github
diff --git a/‎advisories/unreviewed/2025/06/GHSA-f9p6-9wvr-9crm/GHSA-f9p6-9wvr-9crm.json‎
Lines changed: 2 additions & 1 deletion b/‎advisories/unreviewed/2025/06/GHSA-f9p6-9wvr-9crm/GHSA-f9p6-9wvr-9crm.json‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/07/GHSA-62hm-rhvj-5p55/GHSA-62hm-rhvj-5p55.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/07/GHSA-62hm-rhvj-5p55/GHSA-62hm-rhvj-5p55.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/07/GHSA-69p8-9933-rxvc/GHSA-69p8-9933-rxvc.json‎
Lines changed: 8 additions & 3 deletions b/‎advisories/unreviewed/2025/07/GHSA-69p8-9933-rxvc/GHSA-69p8-9933-rxvc.json‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎advisories/unreviewed/2025/07/GHSA-8xm2-h3q7-588p/GHSA-8xm2-h3q7-588p.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/07/GHSA-8xm2-h3q7-588p/GHSA-8xm2-h3q7-588p.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/07/GHSA-rpxc-pcjp-7jp2/GHSA-rpxc-pcjp-7jp2.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/07/GHSA-rpxc-pcjp-7jp2/GHSA-rpxc-pcjp-7jp2.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/09/GHSA-474c-936g-hq79/GHSA-474c-936g-hq79.json‎
Lines changed: 1 addition & 0 deletions b/‎advisories/unreviewed/2025/09/GHSA-474c-936g-hq79/GHSA-474c-936g-hq79.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎advisories/unreviewed/2025/11/GHSA-27wj-qvh3-g73h/GHSA-27wj-qvh3-g73h.json‎
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/11/GHSA-27wj-qvh3-g73h/GHSA-27wj-qvh3-g73h.json‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎advisories/unreviewed/2025/11/GHSA-3cxr-ph5g-jc8j/GHSA-3cxr-ph5g-jc8j.json‎
Lines changed: 2 additions & 1 deletion b/‎advisories/unreviewed/2025/11/GHSA-3cxr-ph5g-jc8j/GHSA-3cxr-ph5g-jc8j.json‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/11/GHSA-5j4g-4f5r-cc5q/GHSA-5j4g-4f5r-cc5q.json‎
Lines changed: 52 additions & 0 deletions b/‎advisories/unreviewed/2025/11/GHSA-5j4g-4f5r-cc5q/GHSA-5j4g-4f5r-cc5q.json‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/11/GHSA-622j-2666-j97g/GHSA-622j-2666-j97g.json‎
Lines changed: 52 additions & 0 deletions b/‎advisories/unreviewed/2025/11/GHSA-622j-2666-j97g/GHSA-622j-2666-j97g.json‎
Lines changed: 52 additions & 0 deletions
@@ -38,7 +38,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-20"
+      "CWE-20",
+      "CWE-78"
     ],
     "severity": "CRITICAL",
     "github_reviewed": false,
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-62hm-rhvj-5p55",
-  "modified": "2025-07-10T09:32:29Z",
+  "modified": "2025-11-20T00:31:20Z",
   "published": "2025-07-10T09:32:29Z",
   "aliases": [
     "CVE-2025-38278"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback\n\nThis patch addresses below issues,\n\n1. Active traffic on the leaf node must be stopped before its send queue\n   is reassigned to the parent. This patch resolves the issue by marking\n   the node as 'Inner'.\n\n2. During a system reboot, the interface receives TC_HTB_LEAF_DEL\n   and TC_HTB_LEAF_DEL_LAST callbacks to delete its HTB queues.\n   In the case of TC_HTB_LEAF_DEL_LAST, although the same send queue\n   is reassigned to the parent, the current logic still attempts to update\n   the real number of queues, leadning to below warnings\n\n        New queues can't be registered after device unregistration.\n        WARNING: CPU: 0 PID: 6475 at net/core/net-sysfs.c:1714\n        netdev_queue_update_kobjects+0x1e4/0x200",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:26Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-69p8-9933-rxvc",
-  "modified": "2025-07-10T09:32:29Z",
+  "modified": "2025-11-20T00:31:20Z",
   "published": "2025-07-10T09:32:29Z",
   "aliases": [
