github
diff --git a/‎advisories/unreviewed/2024/05/GHSA-r32p-mj73-6wq6/GHSA-r32p-mj73-6wq6.json‎
Lines changed: 2 additions & 2 deletions b/‎advisories/unreviewed/2024/05/GHSA-r32p-mj73-6wq6/GHSA-r32p-mj73-6wq6.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎advisories/unreviewed/2025/04/GHSA-5gwv-2q72-gxrm/GHSA-5gwv-2q72-gxrm.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/04/GHSA-5gwv-2q72-gxrm/GHSA-5gwv-2q72-gxrm.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/10/GHSA-25wf-7x6c-wmpf/GHSA-25wf-7x6c-wmpf.json‎
Lines changed: 35 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-25wf-7x6c-wmpf/GHSA-25wf-7x6c-wmpf.json‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-264c-vhxj-p55j/GHSA-264c-vhxj-p55j.json‎
Lines changed: 42 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-264c-vhxj-p55j/GHSA-264c-vhxj-p55j.json‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-2g78-g7c6-x75p/GHSA-2g78-g7c6-x75p.json‎
Lines changed: 64 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-2g78-g7c6-x75p/GHSA-2g78-g7c6-x75p.json‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-2hmv-pxch-4v62/GHSA-2hmv-pxch-4v62.json‎
Lines changed: 40 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-2hmv-pxch-4v62/GHSA-2hmv-pxch-4v62.json‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-3h98-2j89-27gf/GHSA-3h98-2j89-27gf.json‎
Lines changed: 25 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-3h98-2j89-27gf/GHSA-3h98-2j89-27gf.json‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-3v7p-2jr8-qj72/GHSA-3v7p-2jr8-qj72.json‎
Lines changed: 58 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-3v7p-2jr8-qj72/GHSA-3v7p-2jr8-qj72.json‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-422v-w6c5-vq42/GHSA-422v-w6c5-vq42.json‎
Lines changed: 40 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-422v-w6c5-vq42/GHSA-422v-w6c5-vq42.json‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-4j23-w98q-23fx/GHSA-4j23-w98q-23fx.json‎
Lines changed: 44 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-4j23-w98q-23fx/GHSA-4j23-w98q-23fx.json‎
Lines changed: 44 additions & 0 deletions
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r32p-mj73-6wq6",
-  "modified": "2024-05-14T18:30:59Z",
+  "modified": "2025-10-23T12:31:14Z",
   "published": "2024-05-14T18:30:59Z",
   "aliases": [
     "CVE-2024-28165"
   ],
-  "details": "\nSAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application\n\n",
+  "details": "SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application",
   "severity": [
     {
       "type": "CVSS_V3",
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5gwv-2q72-gxrm",
-  "modified": "2025-04-07T18:30:41Z",
+  "modified": "2025-10-23T12:31:16Z",
   "published": "2025-04-02T21:30:51Z",
   "aliases": [
     "CVE-2025-2704"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://community.openvpn.net/openvpn/wiki/CVE-2025-2704"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.mail-archive.com/[email protected]/msg00142.html"
+    },
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2025/04/02/5"
 
@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-25wf-7x6c-wmpf",
+  "modified": "2025-10-23T12:31:17Z",
+  "published": "2025-10-23T12:31:17Z",
+  "aliases": [
+    "CVE-2025-62398"
+  ],
+  "details": "A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62398"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2025-62398"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404431"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-23T12:15:32Z"
+  }
+}
@@ -0,0 +1,42 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-264c-vhxj-p55j",
+  "modified": "2025-10-23T12:31:15Z",
+  "published": "2025-10-23T12:31:15Z",
+  "aliases": [
+    "CVE-2022-49617"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: sof_sdw: handle errors on card registration\n\nIf the card registration fails, typically because of deferred probes,\nthe device properties added for headset codecs are not removed, which\nleads to kernel oopses in driver bind/unbind tests.\n\nWe already clean-up the device properties when the card is removed,\nthis code can be moved as a helper and called upon card registration\nerrors.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49617"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/09bca0ffc95c50369f1345d80ecfaca51864126f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f2556ce6b35ae0fc72000a4daa21ded12665e2f2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/fe154c4ff376bc31041c6441958a08243df09c99"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-02-26T07:01:37Z"
+  }
+}
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2g78-g7c6-x75p",
+  "modified": "2025-10-23T12:31:16Z",
+  "published": "2025-10-23T12:31:15Z",
+  "aliases": [
+    "CVE-2022-49625"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix kernel panic when creating VF\n\nWhen creating VFs a kernel panic can happen when calling to\nefx_ef10_try_update_nic_stats_vf.\n\nWhen releasing a DMA coherent buffer, sometimes, I don't know in what\nspecific circumstances, it has to unmap memory with vunmap. It is\ndisallowed to do that in IRQ context or with BH disabled. Otherwise, we\nhit this line in vunmap, causing the crash:\n  BUG_ON(in_interrupt());\n\nThis patch reenables BH to release the buffer.\n\nLog messages when the bug is hit:\n kernel BUG at mm/vmalloc.c:2727!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 6 PID: 1462 Comm: NetworkManager Kdump: loaded Tainted: G          I      --------- ---  5.14.0-119.el9.x86_64 #1\n Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020\n RIP: 0010:vunmap+0x2e/0x30\n ...skip...