Publish Advisories

GHSA-2v5m-cq9w-fc33
GHSA-g7f3-828f-7h7m
GHSA-ghfh-fmx4-26h8
GHSA-gr7h-xw4f-wh86
GHSA-jfx9-29x2-rv3j
GHSA-m732-5p4w-x69g
GHSA-r397-ff8c-wv2g
GHSA-rc54-2g2c-g36g
GHSA-vr63-x8vc-m265

Author: advisory-database[bot]

advisories/github-reviewed/2025/10/GHSA-2v5m-cq9w-fc33/GHSA-2v5m-cq9w-fc33.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2v5m-cq9w-fc33",
-  "modified": "2025-10-22T19:45:54Z",
+  "modified": "2025-10-23T17:40:23Z",
   "published": "2025-10-22T16:46:03Z",
   "aliases": [
     "CVE-2025-62617"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62617"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb"
@@ -59,6 +63,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-22T16:46:03Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-22T22:15:34Z"
   }
 }

advisories/github-reviewed/2025/10/GHSA-g7f3-828f-7h7m/GHSA-g7f3-828f-7h7m.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g7f3-828f-7h7m",
-  "modified": "2025-10-22T19:46:03Z",
+  "modified": "2025-10-23T17:40:14Z",
   "published": "2025-10-10T22:54:03Z",
   "aliases": [
     "CVE-2025-62706"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/authlib/authlib/security/advisories/GHSA-g7f3-828f-7h7m"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62706"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/authlib/authlib/commit/e0863d5129316b1790eee5f14cece32a03b8184d"
@@ -57,6 +61,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-10T22:54:03Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-22T22:15:35Z"
   }
 }

advisories/github-reviewed/2025/10/GHSA-ghfh-fmx4-26h8/GHSA-ghfh-fmx4-26h8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-ghfh-fmx4-26h8",
-  "modified": "2025-10-22T19:37:53Z",
+  "modified": "2025-10-23T17:38:22Z",
   "published": "2025-10-22T19:37:53Z",
   "aliases": [
     "CVE-2025-62513"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/openbao/openbao/security/advisories/GHSA-ghfh-fmx4-26h8"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62513"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openbao/openbao/commit/cc2c476bac66e1d94776c2629793daec3af625f8"
@@ -56,6 +60,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-22T19:37:53Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-22T20:15:38Z"
   }
 }

advisories/github-reviewed/2025/10/GHSA-gr7h-xw4f-wh86/GHSA-gr7h-xw4f-wh86.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gr7h-xw4f-wh86",
-  "modified": "2025-10-22T19:41:49Z",
+  "modified": "2025-10-23T17:40:01Z",
   "published": "2025-10-22T19:41:49Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2025-62710"
+  ],
   "summary": "Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl",
   "details": "### Impact\nEncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at‑rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data.\n\n### Patches\nSAK-49866 is patched in Sakai 23.5, 25.0, and trunk. \n\n### Credits\n- Reported by [Suraj Gangwar](https://www.linkedin.com/in/surajgangwar?trk=contact-info).\n- Patched by Sam Ottenhoff (Longsight).",
   "severity": [
@@ -38,6 +40,14 @@
       "type": "WEB",
       "url": "https://github.com/sakaiproject/sakai/security/advisories/GHSA-gr7h-xw4f-wh86"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62710"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/sakaiproject/sakai/commit/bde070104b1de01f4a6458dca6d9e0880a0e3c04"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/sakaiproject/sakai"
@@ -50,6 +60,6 @@
     "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-22T19:41:49Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-22T23:15:34Z"
   }
 }

advisories/github-reviewed/2025/10/GHSA-jfx9-29x2-rv3j/GHSA-jfx9-29x2-rv3j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jfx9-29x2-rv3j",
-  "modified": "2025-10-22T19:40:50Z",
+  "modified": "2025-10-23T17:40:45Z",
   "published": "2025-10-22T19:40:50Z",
   "aliases": [
     "CVE-2025-62708"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62708"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/py-pdf/pypdf/pull/3502"
@@ -51,6 +55,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/py-pdf/pypdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/py-pdf/pypdf/releases/tag/6.1.3"
     }
   ],
   "database_specific": {
@@ -60,6 +68,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-22T19:40:50Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-22T22:15:35Z"
   }
 }

advisories/github-reviewed/2025/10/GHSA-m732-5p4w-x69g/GHSA-m732-5p4w-x69g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m732-5p4w-x69g",
-  "modified": "2025-10-22T19:42:31Z",
+  "modified": "2025-10-23T17:38:34Z",
   "published": "2025-10-22T15:21:18Z",
   "aliases": [
     "CVE-2025-62610"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/honojs/hono/security/advisories/GHSA-m732-5p4w-x69g"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62610"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/honojs/hono/commit/45ba3bf9e3dff8e4bd85d6b47d4b71c8d6c66bef"
@@ -56,6 +60,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-22T15:21:18Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-22T20:15:38Z"
   }
 }

advisories/github-reviewed/2025/10/GHSA-r397-ff8c-wv2g/GHSA-r397-ff8c-wv2g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r397-ff8c-wv2g",
-  "modified": "2025-10-22T16:47:10Z",
+  "modified": "2025-10-23T17:38:48Z",
   "published": "2025-10-22T16:47:10Z",
   "aliases": [
     "CVE-2025-62611"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/aio-libs/aiomysql/security/advisories/GHSA-r397-ff8c-wv2g"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62611"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/aio-libs/aiomysql/pull/1044"
@@ -63,6 +67,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-22T16:47:10Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-22T20:15:38Z"
   }
 }

advisories/github-reviewed/2025/10/GHSA-rc54-2g2c-g36g/GHSA-rc54-2g2c-g36g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rc54-2g2c-g36g",
-  "modified": "2025-10-22T19:55:40Z",
+  "modified": "2025-10-23T17:40:56Z",
   "published": "2025-10-22T19:55:40Z",
   "aliases": [
     "CVE-2025-62705"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/openbao/openbao/security/advisories/GHSA-rc54-2g2c-g36g"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62705"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openbao/openbao/commit/cc2c476bac66e1d94776c2629793daec3af625f8"
@@ -56,6 +60,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-22T19:55:40Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-22T22:15:35Z"
   }
 }

advisories/github-reviewed/2025/10/GHSA-vr63-x8vc-m265/GHSA-vr63-x8vc-m265.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vr63-x8vc-m265",
-  "modified": "2025-10-22T19:40:47Z",
+  "modified": "2025-10-23T17:40:35Z",
   "published": "2025-10-22T19:40:47Z",
   "aliases": [
     "CVE-2025-62707"
@@ -40,13 +40,25 @@
       "type": "WEB",
       "url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62707"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/py-pdf/pypdf/pull/3501"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/py-pdf/pypdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/py-pdf/pypdf/releases/tag/6.1.3"
     }
   ],
   "database_specific": {
@@ -56,6 +68,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-10-22T19:40:47Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-10-22T22:15:35Z"
   }
 }