Skip to content

Commit ead2ce9

Browse files
advisory-database[bot]advisory-database[bot]
committed
Advisory Database Sync
1 parent d04503b commit ead2ce9

File tree

210 files changed

+6677
-117
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

210 files changed

+6677
-117
lines changed

advisories/github-reviewed/2025/12/GHSA-j5gq-897m-2rff/GHSA-j5gq-897m-2rff.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j5gq-897m-2rff",
4+
"modified": "2025-12-10T21:31:52Z",
5+
"published": "2025-12-10T21:31:52Z",
6+
"aliases": [
7+
"CVE-2025-67505"
8+
],
9+
"summary": "Race condition in the Okta Java SDK",
10+
"details": "### Description\nIn the Okta Java SDK, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response.\n\n\n### Affected product and versions\nYou may be affected if you meet the following preconditions:\n- Using the Okta Java SDK between versions 11.0.0 and 20.0.0, and\n- Implementing a multithreaded application with the ApiClient class where the response status code is used in access control flows\n\n### Resolution\nUpgrade Okta/okta-sdk-java to versions 21.0.0 or greater.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "com.okta.sdk:okta-sdk-root"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "11.0.0"
29+
},
30+
{
31+
"fixed": "20.0.1"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 20.0.0"
38+
}
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/okta/okta-sdk-java/security/advisories/GHSA-j5gq-897m-2rff"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://github.com/okta/okta-sdk-java/commit/abf4f128a0441f90cb7efcdcf4bde1aef8703243"
49+
},
50+
{
51+
"type": "PACKAGE",
52+
"url": "https://github.com/okta/okta-sdk-java"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-362"
58+
],
59+
"severity": "HIGH",
60+
"github_reviewed": true,
61+
"github_reviewed_at": "2025-12-10T21:31:52Z",
62+
"nvd_published_at": null
63+
}
64+
}

advisories/github-reviewed/2025/12/GHSA-qhr6-6cgv-6638/GHSA-qhr6-6cgv-6638.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-qhr6-6cgv-6638",
4+
"modified": "2025-12-10T21:30:55Z",
5+
"published": "2025-12-10T21:30:55Z",
6+
"aliases": [
7+
"CVE-2025-66033"
8+
],
9+
"summary": "Improper Memory Cleanup in the Okta Java SDK",
10+
"details": "### Description\nIn the Okta Java SDK, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load.\n\n### Affected product and versions\nYou may be affected by this vulnerability if you meet the following preconditions:\n- Using the Okta Java SDK between versions 21.0.0 and 24.0.0, and\n- Implementing a long-running application using the ApiClient in a multi-threaded manner.\n\n### Resolution\nUpgrade Okta/okta-sdk-java to versions 24.0.1 or greater. \n\n### Acknowledgement\nOkta would like to thank Andrew Pikler (pyckle) for their discovery and responsible disclosure.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "com.okta.sdk:okta-sdk-root"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "21.0.0"
29+
},
30+
{
31+
"fixed": "24.0.1"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 24.0.0"
38+
}
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/okta/okta-sdk-java/security/advisories/GHSA-qhr6-6cgv-6638"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://github.com/okta/okta-sdk-java/commit/1daa9229a70fc38fb252aeaa637f82d0b0729b3f"
49+
},
50+
{
51+
"type": "PACKAGE",
52+
"url": "https://github.com/okta/okta-sdk-java"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-401"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": true,
61+
"github_reviewed_at": "2025-12-10T21:30:55Z",
62+
"nvd_published_at": null
63+
}
64+
}

advisories/github-reviewed/2025/12/GHSA-wcgj-f865-c7j7/GHSA-wcgj-f865-c7j7.json

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wcgj-f865-c7j7",
4+
"modified": "2025-12-10T21:31:24Z",
5+
"published": "2025-12-10T21:31:24Z",
6+
"aliases": [
7+
"CVE-2025-67490"
8+
],
9+
"summary": "Improper Request Caching Lookup in the Auth0 Next.js SDK",
10+
"details": "### Description\nWhen using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results.\n\n### Am I Affected?\nYou are affected if you meet the following preconditions:\n- Applications using the auth0/nextjs-auth0 SDK with a singleton client instance, versions 4.11.0, 4.11.1, and 4.12.0.\n\n### Affected product and versions\nAuth0/nextjs-auth0 v4.11.0, v4.11.1, and v4.12.0.\n\n### Resolution\nUpgrade Auth0/nextjs-auth0 version to v4.11.2 or v4.12.1\n\n### Acknowledgements\nOkta would like to thank Joshua Rogers for their discovery and responsible disclosure.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "npm",
21+
"name": "@auth0/nextjs-auth0"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "4.11.0"
29+
},
30+
{
31+
"fixed": "4.11.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "npm",
40+
"name": "@auth0/nextjs-auth0"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "4.12.0"
48+
},
49+
{
50+
"fixed": "4.12.1"
51+
}
52+
]
53+
}
54+
]
55+
}
56+
],
57+
"references": [
58+
{
59+
"type": "WEB",
60+
"url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-wcgj-f865-c7j7"
61+
},
62+
{
63+
"type": "WEB",
64+
"url": "https://github.com/auth0/nextjs-auth0/commit/26cc8a7c60f4b134700912736f991a25bd6bbf0b"
65+
},
66+
{
67+
"type": "PACKAGE",
68+
"url": "https://github.com/auth0/nextjs-auth0"
69+
}
70+
],
71+
"database_specific": {
72+
"cwe_ids": [
73+
"CWE-863"
74+
],
75+
"severity": "MODERATE",
76+
"github_reviewed": true,
77+
"github_reviewed_at": "2025-12-10T21:31:24Z",
78+
"nvd_published_at": null
79+
}
80+
}

