github
diff --git a/‎advisories/unreviewed/2025/10/GHSA-27fv-rpgj-4c6m/GHSA-27fv-rpgj-4c6m.json‎
Lines changed: 31 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-27fv-rpgj-4c6m/GHSA-27fv-rpgj-4c6m.json‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-27mc-9399-r9mx/GHSA-27mc-9399-r9mx.json‎
Lines changed: 31 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-27mc-9399-r9mx/GHSA-27mc-9399-r9mx.json‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-447v-2qg4-h8hc/GHSA-447v-2qg4-h8hc.json‎
Lines changed: 41 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-447v-2qg4-h8hc/GHSA-447v-2qg4-h8hc.json‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-47pv-wxrm-xq5g/GHSA-47pv-wxrm-xq5g.json‎
Lines changed: 36 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-47pv-wxrm-xq5g/GHSA-47pv-wxrm-xq5g.json‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-549x-5p4h-q5jp/GHSA-549x-5p4h-q5jp.json‎
Lines changed: 44 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-549x-5p4h-q5jp/GHSA-549x-5p4h-q5jp.json‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-7wwx-xj66-r44x/GHSA-7wwx-xj66-r44x.json‎
Lines changed: 41 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-7wwx-xj66-r44x/GHSA-7wwx-xj66-r44x.json‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-8hw3-ghwv-crfh/GHSA-8hw3-ghwv-crfh.json‎
Lines changed: 36 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-8hw3-ghwv-crfh/GHSA-8hw3-ghwv-crfh.json‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-9gcr-gp5f-jw27/GHSA-9gcr-gp5f-jw27.json‎
Lines changed: 41 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-9gcr-gp5f-jw27/GHSA-9gcr-gp5f-jw27.json‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-c4hj-8xp2-799f/GHSA-c4hj-8xp2-799f.json‎
Lines changed: 36 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-c4hj-8xp2-799f/GHSA-c4hj-8xp2-799f.json‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/10/GHSA-cxq7-xw9v-rcv3/GHSA-cxq7-xw9v-rcv3.json‎
Lines changed: 41 additions & 0 deletions b/‎advisories/unreviewed/2025/10/GHSA-cxq7-xw9v-rcv3/GHSA-cxq7-xw9v-rcv3.json‎
Lines changed: 41 additions & 0 deletions
@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-27fv-rpgj-4c6m",
+  "modified": "2025-10-30T00:31:03Z",
+  "published": "2025-10-30T00:31:03Z",
+  "aliases": [
+    "CVE-2025-10930"
+  ],
+  "details": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10930"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.drupal.org/sa-contrib-2025-110"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T00:15:34Z"
+  }
+}
@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-27mc-9399-r9mx",
+  "modified": "2025-10-30T00:31:03Z",
+  "published": "2025-10-30T00:31:03Z",
+  "aliases": [
+    "CVE-2025-10928"
+  ],
+  "details": "Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10928"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.drupal.org/sa-contrib-2025-108"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-307"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T00:15:34Z"
+  }
+}
@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-447v-2qg4-h8hc",
+  "modified": "2025-10-30T00:31:02Z",
+  "published": "2025-10-30T00:31:02Z",
+  "aliases": [
+    "CVE-2025-47912"
+  ],
+  "details": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/cl/709857"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/issue/75678"
+    },
+    {
+      "type": "WEB",
+      "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2025-4010"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T23:16:18Z"
+  }
+}
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-47pv-wxrm-xq5g",
+  "modified": "2025-10-30T00:31:02Z",
+  "published": "2025-10-30T00:31:02Z",
+  "aliases": [
+    "CVE-2025-54548"
+  ],
+  "details": "On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54548"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T23:16:19Z"
+  }
+}
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-549x-5p4h-q5jp",
+  "modified": "2025-10-30T00:31:02Z",
+  "published": "2025-10-30T00:31:02Z",
+  "aliases": [
+    "CVE-2025-61959"
+  ],
+  "details": "Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode=\"Off\"', which could have facilitated reconnaissance by unauthenticated attackers.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61959"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-301-01"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vertikalsystems.com/en/products/pm/contact.php"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-209"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T22:15:40Z"
+  }
+}
@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7wwx-xj66-r44x",
+  "modified": "2025-10-30T00:31:03Z",
+  "published": "2025-10-30T00:31:03Z",
+  "aliases": [
+    "CVE-2025-58188"
+  ],
+  "details": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/cl/709853"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/issue/75675"
+    },
+    {
+      "type": "WEB",
+      "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2025-4013"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T23:16:19Z"
+  }
+}
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8hw3-ghwv-crfh",
+  "modified": "2025-10-30T00:31:04Z",
+  "published": "2025-10-30T00:31:04Z",
+  "aliases": [
+    "CVE-2025-62257"
+  ],
+  "details": "Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62257"
+    },
+    {
+      "type": "WEB",
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62257"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-307"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T00:15:34Z"
+  }
+}
@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9gcr-gp5f-jw27",
+  "modified": "2025-10-30T00:31:02Z",
+  "published": "2025-10-30T00:31:02Z",
+  "aliases": [
+    "CVE-2025-58183"
+  ],
+  "details": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/cl/709861"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/issue/75677"
+    },
+    {
+      "type": "WEB",
+      "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2025-4014"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T23:16:19Z"
+  }
+}
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c4hj-8xp2-799f",
+  "modified": "2025-10-30T00:31:02Z",
+  "published": "2025-10-30T00:31:02Z",
+  "aliases": [
+    "CVE-2025-54547"
+  ],
+  "details": "On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54547"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-613"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T23:16:18Z"
+  }
+}
@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cxq7-xw9v-rcv3",
+  "modified": "2025-10-30T00:31:03Z",
+  "published": "2025-10-30T00:31:03Z",
+  "aliases": [
+    "CVE-2025-58189"
+  ],
+  "details": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/cl/707776"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/issue/75652"
+    },
+    {
+      "type": "WEB",
+      "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2025-4008"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-29T23:16:19Z"
+  }
+}