Skip to content

Commit 2687dd0

Browse files
advisory-database[bot]advisory-database[bot]
committed
Advisory Database Sync
1 parent cc25232 commit 2687dd0

187 files changed

Lines changed: 6696 additions & 39 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

advisories/unreviewed/2022/05/GHSA-5x93-92vm-jw5m/GHSA-5x93-92vm-jw5m.json

Lines changed: 120 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-5x93-92vm-jw5m",
4-
"modified": "2022-05-24T22:00:04Z",
4+
"modified": "2025-11-11T18:30:17Z",
55
"published": "2022-05-24T22:00:04Z",
66
"aliases": [
77
"CVE-2019-12735"
88
],
99
"details": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -24,19 +29,129 @@
2429
},
2530
{
2631
"type": "WEB",
27-
"url": "https://bugs.debian.org/930020"
32+
"url": "https://www.exploit-db.com/exploits/46973"
2833
},
2934
{
3035
"type": "WEB",
31-
"url": "https://bugs.debian.org/930024"
36+
"url": "https://www.debian.org/security/2019/dsa-4487"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.debian.org/security/2019/dsa-4467"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://usn.ubuntu.com/4016-2"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://usn.ubuntu.com/4016-1"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://support.f5.com/csp/article/K93144355?utm_source=f5support&utm_medium=RSS"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://support.f5.com/csp/article/K93144355?utm_source=f5support&amp%3Butm_medium=RSS"
57+
},
58+
{
59+
"type": "WEB",
60+
"url": "https://support.f5.com/csp/article/K93144355"
61+
},
62+
{
63+
"type": "WEB",
64+
"url": "https://security.gentoo.org/glsa/202003-04"
65+
},
66+
{
67+
"type": "WEB",
68+
"url": "https://seclists.org/bugtraq/2019/Jun/33"
69+
},
70+
{
71+
"type": "WEB",
72+
"url": "https://seclists.org/bugtraq/2019/Jul/39"
73+
},
74+
{
75+
"type": "WEB",
76+
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR"
77+
},
78+
{
79+
"type": "WEB",
80+
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7"
81+
},
82+
{
83+
"type": "WEB",
84+
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR"
85+
},
86+
{
87+
"type": "WEB",
88+
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7"
89+
},
90+
{
91+
"type": "WEB",
92+
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
3293
},
3394
{
3495
"type": "WEB",
3596
"url": "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md"
97+
},
98+
{
99+
"type": "WEB",
100+
"url": "https://bugs.debian.org/930024"
101+
},
102+
{
103+
"type": "WEB",
104+
"url": "https://bugs.debian.org/930020"
105+
},
106+
{
107+
"type": "WEB",
108+
"url": "https://access.redhat.com/errata/RHSA-2019:1947"
109+
},
110+
{
111+
"type": "WEB",
112+
"url": "https://access.redhat.com/errata/RHSA-2019:1793"
113+
},
114+
{
115+
"type": "WEB",
116+
"url": "https://access.redhat.com/errata/RHSA-2019:1774"
117+
},
118+
{
119+
"type": "WEB",
120+
"url": "https://access.redhat.com/errata/RHSA-2019:1619"
121+
},
122+
{
123+
"type": "WEB",
124+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html"
125+
},
126+
{
127+
"type": "WEB",
128+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html"
129+
},
130+
{
131+
"type": "WEB",
132+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html"
133+
},
134+
{
135+
"type": "WEB",
136+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html"
137+
},
138+
{
139+
"type": "WEB",
140+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html"
141+
},
142+
{
143+
"type": "WEB",
144+
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html"
145+
},
146+
{
147+
"type": "WEB",
148+
"url": "http://www.securityfocus.com/bid/108724"
36149
}
37150
],
38151
"database_specific": {
39-
"cwe_ids": [],
152+
"cwe_ids": [
153+
"CWE-78"
154+
],
40155
"severity": "HIGH",
41156
"github_reviewed": false,
42157
"github_reviewed_at": null,

advisories/unreviewed/2022/05/GHSA-ggrp-mmv9-mmpc/GHSA-ggrp-mmv9-mmpc.json

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-ggrp-mmv9-mmpc",
4-
"modified": "2022-05-24T17:29:51Z",
4+
"modified": "2025-11-11T18:30:13Z",
55
"published": "2022-05-24T17:29:51Z",
66
"aliases": [
77
"CVE-2020-25761"
88
],
99
"details": "Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -18,6 +23,10 @@
1823
"type": "WEB",
1924
"url": "https://packetstormsecurity.com/files/author/15149"
2025
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/48830"
29+
},
2130
{
2231
"type": "WEB",
2332
"url": "http://packetstormsecurity.com/files/159263/Visitor-Management-System-In-PHP-1.0-Cross-Site-Scripting.html"
@@ -28,7 +37,9 @@
2837
}
2938
],
3039
"database_specific": {
31-
"cwe_ids": [],
40+
"cwe_ids": [
41+
"CWE-79"
42+
],
3243
"severity": "MODERATE",
3344
"github_reviewed": false,
3445
"github_reviewed_at": null,

