Publish Advisories

GHSA-273c-4g26-4jpm
GHSA-8hw3-ghwv-crfh
GHSA-cf57-c578-7jvv
GHSA-gp5f-cx7h-8q6f
GHSA-h72q-cq3w-h3wc
GHSA-jqmq-fpwv-p925
GHSA-qxr9-f877-9842
GHSA-v3c9-j6h9-66v4
GHSA-x957-32v9-m7vg
GHSA-8hw3-ghwv-crfh

Author: advisory-database[bot]

…-273c-4g26-4jpm/GHSA-273c-4g26-4jpm.json …-273c-4g26-4jpm/GHSA-273c-4g26-4jpm.jsonadvisories/unreviewed/2025/10/GHSA-273c-4g26-4jpm/GHSA-273c-4g26-4jpm.json renamed to advisories/github-reviewed/2025/10/GHSA-273c-4g26-4jpm/GHSA-273c-4g26-4jpm.json advisories/unreviewed/2025/10/GHSA-273c-4g26-4jpm/GHSA-273c-4g26-4jpm.json renamed to advisories/github-reviewed/2025/10/GHSA-273c-4g26-4jpm/GHSA-273c-4g26-4jpm.json

@@ -1,24 +1,57 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-273c-4g26-4jpm",
-  "modified": "2025-10-30T15:32:36Z",
+  "modified": "2025-10-30T17:08:56Z",
   "published": "2025-10-30T12:31:11Z",
   "aliases": [
     "CVE-2025-62402"
   ],
+  "summary": "Apache Airflow `/api/v2/dagReports` executes DAG Python in API",
   "details": "API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "apache-airflow"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3.0.0"
+            },
+            {
+              "fixed": "3.1.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62402"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/apache/airflow/pull/56609"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/apache/airflow/commit/828aaa0b1d95caf90612a648867c17aec7e87874"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/apache/airflow"
+    },
     {
       "type": "WEB",
       "url": "https://lists.apache.org/thread/vbzxnxn031wb998hsd7vqnvh4z8nx6rs"
@@ -33,8 +66,8 @@
       "CWE-250"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-30T17:08:56Z",
     "nvd_published_at": "2025-10-30T10:15:35Z"
   }
 }

advisories/github-reviewed/2025/10/GHSA-8hw3-ghwv-crfh/GHSA-8hw3-ghwv-crfh.json

@@ -0,0 +1,77 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8hw3-ghwv-crfh",
+  "modified": "2025-10-30T17:07:13Z",
+  "published": "2025-10-30T00:31:04Z",
+  "aliases": [
+    "CVE-2025-62257"
+  ],
+  "summary": "Liferay Portal vulnerable to password enumeration",
+  "details": "Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "com.liferay.portal:release.portal.bom"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "7.4.0-ga1"
+            },
+            {
+              "fixed": "7.4.3.120"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62257"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/liferay/liferay-portal/commit/45cffd5030ab78e8b005d9cfd6284311da978c68"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/liferay/liferay-portal/commit/924a0a47007665693fe2d29623cb48a426a80266"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/liferay/liferay-portal/commit/d21627ac07561c5063f611be631e63ff502ec8e7"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/liferay/liferay-portal"
+    },
+    {
+      "type": "WEB",
+      "url": "https://liferay.atlassian.net/browse/LPE-17692"
+    },
+    {
+      "type": "WEB",
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62257"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-307"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-30T17:07:12Z",
+    "nvd_published_at": "2025-10-30T00:15:34Z"
+  }
+}

advisories/github-reviewed/2025/10/GHSA-cf57-c578-7jvv/GHSA-cf57-c578-7jvv.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cf57-c578-7jvv",
+  "modified": "2025-10-30T17:08:12Z",
+  "published": "2025-10-30T17:08:12Z",
+  "aliases": [],
+  "summary": "Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode",
+  "details": "### Summary\n\nWhen using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to `javascript:` URLs, it could still trigger dangerous behavior in some cases.\n\n`GET https://example.com/.within.website/?redir=javascript:alert()` responds with `Location: javascript:alert()`.\n\n### Impact\n\nAnybody with a subrequest authentication seems affected. Using `javascript:` URLs will probably be blocked by most modern browsers, but using custom protocols for third-party applications might still trigger dangerous operations.\n\n### Note\n\nThis was originally reported by @mbiesiad against Weblate.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/TecharoHQ/anubis"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.23.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/TecharoHQ/anubis/security/advisories/GHSA-cf57-c578-7jvv"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/TecharoHQ/anubis/commit/7ed1753fcced351c81961bf520a7bfb2caac6e88"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/TecharoHQ/anubis"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-601",
+      "CWE-79"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-30T17:08:12Z",
+    "nvd_published_at": null
+  }
+}

