025-05-02T18:31:34Z",
   "aliases": [
     "CVE-2023-53060"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: revert rtnl_lock() that causes deadlock\n\nThe commit 6faee3d4ee8b (\"igb: Add lock to avoid data race\") adds\nrtnl_lock to eliminate a false data race shown below\n\n (FREE from device detaching)      |   (USE from netdev core)\nigb_remove                         |  igb_ndo_get_vf_config\n igb_disable_sriov                 |  vf >= adapter->vfs_allocated_count?\n  kfree(adapter->vf_data)          |\n  adapter->vfs_allocated_count = 0 |\n                                   |    memcpy(... adapter->vf_data[vf]\n\nThe above race will never happen and the extra rtnl_lock causes deadlock\nbelow\n\n[  141.420169]  <TASK>\n[  141.420672]  __schedule+0x2dd/0x840\n[  141.421427]  schedule+0x50/0xc0\n[  141.422041]  schedule_preempt_disabled+0x11/0x20\n[  141.422678]  __mutex_lock.isra.13+0x431/0x6b0\n[  141.423324]  unregister_netdev+0xe/0x20\n[  141.423578]  igbvf_remove+0x45/0xe0 [igbvf]\n[  141.423791]  pci_device_remove+0x36/0xb0\n[  141.423990]  device_release_driver_internal+0xc1/0x160\n[  141.424270]  pci_stop_bus_device+0x6d/0x90\n[  141.424507]  pci_stop_and_remove_bus_device+0xe/0x20\n[  141.424789]  pci_iov_remove_virtfn+0xba/0x120\n[  141.425452]  sriov_disable+0x2f/0xf0\n[  141.425679]  igb_disable_sriov+0x4e/0x100 [igb]\n[  141.426353]  igb_remove+0xa0/0x130 [igb]\n[  141.426599]  pci_device_remove+0x36/0xb0\n[  141.426796]  device_release_driver_internal+0xc1/0x160\n[  141.427060]  driver_detach+0x44/0x90\n[  141.427253]  bus_remove_driver+0x55/0xe0\n[  141.427477]  pci_unregister_driver+0x2a/0xa0\n[  141.428296]  __x64_sys_delete_module+0x141/0x2b0\n[  141.429126]  ? mntput_no_expire+0x4a/0x240\n[  141.429363]  ? syscall_trace_enter.isra.19+0x126/0x1a0\n[  141.429653]  do_syscall_64+0x5b/0x80\n[  141.429847]  ? exit_to_user_mode_prepare+0x14d/0x1c0\n[  141.430109]  ? syscall_exit_to_user_mode+0x12/0x30\n[  141.430849]  ? do_syscall_64+0x67/0x80\n[  141.431083]  ? syscall_exit_to_user_mode_prepare+0x183/0x1b0\n[  141.431770]  ? syscall_exit_to_user_mode+0x12/0x30\n[  141.432482]  ? do_syscall_64+0x67/0x80\n[  141.432714]  ? exc_page_fault+0x64/0x140\n[  141.432911]  entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nSince the igb_disable_sriov() will call pci_disable_sriov() before\nreleasing any resources, the netdev core will synchronize the cleanup to\navoid any races. This patch removes the useless rtnl_(un)lock to guarantee\ncorrectness.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -48,8 +53,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:25Z"

advisories/unreviewed/2025/05/GHSA-76hj-mcwf-qj3w/GHSA-76hj-mcwf-qj3w.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-76hj-mcwf-qj3w",
-  "modified": "2025-05-01T15:31:46Z",
+  "modified": "2025-11-07T18:30:25Z",
   "published": "2025-05-01T15:31:46Z",
   "aliases": [
     "CVE-2022-49781"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling\n\namd_pmu_enable_all() does:\n\n      if (!test_bit(idx, cpuc->active_mask))\n              continue;\n\n      amd_pmu_enable_event(cpuc->events[idx]);\n\nA perf NMI of another event can come between these two steps. Perf NMI\nhandler internally disables and enables _all_ events, including the one\nwhich nmi-intercepted amd_pmu_enable_all() was in process of enabling.\nIf that unintentionally enabled event has very low sampling period and\ncauses immediate successive NMI, causing the event to be throttled,\ncpuc->events[idx] and cpuc->active_mask gets cleared by x86_pmu_stop().\nThis will result in amd_pmu_enable_event() getting called with event=NULL\nwhen amd_pmu_enable_all() resumes after handling the NMIs. This causes a\nkernel crash:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000198\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  [...]\n  Call Trace:\n   <TASK>\n   amd_pmu_enable_all+0x68/0xb0\n   ctx_resched+0xd9/0x150\n   event_function+0xb8/0x130\n   ? hrtimer_start_range_ns+0x141/0x4a0\n   ? perf_duration_warn+0x30/0x30\n   remote_function+0x4d/0x60\n   __flush_smp_call_function_queue+0xc4/0x500\n   flush_smp_call_function_queue+0x11d/0x1b0\n   do_idle+0x18f/0x2d0\n   cpu_startup_entry+0x19/0x20\n   start_secondary+0x121/0x160\n   secondary_startup_64_no_verify+0xe5/0xeb\n   </TASK>\n\namd_pmu_disable_all()/amd_pmu_enable_all() calls inside perf NMI handler\nwere recently added as part of BRS enablement but I'm not sure whether\nwe really need them. We can just disable BRS in the beginning and enable\nit back while returning from NMI. This will solve the issue by not\nenabling those events whose active_masks are set but are not yet enabled\nin hw pmu.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-362"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:01Z"

