Publish Advisories

GHSA-h63q-2463-x5hq
GHSA-hh36-fjhw-7fj3
GHSA-3fh9-jhg5-xch9
GHSA-5jj4-7gh8-3j9x
GHSA-7vh4-842v-rgxg
GHSA-7vhr-jxp7-33h3
GHSA-8267-hc98-7hgr
GHSA-cg85-crjc-jm7h
GHSA-hp6r-r9vc-q8wx
GHSA-m765-p4wm-gj85
GHSA-mvgw-frm8-7wwj
GHSA-qf8c-9wm3-3mmr
GHSA-w9g8-pq43-7qm5
GHSA-x46c-mj5p-7mww
GHSA-x55m-xqmm-wff4

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-h63q-2463-x5hq/GHSA-h63q-2463-x5hq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h63q-2463-x5hq",
-  "modified": "2022-05-14T01:02:41Z",
+  "modified": "2025-12-19T06:30:27Z",
   "published": "2022-05-14T01:02:41Z",
   "aliases": [
     "CVE-2019-3863"
@@ -51,6 +51,10 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O"
@@ -86,6 +90,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-190",
       "CWE-787"
     ],
     "severity": "HIGH",

advisories/unreviewed/2025/11/GHSA-hh36-fjhw-7fj3/GHSA-hh36-fjhw-7fj3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hh36-fjhw-7fj3",
-  "modified": "2025-11-23T18:30:27Z",
+  "modified": "2025-12-19T06:30:27Z",
   "published": "2025-11-23T18:30:27Z",
   "aliases": [
     "CVE-2025-54515"

advisories/unreviewed/2025/12/GHSA-3fh9-jhg5-xch9/GHSA-3fh9-jhg5-xch9.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3fh9-jhg5-xch9",
+  "modified": "2025-12-19T06:30:27Z",
+  "published": "2025-12-19T06:30:27Z",
+  "aliases": [
+    "CVE-2025-68485"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68485"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-19T04:16:01Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-5jj4-7gh8-3j9x/GHSA-5jj4-7gh8-3j9x.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5jj4-7gh8-3j9x",
+  "modified": "2025-12-19T06:30:27Z",
+  "published": "2025-12-19T06:30:27Z",
+  "aliases": [
+    "CVE-2025-68483"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68483"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-19T04:16:01Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-7vh4-842v-rgxg/GHSA-7vh4-842v-rgxg.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7vh4-842v-rgxg",
+  "modified": "2025-12-19T06:30:27Z",
+  "published": "2025-12-19T06:30:27Z",
+  "aliases": [
+    "CVE-2025-14939"
+  ],
+  "details": "A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument managername results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14939"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/wegitlab/cve/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.337519"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.337519"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.715796"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-19T04:16:00Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-7vhr-jxp7-33h3/GHSA-7vhr-jxp7-33h3.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7vhr-jxp7-33h3",
+  "modified": "2025-12-19T06:30:27Z",
+  "published": "2025-12-19T06:30:27Z",
+  "aliases": [
+    "CVE-2025-13307"
+  ],
+  "details": "The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set (edit_pages capability). The conditions are then executed as part of an eval statement executed on every site page. This leads to remote code execution.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13307"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/710de342-6fb9-47bd-a40b-7b74fc3c181b"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-19T06:15:50Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-8267-hc98-7hgr/GHSA-8267-hc98-7hgr.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8267-hc98-7hgr",
+  "modified": "2025-12-19T06:30:27Z",
+  "published": "2025-12-19T06:30:27Z",
+  "aliases": [
+    "CVE-2025-68491"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68491"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-19T04:16:02Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-cg85-crjc-jm7h/GHSA-cg85-crjc-jm7h.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cg85-crjc-jm7h",
+  "modified": "2025-12-19T06:30:27Z",
+  "published": "2025-12-19T06:30:27Z",
+  "aliases": [
+    "CVE-2025-68489"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68489"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-19T04:16:02Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-hp6r-r9vc-q8wx/GHSA-hp6r-r9vc-q8wx.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hp6r-r9vc-q8wx",
+  "modified": "2025-12-19T06:30:27Z",
+  "published": "2025-12-19T06:30:27Z",
+  "aliases": [
+    "CVE-2025-14546"
+  ],
+  "details": "Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery (CSRF) due to the improper validation of the OAuth state parameter during the authentication callback. While the get_login_url method allows for state generation, it does not persist the state or bind it to the user's session. Consequently, the verify_and_process method accepts the state received in the query parameters without verifying it against a trusted local value. This allows a remote attacker to trick a victim into visiting a malicious callback URL, which can result in the attacker's account being linked to the victim's internal account.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14546"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tomasvotava/fastapi-sso/issues/266"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tomasvotava/fastapi-sso/commit/6117d1a5ad498ba57d671e8a059ebe20db5abe02"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.snyk.io/vuln/SNYK-PYTHON-FASTAPISSO-14386403"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-19T05:16:09Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-m765-p4wm-gj85/GHSA-m765-p4wm-gj85.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m765-p4wm-gj85",
+  "modified": "2025-12-19T06:30:27Z",
+  "published": "2025-12-19T06:30:27Z",
+  "aliases": [
+    "CVE-2025-68488"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68488"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-19T04:16:01Z"
+  }
+}