…-gp5f-cx7h-8q6f/GHSA-gp5f-cx7h-8q6f.json …-gp5f-cx7h-8q6f/GHSA-gp5f-cx7h-8q6f.jsonadvisories/unreviewed/2025/10/GHSA-gp5f-cx7h-8q6f/GHSA-gp5f-cx7h-8q6f.json renamed to advisories/github-reviewed/2025/10/GHSA-gp5f-cx7h-8q6f/GHSA-gp5f-cx7h-8q6f.json advisories/unreviewed/2025/10/GHSA-gp5f-cx7h-8q6f/GHSA-gp5f-cx7h-8q6f.json renamed to advisories/github-reviewed/2025/10/GHSA-gp5f-cx7h-8q6f/GHSA-gp5f-cx7h-8q6f.json

@@ -1,27 +1,52 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gp5f-cx7h-8q6f",
-  "modified": "2025-10-30T15:32:36Z",
+  "modified": "2025-10-30T17:09:32Z",
   "published": "2025-10-30T12:31:11Z",
   "aliases": [
     "CVE-2025-62503"
   ],
+  "summary": "Apache Airflow's create action can upsert existing Pools/Connections/Variables",
   "details": "User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "apache-airflow"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3.0.0"
+            },
+            {
+              "fixed": "3.1.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62503"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/apache/airflow"
+    },
     {
       "type": "WEB",
-      "url": "https://lists.apache.org/thread/3v58249qscyn1hg240gh8hqg9pb4okcr"
+      "url": "https://lists.apache.org/thread/ov923dyccwbv01v9mhcv7t7ykzobycfo"
     },
     {
       "type": "WEB",
@@ -33,8 +58,8 @@
       "CWE-250"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-30T17:09:32Z",
     "nvd_published_at": "2025-10-30T10:15:35Z"
   }
 }

…-h72q-cq3w-h3wc/GHSA-h72q-cq3w-h3wc.json …-h72q-cq3w-h3wc/GHSA-h72q-cq3w-h3wc.jsonadvisories/unreviewed/2025/10/GHSA-h72q-cq3w-h3wc/GHSA-h72q-cq3w-h3wc.json renamed to advisories/github-reviewed/2025/10/GHSA-h72q-cq3w-h3wc/GHSA-h72q-cq3w-h3wc.json advisories/unreviewed/2025/10/GHSA-h72q-cq3w-h3wc/GHSA-h72q-cq3w-h3wc.json renamed to advisories/github-reviewed/2025/10/GHSA-h72q-cq3w-h3wc/GHSA-h72q-cq3w-h3wc.json

@@ -1,19 +1,40 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h72q-cq3w-h3wc",
-  "modified": "2025-10-30T15:32:35Z",
+  "modified": "2025-10-30T17:06:12Z",
   "published": "2025-10-30T00:31:04Z",
   "aliases": [
     "CVE-2025-12083"
   ],
-  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS).This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.",
+  "summary": "Drupal CivicTheme Design System allows Cross-Site Scripting (XSS)",
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS). This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "drupal/civictheme"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.12.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -29,8 +50,8 @@
       "CWE-79"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-30T17:06:12Z",
     "nvd_published_at": "2025-10-30T00:15:34Z"
   }
 }

…-jqmq-fpwv-p925/GHSA-jqmq-fpwv-p925.json …-jqmq-fpwv-p925/GHSA-jqmq-fpwv-p925.jsonadvisories/unreviewed/2025/10/GHSA-jqmq-fpwv-p925/GHSA-jqmq-fpwv-p925.json renamed to advisories/github-reviewed/2025/10/GHSA-jqmq-fpwv-p925/GHSA-jqmq-fpwv-p925.json advisories/unreviewed/2025/10/GHSA-jqmq-fpwv-p925/GHSA-jqmq-fpwv-p925.json renamed to advisories/github-reviewed/2025/10/GHSA-jqmq-fpwv-p925/GHSA-jqmq-fpwv-p925.json

@@ -1,19 +1,40 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jqmq-fpwv-p925",
-  "modified": "2025-10-30T15:32:35Z",
+  "modified": "2025-10-30T17:06:19Z",
   "published": "2025-10-30T00:31:04Z",
   "aliases": [
     "CVE-2025-12466"
   ],
-  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.",
+  "summary": "Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass",
+  "details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass. This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "drupal/simple_oauth"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "6.0.0"
+            },
+            {
+              "fixed": "6.0.7"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -29,8 +50,8 @@
       "CWE-288"
     ],
     "severity": "HIGH",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-30T17:06:19Z",
     "nvd_published_at": "2025-10-30T00:15:34Z"
   }
 }