Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit b563e351e260 · 2025-11-27T09:03:06.000Z
GHSA-66jq-2c23-2xh5 GHSA-675q-66gf-gqg8 GHSA-68q5-78xp-cwwc GHSA-7j46-f57w-76pj GHSA-8frv-q972-9rq5 GHSA-g9gq-3pfx-2gw2 GHSA-m95p-425x-x889 GHSA-w66h-j855-qr72 GHSA-x6vr-q3vf-vqgq GHSA-xv5p-fjw5-vrj6
diff --git a/advisories/github-reviewed/2025/11/GHSA-66jq-2c23-2xh5/GHSA-66jq-2c23-2xh5.json b/advisories/github-reviewed/2025/11/GHSA-66jq-2c23-2xh5/GHSA-66jq-2c23-2xh5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-66jq-2c23-2xh5",
-  "modified": "2025-11-25T20:40:14Z",
+  "modified": "2025-11-27T09:00:52Z",
   "published": "2025-11-25T20:40:13Z",
   "aliases": [
     "CVE-2025-65942"
@@ -78,6 +78,10 @@
       "type": "WEB",
       "url": "https://github.com/VictoriaMetrics/VictoriaMetrics/security/advisories/GHSA-66jq-2c23-2xh5"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65942"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/VictoriaMetrics/VictoriaMetrics/commit/51b44afd34d2c9a392d4ebedeeb5b4a7f5beca24"
@@ -106,6 +110,6 @@
     "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-25T20:40:13Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-25T23:15:47Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/11/GHSA-675q-66gf-gqg8/GHSA-675q-66gf-gqg8.json b/advisories/github-reviewed/2025/11/GHSA-675q-66gf-gqg8/GHSA-675q-66gf-gqg8.json
@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-675q-66gf-gqg8",
-  "modified": "2025-11-25T22:55:50Z",
+  "modified": "2025-11-27T09:01:20Z",
   "published": "2025-11-25T22:55:50Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2025-66028"
+  ],
   "summary": "OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation ",
   "details": "### Summary\n\nDuring the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface.  However, despite accessing the admin panel, the user does not have sufficient permissions to view or interact with actual data. \n\n\n### PoC\nIntercept the login response and change \"isMasterAdmin\": false → \"isMasterAdmin\": true \n<img width=\"1405\" height=\"567\" alt=\"image\" src=\"https://github.com/user-attachments/assets/7036398b-bb41-46c1-b66a-e49ec2bc3abb\" />\n<img width=\"1533\" height=\"476\" alt=\"2\" src=\"https://github.com/user-attachments/assets/4efcaef5-a939-4729-be43-3af62a7d02f8\" />\n\n\n### Impact\nThe admin dashboard is viewable.",
   "severity": [
@@ -38,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-675q-66gf-gqg8"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66028"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/OneUptime/oneuptime/commit/3e72b2a9a4f50f98cf1f6cf13fa3e405715bb370"
@@ -55,6 +61,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-25T22:55:50Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-26T19:15:52Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/11/GHSA-68q5-78xp-cwwc/GHSA-68q5-78xp-cwwc.json b/advisories/github-reviewed/2025/11/GHSA-68q5-78xp-cwwc/GHSA-68q5-78xp-cwwc.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-68q5-78xp-cwwc",
-  "modified": "2025-11-25T20:48:13Z",
+  "modified": "2025-11-27T08:59:34Z",
   "published": "2025-11-25T20:48:13Z",
   "aliases": [
     "CVE-2025-65961"
@@ -78,6 +78,10 @@
       "type": "WEB",
       "url": "https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65961"
+    },
     {
       "type": "WEB",
       "url": "https://contao.org/en/security-advisories/cross-site-scripting-in-templates"
@@ -94,6 +98,6 @@
     "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-25T20:48:13Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-25T19:15:51Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/11/GHSA-7j46-f57w-76pj/GHSA-7j46-f57w-76pj.json b/advisories/github-reviewed/2025/11/GHSA-7j46-f57w-76pj/GHSA-7j46-f57w-76pj.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7j46-f57w-76pj",
-  "modified": "2025-11-24T22:13:32Z",
+  "modified": "2025-11-27T09:01:07Z",
   "published": "2025-11-24T22:13:32Z",
   "aliases": [
     "CVE-2025-65956"
@@ -40,10 +40,18 @@
       "type": "WEB",
       "url": "https://github.com/getformwork/formwork/security/advisories/GHSA-7j46-f57w-76pj"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65956"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/getformwork/formwork/pull/791"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/getformwork/formwork/commit/4abcd60ae7692b46d316f956b0b20fb85336f3b2"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/getformwork/formwork"
@@ -56,6 +64,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-24T22:13:32Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-26T00:15:50Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/11/GHSA-8frv-q972-9rq5/GHSA-8frv-q972-9rq5.json b/advisories/github-reviewed/2025/11/GHSA-8frv-q972-9rq5/GHSA-8frv-q972-9rq5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8frv-q972-9rq5",
-  "modified": "2025-11-25T20:42:28Z",
+  "modified": "2025-11-27T09:00:00Z",