     "CVE-2025-38283"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: bugfix live migration function without VF device driver\n\nIf the VF device driver is not loaded in the Guest OS and we attempt to\nperform device data migration, the address of the migrated data will\nbe NULL.\nThe live migration recovery operation on the destination side will\naccess a null address value, which will cause access errors.\n\nTherefore, live migration of VMs without added VF device drivers\ndoes not require device data migration.\nIn addition, when the queue address data obtained by the destination\nis empty, device queue recovery processing will not be performed.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -33,7 +38,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:26Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8xm2-h3q7-588p",
-  "modified": "2025-07-10T09:32:29Z",
+  "modified": "2025-11-20T00:31:20Z",
   "published": "2025-07-10T09:32:29Z",
   "aliases": [
     "CVE-2025-38281"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: Add NULL check in mt7996_thermal_init\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt7996_thermal_init() is not checked.\nAdd NULL check in mt7996_thermal_init(), to handle kernel NULL\npointer dereference error.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:26Z"
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rpxc-pcjp-7jp2",
-  "modified": "2025-07-10T09:32:28Z",
+  "modified": "2025-11-20T00:31:20Z",
   "published": "2025-07-10T09:32:28Z",
   "aliases": [
     "CVE-2025-38276"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/dax: Fix \"don't skip locked entries when scanning entries\"\n\nCommit 6be3e21d25ca (\"fs/dax: don't skip locked entries when scanning\nentries\") introduced a new function, wait_entry_unlocked_exclusive(),\nwhich waits for the current entry to become unlocked without advancing\nthe XArray iterator state.\n\nWaiting for the entry to become unlocked requires dropping the XArray\nlock. This requires calling xas_pause() prior to dropping the lock\nwhich leaves the xas in a suitable state for the next iteration. However\nthis has the side-effect of advancing the xas state to the next index.\nNormally this isn't an issue because xas_for_each() contains code to\ndetect this state and thus avoid advancing the index a second time on\nthe next loop iteration.\n\nHowever both callers of and wait_entry_unlocked_exclusive() itself\nsubsequently use the xas state to reload the entry. As xas_pause()\nupdated the state to the next index this will cause the current entry\nwhich is being waited on to be skipped. This caused the following\nwarning to fire intermittently when running xftest generic/068 on an XFS\nfilesystem with FS DAX enabled:\n\n[   35.067397] ------------[ cut here ]------------\n[   35.068229] WARNING: CPU: 21 PID: 1640 at mm/truncate.c:89 truncate_folio_batch_exceptionals+0xd8/0x1e0\n[   35.069717] Modules linked in: nd_pmem dax_pmem nd_btt nd_e820 libnvdimm\n[   35.071006] CPU: 21 UID: 0 PID: 1640 Comm: fstest Not tainted 6.15.0-rc7+ #77 PREEMPT(voluntary)\n[   35.072613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/204\n[   35.074845] RIP: 0010:truncate_folio_batch_exceptionals+0xd8/0x1e0\n[   35.075962] Code: a1 00 00 00 f6 47 0d 20 0f 84 97 00 00 00 4c 63 e8 41 39 c4 7f 0b eb 61 49 83 c5 01 45 39 ec 7e 58 42 f68\n[   35.079522] RSP: 0018:ffffb04e426c7850 EFLAGS: 00010202\n[   35.080359] RAX: 0000000000000000 RBX: ffff9d21e3481908 RCX: ffffb04e426c77f4\n[   35.081477] RDX: ffffb04e426c79e8 RSI: ffffb04e426c79e0 RDI: ffff9d21e34816e8\n[   35.082590] RBP: ffffb04e426c79e0 R08: 0000000000000001 R09: 0000000000000003\n[   35.083733] R10: 0000000000000000 R11: 822b53c0f7a49868 R12: 000000000000001f\n[   35.084850] R13: 0000000000000000 