github
diff --git a/‎advisories/github-reviewed/2025/09/GHSA-wp3j-xq48-xpjw/GHSA-wp3j-xq48-xpjw.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/github-reviewed/2025/09/GHSA-wp3j-xq48-xpjw/GHSA-wp3j-xq48-xpjw.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/06/GHSA-7376-x4rm-3v8x/GHSA-7376-x4rm-3v8x.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/06/GHSA-7376-x4rm-3v8x/GHSA-7376-x4rm-3v8x.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/06/GHSA-83xx-9f6p-vwfj/GHSA-83xx-9f6p-vwfj.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/06/GHSA-83xx-9f6p-vwfj/GHSA-83xx-9f6p-vwfj.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/06/GHSA-qg4c-8pj4-qgw2/GHSA-qg4c-8pj4-qgw2.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/06/GHSA-qg4c-8pj4-qgw2/GHSA-qg4c-8pj4-qgw2.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-3ff6-64wh-g4r9/GHSA-3ff6-64wh-g4r9.json‎
Lines changed: 44 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-3ff6-64wh-g4r9/GHSA-3ff6-64wh-g4r9.json‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-4354-j643-p6c7/GHSA-4354-j643-p6c7.json‎
Lines changed: 40 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-4354-j643-p6c7/GHSA-4354-j643-p6c7.json‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-45h2-9ghc-w5ff/GHSA-45h2-9ghc-w5ff.json‎
Lines changed: 36 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-45h2-9ghc-w5ff/GHSA-45h2-9ghc-w5ff.json‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-4cc8-p6r8-frcc/GHSA-4cc8-p6r8-frcc.json‎
Lines changed: 44 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-4cc8-p6r8-frcc/GHSA-4cc8-p6r8-frcc.json‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-5835-f92c-7g99/GHSA-5835-f92c-7g99.json‎
Lines changed: 40 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-5835-f92c-7g99/GHSA-5835-f92c-7g99.json‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-5j2q-wj9v-2vp4/GHSA-5j2q-wj9v-2vp4.json‎
Lines changed: 44 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-5j2q-wj9v-2vp4/GHSA-5j2q-wj9v-2vp4.json‎
Lines changed: 44 additions & 0 deletions
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wp3j-xq48-xpjw",
-  "modified": "2025-10-22T06:31:11Z",
+  "modified": "2025-10-22T09:30:18Z",
   "published": "2025-09-04T20:01:54Z",
   "aliases": [
     "CVE-2025-9566"
@@ -102,6 +102,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:16515"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:18217"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:18218"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7376-x4rm-3v8x",
-  "modified": "2025-10-22T06:31:11Z",
+  "modified": "2025-10-22T09:30:18Z",
   "published": "2025-06-09T21:30:52Z",
   "aliases": [
     "CVE-2025-5914"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:18218"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:18217"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:16524"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-83xx-9f6p-vwfj",
-  "modified": "2025-10-22T06:31:11Z",
+  "modified": "2025-10-22T09:30:18Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-49796"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:18218"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:18217"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:15828"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qg4c-8pj4-qgw2",
-  "modified": "2025-10-22T06:31:11Z",
+  "modified": "2025-10-22T09:30:18Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-49794"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:18218"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:18217"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:15828"
 
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3ff6-64wh-g4r9",
+  "modified": "2025-10-22T09:30:19Z",
+  "published": "2025-10-22T09:30:19Z",
+  "aliases": [
+    "CVE-2025-11818"
+  ],
+  "details": "The WP Responsive Meet The Team plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wprm_team' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11818"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-responsive-meet-the-team/tags/1.0.1/admin/layouts.php#L64"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wp-responsive-meet-the-team"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30d79f14-b70c-403b-9e55-66e40b18aca7?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-22T09:15:33Z"
+  }
+}
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4354-j643-p6c7",
+  "modified": "2025-10-22T09:30:19Z",
+  "published": "2025-10-22T09:30:19Z",
+  "aliases": [
+    "CVE-2025-10138"
+  ],
+  "details": "The This-or-That plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'thisorthat' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10138"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/this-or-that/trunk/this-or-that.php#L232"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22f291eb-d1f8-40d6-b020-f6364164dc40?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-22T09:15:31Z"
+  }
+}
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-45h2-9ghc-w5ff",
+  "modified": "2025-10-22T09:30:20Z",
+  "published": "2025-10-22T09:30:19Z",
+  "aliases": [
+    "CVE-2025-41109"
+  ],
+  "details": "Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot's internal router automatically assigns IP addresses to any device physically connected to it. An attacker could connect a WiFi access point under their control to gain access to the robot's network without needing the credentials for the deployed network. Once inside, the attacker can monitor all its data, as the robot runs on ROS 2 without authentication by default.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41109"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ghost-robotics-vision-60"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-798"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-22T09:15:36Z"
+  }
+}
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4cc8-p6r8-frcc",
+  "modified": "2025-10-22T09:30:19Z",
+  "published": "2025-10-22T09:30:19Z",
+  "aliases": [
+    "CVE-2025-11824"
+  ],
+  "details": "The Cinza Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cgrid_skin_content' post meta field in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11824"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/cinza-grid/tags/1.2.1/includes/backend-cpts.php#L733"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/cinza-grid/tags/1.2.1/includes/backend-shortcodes.php#L511"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9acec3df-84d6-4cea-8756-64fbb468e5e0?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-22T09:15:33Z"
+  }
+}
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5835-f92c-7g99",
+  "modified": "2025-10-22T09:30:19Z",
+  "published": "2025-10-22T09:30:19Z",
+  "aliases": [
+    "CVE-2025-11809"
+  ],
+  "details": "The WP-Force Images Download plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfid' shortcode in all versions up to, and including, 1.8. This is due to insufficient input sanitization and output escaping on the 'class' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11809"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-force-images-download/tags/1.8/wp_fid.php#L155"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07775638-270b-4424-8e2a-3ead1d752c88?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-22T09:15:32Z"
+  }
+}
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5j2q-wj9v-2vp4",
+  "modified": "2025-10-22T09:30:19Z",
+  "published": "2025-10-22T09:30:19Z",
+  "aliases": [
+    "CVE-2025-11807"
+  ],
+  "details": "The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mixlr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'url' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11807"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/mixlr-shortcode/tags/1.0.1/mixlr-shortcode.php#L30"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/mixlr-shortcode"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2771f9d4-429f-4691-a65c-073c3a3778fb?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-22T09:15:32Z"
+  }
+}