Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 5c7d4b21ca5d · 2025-10-22T19:29:53.000Z
GHSA-6jj6-gm7p-fcvv GHSA-2p6p-9rc9-62j9 GHSA-x684-96hh-833x GHSA-83qj-6fr2-vhqg GHSA-mrrh-fwg8-r2c3 GHSA-hcrc-79hj-m3qh
diff --git a/advisories/github-reviewed/2024/07/GHSA-6jj6-gm7p-fcvv/GHSA-6jj6-gm7p-fcvv.json b/advisories/github-reviewed/2024/07/GHSA-6jj6-gm7p-fcvv/GHSA-6jj6-gm7p-fcvv.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6jj6-gm7p-fcvv",
-  "modified": "2025-03-19T14:56:08Z",
+  "modified": "2025-10-22T19:25:52Z",
   "published": "2024-07-01T20:34:50Z",
   "aliases": [
     "CVE-2024-36401"
@@ -11,11 +11,11 @@
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
     },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"
     }
   ],
   "affected": [
@@ -277,6 +277,10 @@
       "type": "WEB",
       "url": "https://osgeo-org.atlassian.net/browse/GEOT-7587"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-36401"
+    },
     {
       "type": "WEB",
       "url": "https://www.vicarius.io/vsociety/posts/geoserver-rce-cve-2024-36401"
diff --git a/advisories/github-reviewed/2024/12/GHSA-2p6p-9rc9-62j9/GHSA-2p6p-9rc9-62j9.json b/advisories/github-reviewed/2024/12/GHSA-2p6p-9rc9-62j9/GHSA-2p6p-9rc9-62j9.json
@@ -1,17 +1,21 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2p6p-9rc9-62j9",
-  "modified": "2025-05-30T16:41:53Z",
+  "modified": "2025-10-22T19:26:43Z",
   "published": "2024-12-18T19:47:26Z",
   "aliases": [
     "CVE-2024-56145"
   ],
   "summary": "Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled",
   "details": "### Impact\nYou are affected if your php.ini configuration has `register_argc_argv` enabled.\n\n### Patches\nUpdate to 3.9.14, 4.13.2, or 5.5.2.\n\n### Workarounds\nIf you can't upgrade yet, and `register_argc_argv` is enabled, you can disable it to mitigate the issue.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
+    },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"
     }
   ],
   "affected": [
@@ -93,6 +97,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/craftcms/cms"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-56145"
     }
   ],
   "database_specific": {
diff --git a/advisories/github-reviewed/2025/01/GHSA-x684-96hh-833x/GHSA-x684-96hh-833x.json b/advisories/github-reviewed/2025/01/GHSA-x684-96hh-833x/GHSA-x684-96hh-833x.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x684-96hh-833x",
-  "modified": "2025-01-21T19:48:38Z",
+  "modified": "2025-10-22T19:27:25Z",
   "published": "2025-01-21T19:48:38Z",
   "aliases": [
     "CVE-2025-23209"
@@ -11,7 +11,7 @@
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:H"
     }
   ],
   "affected": [
@@ -77,6 +77,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/craftcms/cms"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23209"
     }
   ],
   "database_specific": {
diff --git a/advisories/github-reviewed/2025/03/GHSA-83qj-6fr2-vhqg/GHSA-83qj-6fr2-vhqg.json b/advisories/github-reviewed/2025/03/GHSA-83qj-6fr2-vhqg/GHSA-83qj-6fr2-vhqg.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-83qj-6fr2-vhqg",
-  "modified": "2025-08-08T18:49:37Z",
+  "modified": "2025-10-22T19:28:20Z",
   "published": "2025-03-10T18:31:56Z",
   "aliases": [
     "CVE-2025-24813"
@@ -11,11 +11,11 @@
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
     },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"
     }
   ],
   "affected": [
@@ -209,6 +209,10 @@
       "type": "WEB",
       "url": "https://security.netapp.com/advisory/ntap-20250321-0001"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24813"
+    },
     {
       "type": "WEB",
       "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24813-detect-apache-tomcat-rce"
diff --git a/advisories/github-reviewed/2025/03/GHSA-mrrh-fwg8-r2c3/GHSA-mrrh-fwg8-r2c3.json b/advisories/github-reviewed/2025/03/GHSA-mrrh-fwg8-r2c3/GHSA-mrrh-fwg8-r2c3.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mrrh-fwg8-r2c3",
-  "modified": "2025-03-24T14:23:37Z",
+  "modified": "2025-10-22T19:29:00Z",
   "published": "2025-03-15T06:30:34Z",
   "aliases": [
     "CVE-2025-30066"
@@ -11,7 +11,7 @@
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:H"
     }
   ],
   "affected": [
@@ -77,36 +77,44 @@
     },
     {
       "type": "WEB",