advisories/unreviewed/2025/05/GHSA-8mgc-hp6q-8pj5/GHSA-8mgc-hp6q-8pj5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8mgc-hp6q-8pj5",
-  "modified": "2025-05-01T15:31:46Z",
+  "modified": "2025-11-07T18:30:25Z",
   "published": "2025-05-01T15:31:46Z",
   "aliases": [
     "CVE-2022-49773"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix optc2_configure warning on dcn314\n\n[Why]\ndcn314 uses optc2_configure_crc() that wraps\noptc1_configure_crc() + set additional registers\nnot applicable to dcn314.\nIt's not critical but when used leads to warning like:\nWARNING: drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.c\nCall Trace:\n<TASK>\ngeneric_reg_set_ex+0x6d/0xe0 [amdgpu]\noptc2_configure_crc+0x60/0x80 [amdgpu]\ndc_stream_configure_crc+0x129/0x150 [amdgpu]\namdgpu_dm_crtc_configure_crc_source+0x5d/0xe0 [amdgpu]\n\n[How]\nUse optc1_configure_crc() directly",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:00Z"

advisories/unreviewed/2025/05/GHSA-8p5p-xmqj-w26c/GHSA-8p5p-xmqj-w26c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8p5p-xmqj-w26c",
-  "modified": "2025-05-02T18:31:34Z",
+  "modified": "2025-11-07T18:30:26Z",
   "published": "2025-05-02T18:31:33Z",
   "aliases": [
     "CVE-2023-53058"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-Switch, Fix an Oops in error handling code\n\nThe error handling dereferences \"vport\".  There is nothing we can do if\nit is an error pointer except returning the error code.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:24Z"

advisories/unreviewed/2025/05/GHSA-chpc-57m9-7j2g/GHSA-chpc-57m9-7j2g.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-chpc-57m9-7j2g",
-  "modified": "2025-05-02T18:31:34Z",
+  "modified": "2025-11-07T18:30:26Z",
   "published": "2025-05-02T18:31:34Z",
   "aliases": [
     "CVE-2023-53061"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix possible refcount leak in smb2_open()\n\nReference count of acls will leak when memory allocation fails. Fix this\nby adding the missing posix_acl_release().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-02T16:15:25Z"

advisories/unreviewed/2025/05/GHSA-ff3g-qxwq-qv29/GHSA-ff3g-qxwq-qv29.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-ff3g-qxwq-qv29",
-  "modified": "2025-05-01T15:31:46Z",
+  "modified": "2025-11-07T18:30:26Z",
   "published": "2025-05-01T15:31:46Z",
   "aliases": [
     "CVE-2022-49786"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: properly pin the parent in blkcg_css_online\n\nblkcg_css_online is supposed to pin the blkcg of the parent, but\n397c9f46ee4d refactored things and along the way, changed it to pin the\ncss instead.  This results in extra pins, and we end up leaking blkcgs\nand cgroups.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:01Z"