\n Call Trace:\n  __iommu_dma_free+0x96/0x100\n  efx_nic_free_buffer+0x2b/0x40 [sfc]\n  efx_ef10_try_update_nic_stats_vf+0x14a/0x1c0 [sfc]\n  efx_ef10_update_stats_vf+0x18/0x40 [sfc]\n  efx_start_all+0x15e/0x1d0 [sfc]\n  efx_net_open+0x5a/0xe0 [sfc]\n  __dev_open+0xe7/0x1a0\n  __dev_change_flags+0x1d7/0x240\n  dev_change_flags+0x21/0x60\n  ...skip...",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49625"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/16662524ec5da801fb78a1afcaf6e782f1cf103a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/68e5f32f0de9594629ff9e599294d9801c6187de"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/82bcb730f856086f033e6c04082eb4503d4c2fa4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ada74c5539eba06cf8b47d068f92e0b3963a9a6e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b82e4ad58a7fb72456503958a93060f87896e629"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b9072305270579a9d6afc9b926166231e5b1a7c8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/d9840212a9c00507347c703f4fdeda16400407e0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/da346adcf5573fd8663cabfdfe8371009629a906"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-02-26T07:01:37Z"
+  }
+}
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2hmv-pxch-4v62",
+  "modified": "2025-10-23T12:31:16Z",
+  "published": "2025-10-23T12:31:16Z",
+  "aliases": [
+    "CVE-2025-9981"
+  ],
+  "details": "QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality (sliders-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9981"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert.pl/posts/2025/10/CVE-2025-9980"
+    },
+    {
+      "type": "WEB",
+      "url": "https://opensolution.org/cms-system-quick-cms.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-23T10:15:32Z"
+  }
+}
@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3h98-2j89-27gf",
+  "modified": "2025-10-23T12:31:16Z",
+  "published": "2025-10-23T12:31:16Z",
+  "aliases": [
+    "CVE-2024-14011"
+  ],
+  "details": "Rejected reason: Duplicate.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-14011"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-23T12:15:29Z"
+  }
+}
@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3v7p-2jr8-qj72",
+  "modified": "2025-10-23T12:31:15Z",
+  "published": "2025-10-23T12:31:15Z",
+  "aliases": [
+    "CVE-2022-49611"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/speculation: Fill RSB on vmexit for IBRS\n\nPrevent RSB underflow/poisoning attacks with RSB.  While at it, add a\nbunch of comments to attempt to document the current state of tribal\nknowledge about RSB attacks and what exactly is being mitigated.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49611"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/17a9fc4a7b91f8599223631bb6ae6416bc0de1c0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/3d323b99ff5c8c57005184056d65f6af5b0479d8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4d7f72b6e1bc630bec7e4cd51814bc2b092bf153"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/8c38306e2e9257af4af2819aa287a4711ff36329"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/8d5cff499a6d740c91ff37963907e0e983c37f0f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/9756bba28470722dacb79ffce554336dd1f6a6cd"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f744b88dfc201bf8092833ec70b23c720188b527"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-02-26T07:01:36Z"
+  }
+}
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-422v-w6c5-vq42",
+  "modified": "2025-10-23T12:31:17Z",
+  "published": "2025-10-23T12:31:17Z",
+  "aliases": [
+    "CVE-2025-62400"
+  ],
+  "details": "Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62400"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2025-62400"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404433"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-23T12:15:32Z"
+  }
+}
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4j23-w98q-23fx",
+  "modified": "2025-10-23T12:31:15Z",
+  "published": "2025-10-23T12:31:15Z",
+  "aliases": [
+    "CVE-2022-49606"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix sleep from invalid context BUG\n\nTaking the qos_mutex to process RoCEv2 QP's on netdev events causes a\nkernel splat.\n\nFix this by removing the handling for RoCEv2 in\nirdma_cm_teardown_connections that uses the mutex. This handling is only\nneeded for iWARP to avoid having connections established while the link is\ndown or having connections remain functional after the IP address is\nremoved.\n\n  BUG: sleeping function called from invalid context at kernel/locking/mutex.\n  Call Trace:\n  kernel: dump_stack+0x66/0x90\n  kernel: ___might_sleep.cold.92+0x8d/0x9a\n  kernel: mutex_lock+0x1c/0x40\n  kernel: irdma_cm_teardown_connections+0x28e/0x4d0 [irdma]\n  kernel: ? check_preempt_curr+0x7a/0x90\n  kernel: ? select_idle_sibling+0x22/0x3c0\n  kernel: ? select_task_rq_fair+0x94c/0xc90\n  kernel: ? irdma_exec_cqp_cmd+0xc27/0x17c0 [irdma]\n  kernel: ? __wake_up_common+0x7a/0x190\n  kernel: irdma_if_notify+0x3cc/0x450 [irdma]\n  kernel: ? sched_clock_cpu+0xc/0xb0\n  kernel: irdma_inet6addr_event+0xc6/0x150 [irdma]",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49606"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/2cae7e519032e4b4672cb9204d5586a441924364"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a4c5115140ed1833197bad9a6b80265840ff427f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/cc0315564d6eec91c716d314b743321be24c70b3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-02-26T07:01:36Z"
+  }
+}