-      "url": "https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066"
+      "url": "https://sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066"
     },
     {
       "type": "WEB",
-      "url": "https://www.sweet.security/blog/cve-2025-30066-tj-actions-supply-chain-attack"
+      "url": "https://web.archive.org/web/20250315060250/https://github.com/tj-actions/changed-files/issues/2463"
     },
     {
       "type": "WEB",
-      "url": "https://www.stream.security/post/github-action-supply-chain-attack-exposes-secrets-what-you-need-to-know-and-how-to-respond"
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30066"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066"
     },
     {
       "type": "WEB",
       "url": "https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised"
     },
     {
       "type": "WEB",
-      "url": "https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066"
+      "url": "https://www.stream.security/post/github-action-supply-chain-attack-exposes-secrets-what-you-need-to-know-and-how-to-respond"
     },
     {
       "type": "WEB",
-      "url": "https://web.archive.org/web/20250315060250/https://github.com/tj-actions/changed-files/issues/2463"
+      "url": "https://www.sweet.security/blog/cve-2025-30066-tj-actions-supply-chain-attack"
     },
     {
       "type": "WEB",
-      "url": "https://sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066"
+      "url": "https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066"
     },
     {
       "type": "WEB",
       "url": "https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised"
     },
+    {
+      "type": "WEB",
+      "url": "https://news.ycombinator.com/item?id=43368870"
+    },
     {
       "type": "WEB",
       "url": "https://news.ycombinator.com/item?id=43367987"
diff --git a/advisories/github-reviewed/2025/04/GHSA-hcrc-79hj-m3qh/GHSA-hcrc-79hj-m3qh.json b/advisories/github-reviewed/2025/04/GHSA-hcrc-79hj-m3qh/GHSA-hcrc-79hj-m3qh.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hcrc-79hj-m3qh",
-  "modified": "2025-04-22T16:53:39Z",
+  "modified": "2025-10-22T19:27:44Z",
   "published": "2025-04-22T16:53:39Z",
   "aliases": [
     "CVE-2025-24016"
@@ -11,7 +11,7 @@
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H"
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H/E:H"
     }
   ],
   "affected": [
@@ -47,6 +47,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/wazuh/wazuh"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24016"
     }
   ],
   "database_specific": {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-x684-96hh-833x",`
`4`		`- "modified": "2025-01-21T19:48:38Z",`
	`4`	`+ "modified": "2025-10-22T19:27:25Z",`
`5`	`5`	`"published": "2025-01-21T19:48:38Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2025-23209"`
`@@ -11,7 +11,7 @@`
`11`	`11`	`"severity": [`
`12`	`12`	`{`
`13`	`13`	`"type": "CVSS_V3",`
`14`		`- "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"`
	`14`	`+ "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:H"`
`15`	`15`	`}`
`16`	`16`	`],`
`17`	`17`	`"affected": [`
`@@ -77,6 +77,10 @@`
`77`	`77`	`{`
`78`	`78`	`"type": "PACKAGE",`
`79`	`79`	`"url": "https://github.com/craftcms/cms"`
	`80`	`+ },`
	`81`	`+ {`
	`82`	`+ "type": "WEB",`
	`83`	`+ "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23209"`
`80`	`84`	`}`
`81`	`85`	`],`
`82`	`86`	`"database_specific": {`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-hcrc-79hj-m3qh",`
`4`		`- "modified": "2025-04-22T16:53:39Z",`
	`4`	`+ "modified": "2025-10-22T19:27:44Z",`
`5`	`5`	`"published": "2025-04-22T16:53:39Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2025-24016"`
`@@ -11,7 +11,7 @@`
`11`	`11`	`"severity": [`
`12`	`12`	`{`
`13`	`13`	`"type": "CVSS_V3",`
`14`		`- "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H"`
	`14`	`+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H/E:H"`
`15`	`15`	`}`
`16`	`16`	`],`
`17`	`17`	`"affected": [`
`@@ -47,6 +47,10 @@`
`47`	`47`	`{`
`48`	`48`	`"type": "PACKAGE",`
`49`	`49`	`"url": "https://github.com/wazuh/wazuh"`
	`50`	`+ },`
	`51`	`+ {`
	`52`	`+ "type": "WEB",`
	`53`	`+ "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24016"`
`50`	`54`	`}`
`51`	`55`	`],`
`52`	`56`	`"database_specific": {`