github
diff --git a/‎advisories/unreviewed/2025/10/GHSA-2mqf-crhf-c264/GHSA-2mqf-crhf-c264.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/10/GHSA-2mqf-crhf-c264/GHSA-2mqf-crhf-c264.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-32f6-jrx4-x77h/GHSA-32f6-jrx4-x77h.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/10/GHSA-32f6-jrx4-x77h/GHSA-32f6-jrx4-x77h.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-3ph4-2g83-q4c3/GHSA-3ph4-2g83-q4c3.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/10/GHSA-3ph4-2g83-q4c3/GHSA-3ph4-2g83-q4c3.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-3qxh-pr59-jwh7/GHSA-3qxh-pr59-jwh7.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/10/GHSA-3qxh-pr59-jwh7/GHSA-3qxh-pr59-jwh7.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-66qm-mpmg-rpq7/GHSA-66qm-mpmg-rpq7.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/10/GHSA-66qm-mpmg-rpq7/GHSA-66qm-mpmg-rpq7.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-6p96-4pr7-737x/GHSA-6p96-4pr7-737x.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/10/GHSA-6p96-4pr7-737x/GHSA-6p96-4pr7-737x.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-6qrg-xqpq-vmx9/GHSA-6qrg-xqpq-vmx9.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/10/GHSA-6qrg-xqpq-vmx9/GHSA-6qrg-xqpq-vmx9.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-89hr-pmwg-8fw2/GHSA-89hr-pmwg-8fw2.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/10/GHSA-89hr-pmwg-8fw2/GHSA-89hr-pmwg-8fw2.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-8x6f-f882-qfh8/GHSA-8x6f-f882-qfh8.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/10/GHSA-8x6f-f882-qfh8/GHSA-8x6f-f882-qfh8.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-94gv-43w2-9f3r/GHSA-94gv-43w2-9f3r.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/10/GHSA-94gv-43w2-9f3r/GHSA-94gv-43w2-9f3r.json‎
Lines changed: 5 additions & 1 deletion
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2mqf-crhf-c264",
-  "modified": "2025-10-31T00:30:31Z",
+  "modified": "2025-11-05T18:31:29Z",
   "published": "2025-10-31T00:30:31Z",
   "aliases": [
     "CVE-2016-15053"
   ],
   "details": "Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
 
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-32f6-jrx4-x77h",
-  "modified": "2025-10-31T00:30:32Z",
+  "modified": "2025-11-05T18:31:30Z",
   "published": "2025-10-31T00:30:32Z",
   "aliases": [
     "CVE-2021-47700"
   ],
   "details": "Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes could read/overwrite export artifacts or manipulate paths, risking disclosure or tampering and potential code execution depending on deployment.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
 
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3ph4-2g83-q4c3",
-  "modified": "2025-10-31T00:30:32Z",
+  "modified": "2025-11-05T18:31:30Z",
   "published": "2025-10-31T00:30:32Z",
   "aliases": [
     "CVE-2020-36869"
   ],
   "details": "Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly sanitized, allowing SQL injection that may lead to unauthorized disclosure or modification of application data or execution of arbitrary SQL commands against the backend database.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
 
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3qxh-pr59-jwh7",
-  "modified": "2025-10-31T00:30:32Z",
+  "modified": "2025-11-05T18:31:30Z",
   "published": "2025-10-31T00:30:32Z",
   "aliases": [
     "CVE-2020-36867"
   ],
   "details": "Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped, allowing an authenticated attacker who can trigger PDF exports to inject shell metacharacters or arguments.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
 
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-66qm-mpmg-rpq7",
-  "modified": "2025-10-31T00:30:33Z",
+  "modified": "2025-11-05T18:31:30Z",
   "published": "2025-10-31T00:30:33Z",
   "aliases": [
     "CVE-2023-7314"
   ],
   "details": "Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bandwidth Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
 
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6p96-4pr7-737x",
-  "modified": "2025-10-31T00:30:31Z",
+  "modified": "2025-11-05T18:31:29Z",
   "published": "2025-10-31T00:30:31Z",
   "aliases": [
     "CVE-2018-25121"
   ],
   "details": "Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
 
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6qrg-xqpq-vmx9",
-  "modified": "2025-10-31T00:30:31Z",
+  "modified": "2025-11-05T18:31:29Z",
   "published": "2025-10-31T00:30:31Z",
   "aliases": [
     "CVE-2020-36863"
   ],
   "details": "Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file types or enforce storage outside of the webroot, and the web server permitted execution within the upload directory. An authenticated attacker with access to the audio import feature could upload a crafted PHP file and then request it to achieve remote code execution with the privileges of the application service.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
 
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-89hr-pmwg-8fw2",
-  "modified": "2025-10-31T00:30:31Z",
+  "modified": "2025-11-05T18:31:29Z",
   "published": "2025-10-31T00:30:31Z",
   "aliases": [
     "CVE-2018-25122"
   ],
   "details": "Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inject commands or otherwise execute arbitrary code with the privileges of the application service.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
 
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8x6f-f882-qfh8",
-  "modified": "2025-10-31T00:30:33Z",
+  "modified": "2025-11-05T18:31:30Z",
   "published": "2025-10-31T00:30:33Z",
   "aliases": [
     "CVE-2023-7313"
   ],
   "details": "Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bulk Modifications tool. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
 
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-94gv-43w2-9f3r",
-  "modified": "2025-10-31T00:30:32Z",
+  "modified": "2025-11-05T18:31:30Z",
   "published": "2025-10-31T00:30:32Z",
   "aliases": [
     "CVE-2021-47695"
   ],
   "details": "Nagios XI versions prior to 5.8.0 are vulnerable to stored cross-site scripting (XSS) via the My Tools page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"