advisories/unreviewed/2025/05/GHSA-g5p7-q8gg-6qmf/GHSA-g5p7-q8gg-6qmf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g5p7-q8gg-6qmf",
-  "modified": "2025-05-01T15:31:46Z",
+  "modified": "2025-11-07T18:30:25Z",
   "published": "2025-05-01T15:31:46Z",
   "aliases": [
     "CVE-2022-49783"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Drop fpregs lock before inheriting FPU permissions\n\nMike Galbraith reported the following against an old fork of preempt-rt\nbut the same issue also applies to the current preempt-rt tree.\n\n   BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46\n   in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: systemd\n   preempt_count: 1, expected: 0\n   RCU nest depth: 0, expected: 0\n   Preemption disabled at:\n   fpu_clone\n   CPU: 6 PID: 1 Comm: systemd Tainted: G            E       (unreleased)\n   Call Trace:\n    <TASK>\n    dump_stack_lvl\n    ? fpu_clone\n    __might_resched\n    rt_spin_lock\n    fpu_clone\n    ? copy_thread\n    ? copy_process\n    ? shmem_alloc_inode\n    ? kmem_cache_alloc\n    ? kernel_clone\n    ? __do_sys_clone\n    ? do_syscall_64\n    ? __x64_sys_rt_sigprocmask\n    ? syscall_exit_to_user_mode\n    ? do_syscall_64\n    ? syscall_exit_to_user_mode\n    ? do_syscall_64\n    ? syscall_exit_to_user_mode\n    ? do_syscall_64\n    ? exc_page_fault\n    ? entry_SYSCALL_64_after_hwframe\n    </TASK>\n\nMike says:\n\n  The splat comes from fpu_inherit_perms() being called under fpregs_lock(),\n  and us reaching the spin_lock_irq() therein due to fpu_state_size_dynamic()\n  returning true despite static key __fpu_state_size_dynamic having never\n  been enabled.\n\nMike's assessment looks correct. fpregs_lock on a PREEMPT_RT kernel disables\npreemption so calling spin_lock_irq() in fpu_inherit_perms() is unsafe. This\nproblem exists since commit\n\n  9e798e9aa14c (\"x86/fpu: Prepare fpu_clone() for dynamically enabled features\").\n\nEven though the original bug report should not have enabled the paths at\nall, the bug still exists.\n\nfpregs_lock is necessary when editing the FPU registers or a task's FP\nstate but it is not necessary for fpu_inherit_perms(). The only write\nof any FP state in fpu_inherit_perms() is for the new child which is\nnot running yet and cannot context switch or be borrowed by a kernel\nthread yet. Hence, fpregs_lock is not protecting anything in the new\nchild until clone() completes and can be dropped earlier. The siglock\nstill needs to be acquired by fpu_inherit_perms() as the read of the\nparent's permissions has to be serialised.\n\n  [ bp: Cleanup splat. ]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:01Z"

advisories/unreviewed/2025/05/GHSA-h557-5h69-jf25/GHSA-h557-5h69-jf25.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h557-5h69-jf25",
-  "modified": "2025-05-01T15:31:46Z",
+  "modified": "2025-11-07T18:30:25Z",
   "published": "2025-05-01T15:31:46Z",
   "aliases": [
     "CVE-2022-49782"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Improve missing SIGTRAP checking\n\nTo catch missing SIGTRAP we employ a WARN in __perf_event_overflow(),\nwhich fires if pending_sigtrap was already set: returning to user space\nwithout consuming pending_sigtrap, and then having the event fire again\nwould re-enter the kernel and trigger the WARN.\n\nThis, however, seemed to miss the case where some events not associated\nwith progress in the user space task can fire and the interrupt handler\nruns before the IRQ work meant to consume pending_sigtrap (and generate\nthe SIGTRAP).\n\nsyzbot gifted us this stack trace:\n\n | WARNING: CPU: 0 PID: 3607 at kernel/events/core.c:9313 __perf_event_overflow\n | Modules linked in:\n | CPU: 0 PID: 3607 Comm: syz-executor100 Not tainted 6.1.0-rc2-syzkaller-00073-g88619e77b33d #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022\n | RIP: 0010:__perf_event_overflow+0x498/0x540 kernel/events/core.c:9313\n | <...>\n | Call Trace:\n |  <TASK>\n |  perf_swevent_hrtimer+0x34f/0x3c0 kernel/events/core.c:10729\n |  __run_hrtimer kernel/time/hrtimer.c:1685 [inline]\n |  __hrtimer_run_queues+0x1c6/0xfb0 kernel/time/hrtimer.c:1749\n |  hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811\n |  local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1096 [inline]\n |  __sysvec_apic_timer_interrupt+0x17c/0x640 arch/x86/kernel/apic/apic.c:1113\n |  sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1107\n |  asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649\n | <...>\n |  </TASK>\n\nIn this case, syzbot produced a program with event type\nPERF_TYPE_SOFTWARE and config PERF_COUNT_SW_CPU_CLOCK. The hrtimer\nmanages to fire again before the IRQ work got a chance to run, all while\nnever having returned to user space.\n\nImprove the WARN to check for real progress in user space: approximate\nthis by storing a 32-bit hash of the current IP into pending_sigtrap,\nand if an event fires while pending_sigtrap still matches the previous\nIP, we assume no progress (false negatives are possible given we could\nreturn to user space and trigger again on the same IP).",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-674"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-01T15:16:01Z"