feat: update advisories (#142)

🤖 beep boop - looks like there's some changes to the advisories!

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>

Author: Ackama-Security-Auditor

advisories/email_tfa/DSA-CONTRIB-2025-115.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.7.0",
+  "id": "DSA-CONTRIB-2025-115",
+  "modified": "2025-11-05T18:08:01.000Z",
+  "published": "2025-11-05T18:08:01.000Z",
+  "aliases": [
+    "CVE-2025-12760"
+  ],
+  "details": "The Email TFA module provides additional email-based two-factor authentication for Drupal logins.\n\nIn certain scenarios, the module does not fully protect all login mechanisms as expected.\n\nThis issue is mitigated by the fact that an attacker must already have valid user credentials (username and password) to take advantage of the weakness.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "drupal/email_tfa"
+      },
+      "severity": [],
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.0.6"
+            }
+          ],
+          "database_specific": {
+            "constraint": "<2.0.6"
+          }
+        }
+      ],
+      "database_specific": {
+        "affected_versions": "<2.0.6"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://www.drupal.org/sa-contrib-2025-115"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Pierre Rudloff (prudloff)",
+      "contact": [
+        "https://www.drupal.org/u/prudloff"
+      ]
+    }
+  ]
+}

advisories/simple_multistep/DSA-CONTRIB-2025-116.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.7.0",
+  "id": "DSA-CONTRIB-2025-116",
+  "modified": "2025-11-05T18:09:13.000Z",
+  "published": "2025-11-05T18:09:13.000Z",
+  "aliases": [
+    "CVE-2025-12761"
+  ],
+  "details": "This module provides the ability to convert any entity form into a simple multi-step form.\n\nThe module doesn\u2019t sufficiently filter certain user-provided text leading to a cross-site scripting (XSS) vulnerability.\n\nThis vulnerability is mitigated by the fact that an attacker must have a role with the permission \u201cadminister node form display\u201d.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "drupal/simple_multistep"
+      },
+      "severity": [],
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.0.0"
+            }
+          ],
+          "database_specific": {
+            "constraint": "<2.0.0"
+          }
+        }
+      ],
+      "database_specific": {
+        "affected_versions": "<2.0.0"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://www.drupal.org/sa-contrib-2025-116"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Ide Braakman (idebr)",
+      "contact": [
+        "https://www.drupal.org/u/idebr"
+      ]
+    }
+  ]
+}