Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit f5fcf115e7c9 · 2025-11-14T00:32:17.000Z
GHSA-856v-8qm2-9wjv GHSA-895x-rfqp-jh5c GHSA-c6cm-5gc7-c3f4 GHSA-rg35-5v25-mqvp GHSA-7m9g-pmxf-m9m8 GHSA-56w8-48fp-6mgv GHSA-5x48-f75w-m9hh GHSA-gcw9-j843-4vfx GHSA-gf4w-g7vv-vr2w GHSA-h3rm-rxwj-hfmw GHSA-hfx3-278h-qhxq GHSA-r72q-m2q4-p766
diff --git a/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json b/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-856v-8qm2-9wjv",
-  "modified": "2025-11-10T03:30:15Z",
+  "modified": "2025-11-14T00:30:27Z",
   "published": "2025-08-07T21:31:08Z",
   "aliases": [
     "CVE-2025-7195"
@@ -56,6 +56,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19961"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21368"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-7195"
diff --git a/advisories/github-reviewed/2025/10/GHSA-895x-rfqp-jh5c/GHSA-895x-rfqp-jh5c.json b/advisories/github-reviewed/2025/10/GHSA-895x-rfqp-jh5c/GHSA-895x-rfqp-jh5c.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-895x-rfqp-jh5c",
-  "modified": "2025-10-23T19:24:54Z",
+  "modified": "2025-11-14T00:30:27Z",
   "published": "2025-10-23T15:30:34Z",
   "aliases": [
     "CVE-2025-12110"
@@ -44,6 +44,14 @@
       "type": "WEB",
       "url": "https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21370"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21371"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-12110"
diff --git a/advisories/github-reviewed/2025/10/GHSA-c6cm-5gc7-c3f4/GHSA-c6cm-5gc7-c3f4.json b/advisories/github-reviewed/2025/10/GHSA-c6cm-5gc7-c3f4/GHSA-c6cm-5gc7-c3f4.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c6cm-5gc7-c3f4",
-  "modified": "2025-10-29T15:35:08Z",
+  "modified": "2025-11-14T00:30:27Z",
   "published": "2025-10-28T06:31:05Z",
   "aliases": [
     "CVE-2025-10939"
@@ -40,6 +40,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10939"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21370"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21371"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-10939"
diff --git a/advisories/github-reviewed/2025/10/GHSA-rg35-5v25-mqvp/GHSA-rg35-5v25-mqvp.json b/advisories/github-reviewed/2025/10/GHSA-rg35-5v25-mqvp/GHSA-rg35-5v25-mqvp.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rg35-5v25-mqvp",
-  "modified": "2025-11-12T16:00:22Z",
+  "modified": "2025-11-14T00:30:27Z",
   "published": "2025-10-28T15:30:43Z",
   "aliases": [
     "CVE-2025-12390"
@@ -60,6 +60,14 @@
       "type": "WEB",
       "url": "https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21370"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21371"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-12390"
diff --git a/advisories/github-reviewed/2025/11/GHSA-7m9g-pmxf-m9m8/GHSA-7m9g-pmxf-m9m8.json b/advisories/github-reviewed/2025/11/GHSA-7m9g-pmxf-m9m8/GHSA-7m9g-pmxf-m9m8.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7m9g-pmxf-m9m8",
-  "modified": "2025-11-13T23:41:02Z",
+  "modified": "2025-11-14T00:30:27Z",
   "published": "2025-11-13T18:31:05Z",
   "aliases": [
     "CVE-2025-11538"
@@ -40,6 +40,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11538"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21370"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:21371"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-11538"
diff --git a/advisories/unreviewed/2025/11/GHSA-56w8-48fp-6mgv/GHSA-56w8-48fp-6mgv.json b/advisories/unreviewed/2025/11/GHSA-56w8-48fp-6mgv/GHSA-56w8-48fp-6mgv.json
@@ -0,0 +1,46 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-56w8-48fp-6mgv",
+  "modified": "2025-11-14T00:30:27Z",
+  "published": "2025-11-14T00:30:27Z",
+  "aliases": [
+    "CVE-2025-47913"
+  ],
+  "details": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/cl/700295"
+    },
+    {
+      "type": "WEB",
+      "url": "https://go.dev/issue/75178"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2025-4116"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T22:15:51Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-5x48-f75w-m9hh/GHSA-5x48-f75w-m9hh.json b/advisories/unreviewed/2025/11/GHSA-5x48-f75w-m9hh/GHSA-5x48-f75w-m9hh.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5x48-f75w-m9hh",
+  "modified": "2025-11-14T00:30:27Z",
+  "published": "2025-11-14T00:30:27Z",
+  "aliases": [
+    "CVE-2025-36236"
+  ],
+  "details": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36236"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7251173"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T22:15:50Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-gcw9-j843-4vfx/GHSA-gcw9-j843-4vfx.json b/advisories/unreviewed/2025/11/GHSA-gcw9-j843-4vfx/GHSA-gcw9-j843-4vfx.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gcw9-j843-4vfx",
+  "modified": "2025-11-14T00:30:27Z",
+  "published": "2025-11-14T00:30:27Z",
+  "aliases": [
+    "CVE-2025-36096"
+  ],
+  "details": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36096"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7251173"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-522"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T22:15:50Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-gf4w-g7vv-vr2w/GHSA-gf4w-g7vv-vr2w.json b/advisories/unreviewed/2025/11/GHSA-gf4w-g7vv-vr2w/GHSA-gf4w-g7vv-vr2w.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gf4w-g7vv-vr2w",
+  "modified": "2025-11-14T00:30:27Z",
+  "published": "2025-11-14T00:30:27Z",
+  "aliases": [
+    "CVE-2025-36250"
+  ],
+  "details": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls.  This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36250"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7251173"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-114"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T22:15:50Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-h3rm-rxwj-hfmw/GHSA-h3rm-rxwj-hfmw.json b/advisories/unreviewed/2025/11/GHSA-h3rm-rxwj-hfmw/GHSA-h3rm-rxwj-hfmw.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h3rm-rxwj-hfmw",
+  "modified": "2025-11-14T00:30:27Z",
+  "published": "2025-11-14T00:30:27Z",
+  "aliases": [
+    "CVE-2025-13131"
+  ],
+  "details": "A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\\ProgramData\\Sonarr\\bin\\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default permissions. The attack is only possible with local access. The vendor confirms this vulnerability but classifies it as a \"low severity issue due to the default service user being used as it would either require someone to intentionally change the service to a highly privileged account or an attacker would need an admin level account\". It is planned to fix this issue in the next major release v5.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13131"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Sonarr.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.332362"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.332362"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.683894"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T22:15:50Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-hfx3-278h-qhxq/GHSA-hfx3-278h-qhxq.json b/advisories/unreviewed/2025/11/GHSA-hfx3-278h-qhxq/GHSA-hfx3-278h-qhxq.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hfx3-278h-qhxq",
+  "modified": "2025-11-14T00:30:27Z",
+  "published": "2025-11-14T00:30:27Z",
+  "aliases": [
+    "CVE-2025-36251"
+  ],
+  "details": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36251"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7251173"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-114"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T22:15:51Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-r72q-m2q4-p766/GHSA-r72q-m2q4-p766.json b/advisories/unreviewed/2025/11/GHSA-r72q-m2q4-p766/GHSA-r72q-m2q4-p766.json
