Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/12/GHSA-3957-4jhv-xcc7/GHSA-3957-4jhv-xcc7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3957-4jhv-xcc7",
-  "modified": "2022-12-19T18:30:25Z",
+  "modified": "2025-12-15T21:30:26Z",
   "published": "2022-12-13T18:30:25Z",
   "aliases": [
     "CVE-2022-4455"
@@ -11,6 +11,10 @@
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
   "affected": [],
@@ -23,6 +27,10 @@
       "type": "WEB",
       "url": "https://github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809"
     },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.215445"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?id.215445"

advisories/unreviewed/2024/05/GHSA-67qr-5c5h-vwr4/GHSA-67qr-5c5h-vwr4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-67qr-5c5h-vwr4",
-  "modified": "2024-06-26T00:31:42Z",
+  "modified": "2025-12-15T21:30:27Z",
   "published": "2024-05-17T15:31:10Z",
   "aliases": [
     "CVE-2024-35813"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid negative index with array access\n\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\nprev_idata = idatas[i - 1], but doesn't check that the iterator i is\ngreater than zero. Let's fix this by adding a check.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -53,7 +58,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-05-17T14:15:15Z"

advisories/unreviewed/2024/05/GHSA-w6jm-4gmf-c963/GHSA-w6jm-4gmf-c963.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w6jm-4gmf-c963",
-  "modified": "2024-06-27T15:30:39Z",
+  "modified": "2025-12-15T21:30:27Z",
   "published": "2024-05-17T15:31:10Z",
   "aliases": [
     "CVE-2024-35815"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion\n\nThe first kiocb_set_cancel_fn() argument may point at a struct kiocb\nthat is not embedded inside struct aio_kiocb. With the current code,\ndepending on the compiler, the req->ki_ctx read happens either before\nthe IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such\nthat it is guaranteed that the IOCB_AIO_RW test happens first.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -57,7 +62,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-05-17T14:15:16Z"

advisories/unreviewed/2024/12/GHSA-5qg8-89vj-3364/GHSA-5qg8-89vj-3364.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5qg8-89vj-3364",
-  "modified": "2025-11-03T21:32:02Z",
+  "modified": "2025-12-15T21:30:27Z",
   "published": "2024-12-28T12:30:48Z",
   "aliases": [
     "CVE-2024-56705"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: atomisp: Add check for rgby_data memory allocation failure\n\nIn ia_css_3a_statistics_allocate(), there is no check on the allocation\nresult of the rgby_data memory. If rgby_data is not successfully\nallocated, it may trigger the assert(host_stats->rgby_data) assertion in\nia_css_s3a_hmem_decode(). Adding a check to fix this potential issue.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-617"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-12-28T10:15:19Z"

advisories/unreviewed/2025/01/GHSA-89xc-2h7r-qc62/GHSA-89xc-2h7r-qc62.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-89xc-2h7r-qc62",
-  "modified": "2025-01-15T18:30:58Z",
+  "modified": "2025-12-15T21:30:27Z",
   "published": "2025-01-15T18:30:58Z",
   "aliases": [
     "CVE-2025-0502"
   ],
   "details": "Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/02/GHSA-q2vf-jq2x-689c/GHSA-q2vf-jq2x-689c.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-287"
+      "CWE-287",
+      "CWE-522"
     ],
     "severity": "CRITICAL",
     "github_reviewed": false,

advisories/unreviewed/2025/05/GHSA-cxvm-398v-rmfg/GHSA-cxvm-398v-rmfg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cxvm-398v-rmfg",
-  "modified": "2025-05-29T21:31:37Z",
+  "modified": "2025-12-15T21:30:27Z",
   "published": "2025-05-29T21:31:37Z",
   "aliases": [
     "CVE-2025-4967"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-2-patch"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-3-patch"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/12/GHSA-28pf-c23w-fjrm/GHSA-28pf-c23w-fjrm.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-28pf-c23w-fjrm",
+  "modified": "2025-12-15T21:30:32Z",
+  "published": "2025-12-15T21:30:32Z",
+  "aliases": [
+    "CVE-2023-53882"
+  ],
+  "details": "JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53882"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jlexart.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/51647"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/jlex-guestbook-reflected-cross-site-scripting-via-url-parameter"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-15T21:15:51Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2fph-m3pw-66wp/GHSA-2fph-m3pw-66wp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2fph-m3pw-66wp",
-  "modified": "2025-12-11T21:31:33Z",
+  "modified": "2025-12-15T21:30:29Z",
   "published": "2025-12-11T21:31:33Z",
   "aliases": [
     "CVE-2025-13214"

advisories/unreviewed/2025/12/GHSA-2fqj-v35v-q68v/GHSA-2fqj-v35v-q68v.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2fqj-v35v-q68v",
+  "modified": "2025-12-15T21:30:31Z",
+  "published": "2025-12-15T21:30:31Z",
+  "aliases": [
+    "CVE-2023-38913"
+  ],
+  "details": "SQL injection vulnerability in anirbandutta9 NEWS-BUZZ v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38913"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/nguyenkhanhthuan/03ce706686508b14506d38788c754dfb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ThuanNguyen115685/Report/blob/main/sqlinjection.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-15T21:15:48Z"
+  }
+}