advisories/unreviewed/2022/05/GHSA-mhh4-ggqv-qpg6/GHSA-mhh4-ggqv-qpg6.json

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-mhh4-ggqv-qpg6",
4-
"modified": "2022-05-24T17:47:42Z",
4+
"modified": "2025-11-11T18:30:13Z",
55
"published": "2022-05-24T17:47:42Z",
66
"aliases": [
77
"CVE-2021-27129"
88
],
99
"details": "CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -17,6 +22,10 @@
1722
{
1823
"type": "WEB",
1924
"url": "https://packetstormsecurity.com/files/161080/CASAP-Automated-Enrollment-System-1.0-Cross-Site-Scripting.html"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/49470"
2029
}
2130
],
2231
"database_specific": {

advisories/unreviewed/2022/05/GHSA-rwj7-6838-wfrj/GHSA-rwj7-6838-wfrj.json

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-rwj7-6838-wfrj",
4-
"modified": "2022-05-24T17:29:50Z",
4+
"modified": "2025-11-11T18:30:13Z",
55
"published": "2022-05-24T17:29:50Z",
66
"aliases": [
77
"CVE-2020-25760"
88
],
99
"details": "Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -18,6 +23,10 @@
1823
"type": "WEB",
1924
"url": "https://packetstormsecurity.com/files/author/15149"
2025
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/48911"
29+
},
2130
{
2231
"type": "WEB",
2332
"url": "http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html"

advisories/unreviewed/2022/05/GHSA-w9w3-f8q7-x576/GHSA-w9w3-f8q7-x576.json

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-w9w3-f8q7-x576",
4-
"modified": "2023-08-08T15:31:18Z",
4+
"modified": "2025-11-11T18:30:13Z",
55
"published": "2022-05-24T19:06:02Z",
66
"aliases": [
77
"CVE-2021-33624"
@@ -23,6 +23,10 @@
2323
"type": "WEB",
2424
"url": "https://github.com/torvalds/linux/commit/9183671af6dbf60a1219371d4ed73e23f43b49db"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/benschlueter/CVE-2021-33624"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
@@ -38,7 +42,8 @@
3842
],
3943
"database_specific": {
4044
"cwe_ids": [
41-
"CWE-203"
45+
"CWE-203",
46+
"CWE-843"
4247
],
4348
"severity": "MODERATE",
4449
"github_reviewed": false,

advisories/unreviewed/2023/07/GHSA-j94g-69xw-xx5q/GHSA-j94g-69xw-xx5q.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-j94g-69xw-xx5q",
4-
"modified": "2023-11-14T18:30:19Z",
4+
"modified": "2025-11-11T18:30:13Z",
55
"published": "2023-07-10T18:30:50Z",
66
"aliases": [
77
"CVE-2023-36375"
@@ -30,6 +30,10 @@
3030
{
3131
"type": "WEB",
3232
"url": "https://packetstormsecurity.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.exploit-db.com/exploits/50628"
3337
}
3438
],
3539
"database_specific": {

advisories/unreviewed/2023/08/GHSA-jrfx-7644-2jj6/GHSA-jrfx-7644-2jj6.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-jrfx-7644-2jj6",
4-
"modified": "2024-04-04T07:17:11Z",
4+
"modified": "2025-11-11T18:30:14Z",
55
"published": "2023-08-30T15:30:19Z",
66
"aliases": [
77
"CVE-2023-41537"
@@ -22,6 +22,10 @@
2222
{
2323
"type": "WEB",
2424
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version-3.2"
2529
}
2630
],
2731
"database_specific": {

advisories/unreviewed/2023/11/GHSA-4h7h-xhv3-2g96/GHSA-4h7h-xhv3-2g96.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-4h7h-xhv3-2g96",
4-
"modified": "2023-11-13T15:30:20Z",
4+
"modified": "2025-11-11T18:30:14Z",
55
"published": "2023-11-03T06:36:29Z",
66
"aliases": [
77
"CVE-2023-38965"
@@ -23,6 +23,10 @@
2323
"type": "WEB",
2424
"url": "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.exploit-db.com/exploits/51795"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html"

0 commit comments

Comments
 (0)