R14: ffffb04e426c78e8 R15: fffffffffffffffe\n[   35.085953] FS:  00007f9134c87740(0000) GS:ffff9d22abba0000(0000) knlGS:0000000000000000\n[   35.087346] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   35.088244] CR2: 00007f9134c86000 CR3: 000000040afff000 CR4: 00000000000006f0\n[   35.089354] Call Trace:\n[   35.089749]  <TASK>\n[   35.090168]  truncate_inode_pages_range+0xfc/0x4d0\n[   35.091078]  truncate_pagecache+0x47/0x60\n[   35.091735]  xfs_setattr_size+0xc7/0x3e0\n[   35.092648]  xfs_vn_setattr+0x1ea/0x270\n[   35.093437]  notify_change+0x1f4/0x510\n[   35.094219]  ? do_truncate+0x97/0xe0\n[   35.094879]  do_truncate+0x97/0xe0\n[   35.095640]  path_openat+0xabd/0xca0\n[   35.096278]  do_filp_open+0xd7/0x190\n[   35.096860]  do_sys_openat2+0x8a/0xe0\n[   35.097459]  __x64_sys_openat+0x6d/0xa0\n[   35.098076]  do_syscall_64+0xbb/0x1d0\n[   35.098647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[   35.099444] RIP: 0033:0x7f9134d81fc1\n[   35.100033] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 2a 26 0e 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff5\n[   35.102993] RSP: 002b:00007ffcd41e0d10 EFLAGS: 00000202 ORIG_RAX: 0000000000000101\n[   35.104263] RAX: ffffffffffffffda RBX: 0000000000000242 RCX: 00007f9134d81fc1\n[   35.105452] RDX: 0000000000000242 RSI: 00007ffcd41e1200 RDI: 00000000ffffff9c\n[   35.106663] RBP: 00007ffcd41e1200 R08: 0000000000000000 R09: 0000000000000064\n[   35.107923] R10: 00000000000001a4 R11: 0000000000000202 R12: 0000000000000066\n[   35.109112] R13: 0000000000100000 R14: 0000000000100000 R15: 0000000000000400\n[   35.110357]  </TASK>\n[   35.110769] irq event stamp: 8415587\n[   35.111486] hardirqs last  enabled at (8415599): [<ffffffff8d74b562>] __up_console_se\n---truncated---",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-10T08:15:25Z"
 
@@ -26,6 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-121",
       "CWE-94"
     ],
     "severity": "HIGH",
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-27wj-qvh3-g73h",
-  "modified": "2025-11-19T18:31:19Z",
+  "modified": "2025-11-20T00:31:21Z",
   "published": "2025-11-19T18:31:19Z",
   "aliases": [
     "CVE-2025-63878"
   ],
   "details": "Github Restaurant Website Restoran v1.0 was discovered to contain a SQL injection vulnerability via the Contact Form page.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-19T16:15:49Z"
 
@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-89"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,
 
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5j4g-4f5r-cc5q",
+  "modified": "2025-11-20T00:31:21Z",
+  "published": "2025-11-20T00:31:21Z",
+  "aliases": [
+    "CVE-2025-13422"
+  ],
+  "details": "A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13422"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/f14g-orz/CVE/issues/10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.332944"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.332944"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.696004"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-20T00:15:50Z"
+  }
+}
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-622j-2666-j97g",
+  "modified": "2025-11-20T00:31:21Z",
+  "published": "2025-11-20T00:31:21Z",
+  "aliases": [
+    "CVE-2025-13415"
+  ],
+  "details": "A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13415"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/icret/EasyImages2.0/issues/260"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.332940"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.332940"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.693732"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-19T22:16:03Z"
+  }
+}