advisories/unreviewed/2024/01/GHSA-cx8g-4cf5-cjv3/GHSA-cx8g-4cf5-cjv3.json

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-cx8g-4cf5-cjv3",
4-
"modified": "2025-11-24T21:30:56Z",
4+
"modified": "2025-12-10T21:31:29Z",
55
"published": "2024-01-25T21:32:14Z",
66
"aliases": [
77
"CVE-2023-52356"
@@ -75,6 +75,18 @@
7575
"type": "WEB",
7676
"url": "https://access.redhat.com/security/cve/CVE-2023-52356"
7777
},
78+
{
79+
"type": "WEB",
80+
"url": "https://access.redhat.com/errata/RHSA-2025:23080"
81+
},
82+
{
83+
"type": "WEB",
84+
"url": "https://access.redhat.com/errata/RHSA-2025:23079"
85+
},
86+
{
87+
"type": "WEB",
88+
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
89+
},
7890
{
7991
"type": "WEB",
8092
"url": "https://access.redhat.com/errata/RHSA-2025:21994"

advisories/unreviewed/2024/01/GHSA-fh6j-mgh8-7prh/GHSA-fh6j-mgh8-7prh.json

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-fh6j-mgh8-7prh",
4-
"modified": "2025-11-24T21:30:55Z",
4+
"modified": "2025-12-10T21:31:28Z",
55
"published": "2024-01-25T21:32:14Z",
66
"aliases": [
77
"CVE-2023-52355"
@@ -27,6 +27,18 @@
2727
"type": "WEB",
2828
"url": "https://access.redhat.com/errata/RHSA-2025:21994"
2929
},
30+
{
31+
"type": "WEB",
32+
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://access.redhat.com/errata/RHSA-2025:23079"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://access.redhat.com/errata/RHSA-2025:23080"
41+
},
3042
{
3143
"type": "WEB",
3244
"url": "https://access.redhat.com/security/cve/CVE-2023-52355"

advisories/unreviewed/2024/02/GHSA-8m6h-q36w-xvg7/GHSA-8m6h-q36w-xvg7.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-8m6h-q36w-xvg7",
4-
"modified": "2024-11-25T21:30:48Z",
4+
"modified": "2025-12-10T21:31:28Z",
55
"published": "2024-02-15T09:30:35Z",
66
"aliases": [
77
"CVE-2024-0353"
@@ -30,6 +30,14 @@
3030
{
3131
"type": "WEB",
3232
"url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.exploit-db.com/exploits/51351"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.exploit-db.com/exploits/51964"
3341
}
3442
],
3543
"database_specific": {

advisories/unreviewed/2025/02/GHSA-f6mr-g7jq-gx82/GHSA-f6mr-g7jq-gx82.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-f6mr-g7jq-gx82",
4-
"modified": "2025-02-26T00:32:19Z",
4+
"modified": "2025-12-10T21:31:28Z",
55
"published": "2025-02-26T00:32:19Z",
66
"aliases": [
77
"CVE-2025-0514"
88
],
99
"details": "Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/03/GHSA-9hr4-7h76-8f5h/GHSA-9hr4-7h76-8f5h.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-9hr4-7h76-8f5h",
4-
"modified": "2025-03-20T21:31:47Z",
4+
"modified": "2025-12-10T21:31:28Z",
55
"published": "2025-03-20T21:31:47Z",
66
"aliases": [
77
"CVE-2025-2538"
@@ -19,6 +19,10 @@
1919
"type": "ADVISORY",
2020
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2538"
2121
},
22+
{
23+
"type": "WEB",
24+
"url": "https://support.esri.com/en-us/patches-updates/2025/portal-for-arcgis-security-2025-update-3-patch"
25+
},
2226
{
2327
"type": "WEB",
2428
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-1-patch"

advisories/unreviewed/2025/03/GHSA-r73f-2rxh-prfm/GHSA-r73f-2rxh-prfm.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-r73f-2rxh-prfm",
4-
"modified": "2025-03-21T15:31:15Z",
4+
"modified": "2025-12-10T21:31:28Z",
55
"published": "2025-03-21T15:31:15Z",
66
"aliases": [
77
"CVE-2021-25635"
88
],
99
"details": "An Improper Certificate Validation vulnerability in LibreOffice allowed \nan attacker to self sign an ODF document, with a signature untrusted by \nthe target, then modify it to change the signature algorithm to an \ninvalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a \nvalid signature issued by a trusted person\n\n\nThis issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/06/GHSA-98qw-prqm-9f4p/GHSA-98qw-prqm-9f4p.json

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-98qw-prqm-9f4p",
4-
"modified": "2025-12-05T21:30:21Z",
4+
"modified": "2025-12-10T21:31:29Z",
55
"published": "2025-06-26T21:31:08Z",
66
"aliases": [
77
"CVE-2025-5318"
@@ -31,6 +31,18 @@
3131
"type": "WEB",
3232
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
3333
},
34+
{
35+
"type": "WEB",
36+
"url": "https://access.redhat.com/errata/RHSA-2025:23080"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://access.redhat.com/errata/RHSA-2025:23079"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
45+
},
3446
{
3547
"type": "WEB",
3648
"url": "https://access.redhat.com/errata/RHSA-2025:22275"

0 commit comments

Comments
 (0)