github
diff --git a/‎advisories/github-reviewed/2022/05/GHSA-rm24-25xm-9454/GHSA-rm24-25xm-9454.json‎
Lines changed: 65 additions & 0 deletions b/‎advisories/github-reviewed/2022/05/GHSA-rm24-25xm-9454/GHSA-rm24-25xm-9454.json‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎advisories/github-reviewed/2022/05/GHSA-vw57-55f8-c73q/GHSA-vw57-55f8-c73q.json‎
Lines changed: 62 additions & 0 deletions b/‎advisories/github-reviewed/2022/05/GHSA-vw57-55f8-c73q/GHSA-vw57-55f8-c73q.json‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎…-cqwv-9xh5-25fg/GHSA-cqwv-9xh5-25fg.json‎ ‎…-cqwv-9xh5-25fg/GHSA-cqwv-9xh5-25fg.json‎advisories/unreviewed/2025/10/GHSA-cqwv-9xh5-25fg/GHSA-cqwv-9xh5-25fg.json renamed to advisories/github-reviewed/2025/10/GHSA-cqwv-9xh5-25fg/GHSA-cqwv-9xh5-25fg.json
Lines changed: 38 additions & 5 deletions b/‎…-cqwv-9xh5-25fg/GHSA-cqwv-9xh5-25fg.json‎ ‎…-cqwv-9xh5-25fg/GHSA-cqwv-9xh5-25fg.json‎advisories/unreviewed/2025/10/GHSA-cqwv-9xh5-25fg/GHSA-cqwv-9xh5-25fg.json renamed to advisories/github-reviewed/2025/10/GHSA-cqwv-9xh5-25fg/GHSA-cqwv-9xh5-25fg.json
Lines changed: 38 additions & 5 deletions
diff --git a/‎advisories/unreviewed/2022/05/GHSA-rm24-25xm-9454/GHSA-rm24-25xm-9454.json‎
Lines changed: 0 additions & 29 deletions b/‎advisories/unreviewed/2022/05/GHSA-rm24-25xm-9454/GHSA-rm24-25xm-9454.json‎
Lines changed: 0 additions & 29 deletions
diff --git a/‎advisories/unreviewed/2022/05/GHSA-vw57-55f8-c73q/GHSA-vw57-55f8-c73q.json‎
Lines changed: 0 additions & 29 deletions b/‎advisories/unreviewed/2022/05/GHSA-vw57-55f8-c73q/GHSA-vw57-55f8-c73q.json‎
Lines changed: 0 additions & 29 deletions
@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rm24-25xm-9454",
+  "modified": "2025-10-22T21:58:04Z",
+  "published": "2022-05-24T17:21:02Z",
+  "aliases": [
+    "CVE-2016-11083"
+  ],
+  "summary": "Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution",
+  "details": "An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/mattermost/mattermost-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.2.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-11083"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mattermost/mattermost/commit/480308b7029a04cf41d0e9e7cd68b52dc2138e98"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/mattermost/mattermost"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mattermost.com/security-updates"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-22T21:58:04Z",
+    "nvd_published_at": "2020-06-19T20:15:00Z"
+  }
+}
@@ -0,0 +1,62 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vw57-55f8-c73q",
+  "modified": "2025-10-22T21:58:57Z",
+  "published": "2022-05-24T17:21:02Z",
+  "aliases": [
+    "CVE-2016-11084"
+  ],
+  "summary": "Mattermost Server allows XSS via CSRF",
+  "details": "An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/mattermost/mattermost-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.1.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-11084"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/mattermost/mattermost"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mattermost.com/security-updates"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352",
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-22T21:58:57Z",
+    "nvd_published_at": "2020-06-19T20:15:00Z"
+  }
+}
@@ -1,24 +1,57 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cqwv-9xh5-25fg",
-  "modified": "2025-10-22T21:31:34Z",
+  "modified": "2025-10-22T21:59:42Z",
   "published": "2025-10-22T21:31:34Z",
   "aliases": [
     "CVE-2025-62247"
   ],
+  "summary": "Liferay Portal and DXP are Missing Authorization in Collection Provider",
   "details": "Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 allows instance users to read and select unauthorized Blueprints through the Collection Providers across instances.",
   "severity": [
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "com.liferay:com.liferay.search.experiences.service"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.0.84"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "affected": [],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62247"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/liferay/liferay-portal/commit/019d703943ef58fb7bd3f30fe680c02c2756f86b"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/liferay/liferay-portal"
+    },
+    {
+      "type": "WEB",
+      "url": "https://liferay.atlassian.net/browse/LPE-18297"
+    },
     {
       "type": "WEB",
       "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62247"
@@ -29,8 +62,8 @@
       "CWE-862"
     ],
     "severity": "LOW",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-22T21:59:41Z",
     "nvd_published_at": "2025-10-22T20:15:37Z"
   }
 }