Publish Advisories

GHSA-xmcw-mv9p-7pq2
GHSA-cgrx-mc8f-2prm
GHSA-qj3m-73c6-4ww7

Author: advisory-database[bot]

advisories/github-reviewed/2025/09/GHSA-xmcw-mv9p-7pq2/GHSA-xmcw-mv9p-7pq2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xmcw-mv9p-7pq2",
-  "modified": "2025-10-16T22:34:39Z",
+  "modified": "2025-11-07T12:31:11Z",
   "published": "2025-09-05T21:32:38Z",
   "withdrawn": "2025-10-16T22:34:39Z",
   "aliases": [],
@@ -104,6 +104,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:16400"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19923"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19925"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-10044"

advisories/github-reviewed/2025/11/GHSA-cgrx-mc8f-2prm/GHSA-cgrx-mc8f-2prm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cgrx-mc8f-2prm",
-  "modified": "2025-11-06T21:31:52Z",
+  "modified": "2025-11-07T12:31:34Z",
   "published": "2025-11-05T18:40:40Z",
   "aliases": [
     "CVE-2025-52881"
@@ -50,11 +50,14 @@
               "introduced": "0"
             },
             {
-              "last_affected": "1.12.0"
+              "fixed": "1.13.0"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.12.0"
+      }
     },
     {
       "package": {
@@ -192,16 +195,20 @@
     },
     {
       "type": "WEB",
-      "url": "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs"
+      "url": "https://youtu.be/tGseJW_uBB8"
     },
     {
       "type": "WEB",
-      "url": "https://youtu.be/tGseJW_uBB8"
+      "url": "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs"
     },
     {
       "type": "WEB",
       "url": "https://youtu.be/y1PaBzxwRWQ"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/opencontainers/selinux/releases/tag/v1.13.0"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md"

advisories/unreviewed/2025/11/GHSA-qj3m-73c6-4ww7/GHSA-qj3m-73c6-4ww7.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qj3m-73c6-4ww7",
+  "modified": "2025-11-07T12:31:11Z",
+  "published": "2025-11-07T12:31:11Z",
+  "aliases": [
+    "CVE-2025-10870"
+  ],
+  "details": "SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10870"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-dials-centrosnet"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-07T10:15:38Z"
+  }
+}