   "published": "2025-11-25T20:42:28Z",
   "aliases": [
     "CVE-2025-66017"
@@ -59,6 +59,10 @@
       "type": "WEB",
       "url": "https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-8frv-q972-9rq5"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66017"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/LFDT-Lockness/cggmp21/commit/9d98157e151596573cb071da59d27a4e0ac9b8dc"
@@ -87,6 +91,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-25T20:42:28Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-25T20:16:00Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/11/GHSA-g9gq-3pfx-2gw2/GHSA-g9gq-3pfx-2gw2.json b/advisories/github-reviewed/2025/11/GHSA-g9gq-3pfx-2gw2/GHSA-g9gq-3pfx-2gw2.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g9gq-3pfx-2gw2",
-  "modified": "2025-11-25T22:10:18Z",
+  "modified": "2025-11-27T09:01:33Z",
   "published": "2025-11-25T22:10:17Z",
   "aliases": [
     "CVE-2025-66021"
@@ -30,6 +30,10 @@
       "type": "WEB",
       "url": "https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66021"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/OWASP/java-html-sanitizer"
@@ -42,6 +46,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-25T22:10:17Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-26T02:15:49Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/11/GHSA-m95p-425x-x889/GHSA-m95p-425x-x889.json b/advisories/github-reviewed/2025/11/GHSA-m95p-425x-x889/GHSA-m95p-425x-x889.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m95p-425x-x889",
-  "modified": "2025-11-25T20:41:04Z",
+  "modified": "2025-11-27T08:59:47Z",
   "published": "2025-11-25T20:41:04Z",
   "aliases": [
     "CVE-2025-66016"
@@ -59,6 +59,10 @@
       "type": "WEB",
       "url": "https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66016"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/LFDT-Lockness/cggmp21/commit/60e0ada5291e771d5649793329d99edd32285e72"
@@ -82,11 +86,12 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-345",
       "CWE-347"
     ],
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-25T20:41:04Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-25T20:16:00Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/11/GHSA-w66h-j855-qr72/GHSA-w66h-j855-qr72.json b/advisories/github-reviewed/2025/11/GHSA-w66h-j855-qr72/GHSA-w66h-j855-qr72.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w66h-j855-qr72",
-  "modified": "2025-11-25T18:41:54Z",
+  "modified": "2025-11-27T09:00:13Z",
   "published": "2025-11-25T18:41:53Z",
   "aliases": [
     "CVE-2025-21621"
@@ -59,10 +59,18 @@
       "type": "WEB",
       "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-w66h-j855-qr72"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21621"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/geoserver/geoserver/pull/7406"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/geoserver/geoserver/commit/dc9ff1c726dd73c884437a123b4ad72b19383c7d"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/geoserver/geoserver"
@@ -83,6 +91,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-25T18:41:53Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-25T22:15:47Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/11/GHSA-x6vr-q3vf-vqgq/GHSA-x6vr-q3vf-vqgq.json b/advisories/github-reviewed/2025/11/GHSA-x6vr-q3vf-vqgq/GHSA-x6vr-q3vf-vqgq.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x6vr-q3vf-vqgq",
-  "modified": "2025-11-25T23:53:04Z",
+  "modified": "2025-11-27T09:01:42Z",
   "published": "2025-11-25T23:53:04Z",
   "aliases": [
     "CVE-2025-66026"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/redaxo/redaxo/security/advisories/GHSA-x6vr-q3vf-vqgq"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66026"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/redaxo/redaxo/commit/58929062312cf03e344ab04067a365e6b6ee66aa"
@@ -56,6 +60,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-25T23:53:04Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-26T03:15:58Z"
   }
 }
diff --git a/advisories/github-reviewed/2025/11/GHSA-xv5p-fjw5-vrj6/GHSA-xv5p-fjw5-vrj6.json b/advisories/github-reviewed/2025/11/GHSA-xv5p-fjw5-vrj6/GHSA-xv5p-fjw5-vrj6.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xv5p-fjw5-vrj6",
-  "modified": "2025-11-25T20:39:15Z",
+  "modified": "2025-11-27T09:00:39Z",
   "published": "2025-11-25T20:39:15Z",
   "aliases": [
     "CVE-2025-62703"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/fugue-project/fugue/security/advisories/GHSA-xv5p-fjw5-vrj6"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62703"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/fugue-project/fugue/commit/6f25326779fd1f528198098d6287c5a863176fc0"
@@ -55,11 +59,12 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-502",
       "CWE-78"
     ],
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-11-25T20:39:15Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-11-25T22:15:47Z"
   }
 }
