Publish Advisories

GHSA-pg8v-g4xq-hww9
GHSA-wc69-rhjr-hc9g
GHSA-hwq7-5vv9-c6cf
GHSA-vg46-2rrj-3647
GHSA-562r-vg33-8x8h
GHSA-228g-948r-83gx
GHSA-486f-hjj9-9vhh
GHSA-hcpj-qp55-gfph

Author: advisory-database[bot]

advisories/github-reviewed/2022/06/GHSA-pg8v-g4xq-hww9/GHSA-pg8v-g4xq-hww9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pg8v-g4xq-hww9",
-  "modified": "2022-07-07T17:13:54Z",
+  "modified": "2025-11-04T16:39:03Z",
   "published": "2022-06-25T00:00:54Z",
   "aliases": [
     "CVE-2022-32209"
@@ -64,6 +64,10 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH"

advisories/github-reviewed/2022/07/GHSA-wc69-rhjr-hc9g/GHSA-wc69-rhjr-hc9g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wc69-rhjr-hc9g",
-  "modified": "2022-09-14T19:29:44Z",
+  "modified": "2025-11-04T16:38:46Z",
   "published": "2022-07-06T18:38:49Z",
   "aliases": [
     "CVE-2022-31129"
@@ -84,36 +84,56 @@
       "url": "https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3"
     },
     {
-      "type": "PACKAGE",
-      "url": "https://github.com/moment/moment"
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20241108-0002"
     },
     {
       "type": "WEB",
-      "url": "https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633"
+      "url": "https://security.netapp.com/advisory/ntap-20221014-0003"
     },
     {
       "type": "WEB",
-      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html"
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO"
     },
     {
       "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q"
+      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5"
     },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O"
     },
     {
       "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5"
+      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q"
     },
     {
       "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO"
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO"
     },
     {
       "type": "WEB",
-      "url": "https://security.netapp.com/advisory/ntap-20221014-0003"
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/moment/moment"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2022/09/GHSA-hwq7-5vv9-c6cf/GHSA-hwq7-5vv9-c6cf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hwq7-5vv9-c6cf",
-  "modified": "2022-09-16T21:59:38Z",
+  "modified": "2025-11-04T16:39:18Z",
   "published": "2022-09-16T00:00:39Z",
   "aliases": [
     "CVE-2018-25047"
@@ -91,6 +91,10 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00002.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html"
+    },
     {
       "type": "WEB",
       "url": "https://security.gentoo.org/glsa/202209-09"

advisories/github-reviewed/2022/10/GHSA-vg46-2rrj-3647/GHSA-vg46-2rrj-3647.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vg46-2rrj-3647",
-  "modified": "2024-11-25T19:26:05Z",
+  "modified": "2025-11-04T16:39:47Z",
   "published": "2022-10-26T22:08:39Z",
   "aliases": [
     "CVE-2022-39348"
@@ -64,6 +64,10 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html"
+    },
     {
       "type": "WEB",
       "url": "https://security.gentoo.org/glsa/202301-02"

advisories/github-reviewed/2022/11/GHSA-562r-vg33-8x8h/GHSA-562r-vg33-8x8h.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-562r-vg33-8x8h",
-  "modified": "2024-03-29T15:42:58Z",
+  "modified": "2025-11-04T16:39:34Z",
   "published": "2022-11-23T22:17:25Z",
   "aliases": [
     "CVE-2022-41946"
@@ -113,6 +113,10 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00017.html"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD"

advisories/github-reviewed/2022/12/GHSA-228g-948r-83gx/GHSA-228g-948r-83gx.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-228g-948r-83gx",
-  "modified": "2023-09-14T16:20:05Z",
+  "modified": "2025-11-04T16:40:51Z",
   "published": "2022-12-13T17:39:36Z",
   "aliases": [
     "CVE-2022-23515"
@@ -71,6 +71,10 @@
     {
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00044.html"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2022/12/GHSA-486f-hjj9-9vhh/GHSA-486f-hjj9-9vhh.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-486f-hjj9-9vhh",
-  "modified": "2022-12-13T17:36:28Z",
+  "modified": "2025-11-04T16:40:28Z",
   "published": "2022-12-13T17:36:28Z",
   "aliases": [
     "CVE-2022-23514"
   ],
   "summary": "Inefficient Regular Expression Complexity in Loofah",
-  "details": "## Summary\n\nLoofah `< 2.19.1` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption.\n\n\n## Mitigation\n\nUpgrade to Loofah `>= 2.19.1`.\n\n\n## Severity\n\nThe Loofah maintainers have evaluated this as [High Severity 7.5 (CVSS3.1)](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n\n## References\n\n- [CWE - CWE-1333: Inefficient Regular Expression Complexity (4.9)](https://cwe.mitre.org/data/definitions/1333.html)\n- https://hackerone.com/reports/1684163\n\n\n## Credit\n\nThis vulnerability was responsibly reported by @ooooooo-q (https://github.com/ooooooo-q).\n",
+  "details": "## Summary\n\nLoofah `< 2.19.1` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption.\n\n\n## Mitigation\n\nUpgrade to Loofah `>= 2.19.1`.\n\n\n## Severity\n\nThe Loofah maintainers have evaluated this as [High Severity 7.5 (CVSS3.1)](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n\n## References\n\n- [CWE - CWE-1333: Inefficient Regular Expression Complexity (4.9)](https://cwe.mitre.org/data/definitions/1333.html)\n- https://hackerone.com/reports/1684163\n\n\n## Credit\n\nThis vulnerability was responsibly reported by @ooooooo-q (https://github.com/ooooooo-q).",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -63,6 +63,10 @@
     {
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00044.html"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2022/12/GHSA-hcpj-qp55-gfph/GHSA-hcpj-qp55-gfph.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hcpj-qp55-gfph",
-  "modified": "2024-11-18T16:26:28Z",
+  "modified": "2025-11-04T16:40:11Z",
   "published": "2022-12-06T06:30:17Z",
   "aliases": [
     "CVE-2022-24439"
@@ -95,6 +95,10 @@
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00030.html"
+    },
     {
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00024.html"