Publish Advisories

GHSA-4g74-7cff-xcv8
GHSA-gf93-xccm-5g6j
GHSA-vf95-55w6-qmrf
GHSA-4m27-833c-75q4
GHSA-2jv9-jhfm-qj68
GHSA-2qr8-8m5h-4c3j
GHSA-3vg4-6fgq-6952
GHSA-49pm-cgmh-hw25
GHSA-892r-x96w-jh76
GHSA-8pr9-vvj4-gx32
GHSA-gj84-8vfx-q3vm
GHSA-h4r4-6hvf-34r8
GHSA-m4h2-vq52-xvqg
GHSA-rmp9-wcq5-wff8
GHSA-vqcj-w8vp-2m7x
GHSA-vwm3-9rh9-v735
GHSA-vxgw-44xc-h6c6
GHSA-47fj-h8p3-32hr
GHSA-954p-ff4g-qrwj
GHSA-chqh-jw54-v96h
GHSA-j5h3-g7ch-42qf

Author: advisory-database[bot]

advisories/github-reviewed/2025/11/GHSA-4g74-7cff-xcv8/GHSA-4g74-7cff-xcv8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4g74-7cff-xcv8",
-  "modified": "2025-11-05T18:44:18Z",
+  "modified": "2025-11-06T15:29:34Z",
   "published": "2025-11-05T18:44:18Z",
   "aliases": [
     "CVE-2025-62161"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/youki-dev/youki/security/advisories/GHSA-4g74-7cff-xcv8"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62161"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a"
@@ -61,6 +65,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-05T18:44:18Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-06T00:15:36Z"
   }
 }

advisories/github-reviewed/2025/11/GHSA-gf93-xccm-5g6j/GHSA-gf93-xccm-5g6j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gf93-xccm-5g6j",
-  "modified": "2025-11-04T15:43:52Z",
+  "modified": "2025-11-06T15:30:15Z",
   "published": "2025-11-04T15:43:52Z",
   "aliases": [
     "CVE-2025-64171"
@@ -43,10 +43,18 @@
       "type": "WEB",
       "url": "https://github.com/3scale-sre/marin3r/security/advisories/GHSA-gf93-xccm-5g6j"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64171"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/3scale-sre/marin3r/pull/294"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/3scale-sre/marin3r/commit/859b14115fde1d67620e645cd1b62e90e30d9981"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/3scale-sre/marin3r/commit/c60246a43ae8c0c38dd7267f298d68a121a159fa"
@@ -63,6 +71,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-04T15:43:52Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-06T01:15:38Z"
   }
 }

advisories/github-reviewed/2025/11/GHSA-vf95-55w6-qmrf/GHSA-vf95-55w6-qmrf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vf95-55w6-qmrf",
-  "modified": "2025-11-05T18:45:19Z",
+  "modified": "2025-11-06T15:29:58Z",
   "published": "2025-11-05T18:45:18Z",
   "aliases": [
     "CVE-2025-62596"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/youki-dev/youki/security/advisories/GHSA-vf95-55w6-qmrf"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62596"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a"
@@ -73,6 +77,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-05T18:45:18Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-06T00:15:37Z"
   }
 }

advisories/unreviewed/2025/02/GHSA-4m27-833c-75q4/GHSA-4m27-833c-75q4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4m27-833c-75q4",
-  "modified": "2025-02-06T18:31:05Z",
+  "modified": "2025-11-06T15:31:01Z",
   "published": "2025-02-06T06:31:26Z",
   "aliases": [
     "CVE-2024-57520"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57520"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/asterisk/asterisk/issues/1122"
+    },
     {
       "type": "WEB",
       "url": "https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621"

advisories/unreviewed/2025/10/GHSA-2jv9-jhfm-qj68/GHSA-2jv9-jhfm-qj68.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2jv9-jhfm-qj68",
-  "modified": "2025-10-31T00:30:30Z",
+  "modified": "2025-11-06T15:31:02Z",
   "published": "2025-10-31T00:30:30Z",
   "aliases": [
     "CVE-2011-10039"
   ],
   "details": "Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/10/GHSA-2qr8-8m5h-4c3j/GHSA-2qr8-8m5h-4c3j.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2qr8-8m5h-4c3j",
-  "modified": "2025-10-31T00:30:30Z",
+  "modified": "2025-11-06T15:31:02Z",
   "published": "2025-10-31T00:30:30Z",
   "aliases": [
     "CVE-2012-10063"
   ],
   "details": "Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in the application database. Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/10/GHSA-3vg4-6fgq-6952/GHSA-3vg4-6fgq-6952.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3vg4-6fgq-6952",
-  "modified": "2025-10-31T00:30:30Z",
+  "modified": "2025-11-06T15:31:02Z",
   "published": "2025-10-31T00:30:30Z",
   "aliases": [
     "CVE-2013-10071"
   ],
   "details": "Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting (XSS) vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/10/GHSA-49pm-cgmh-hw25/GHSA-49pm-cgmh-hw25.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-49pm-cgmh-hw25",
-  "modified": "2025-11-05T00:31:32Z",
+  "modified": "2025-11-06T15:31:02Z",
   "published": "2025-10-30T06:30:53Z",
   "aliases": [
     "CVE-2025-62229"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19623"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19909"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62229"

advisories/unreviewed/2025/10/GHSA-892r-x96w-jh76/GHSA-892r-x96w-jh76.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-892r-x96w-jh76",
-  "modified": "2025-11-05T00:31:32Z",
+  "modified": "2025-11-06T15:31:02Z",
   "published": "2025-10-30T06:30:54Z",
   "aliases": [
     "CVE-2025-62230"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19623"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19909"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62230"

advisories/unreviewed/2025/10/GHSA-8pr9-vvj4-gx32/GHSA-8pr9-vvj4-gx32.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8pr9-vvj4-gx32",
-  "modified": "2025-10-31T00:30:30Z",
+  "modified": "2025-11-06T15:31:02Z",
   "published": "2025-10-31T00:30:30Z",
   "aliases": [
     "CVE-2011-10037"
   ],
   "details": "Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of xiwindow variables used to build permalinks in the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"