Skip to content

Commit ac92e71

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-ff9h-848c-4xfj GHSA-px2c-r924-mwcc
1 parent c52d16a commit ac92e71

2 files changed

Lines changed: 62 additions & 8 deletions

File tree

advisories/unreviewed/2025/06/GHSA-ff9h-848c-4xfj/GHSA-ff9h-848c-4xfj.json renamed to advisories/github-reviewed/2025/06/GHSA-ff9h-848c-4xfj/GHSA-ff9h-848c-4xfj.json

Lines changed: 29 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,49 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-ff9h-848c-4xfj",
4-
"modified": "2025-06-17T21:32:08Z",
4+
"modified": "2025-06-18T19:41:42Z",
55
"published": "2025-06-12T18:31:48Z",
66
"aliases": [
77
"CVE-2025-29744"
88
],
9+
"summary": "pg-promise SQL Injection vulnerability",
910
"details": "pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "npm",
21+
"name": "pg-promise"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "11.5.5"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29744"
2142
},
43+
{
44+
"type": "PACKAGE",
45+
"url": "https://github.com/vitaly-t/pg-promise"
46+
},
2247
{
2348
"type": "WEB",
2449
"url": "https://github.com/vitaly-t/pg-promise/discussions/911"
@@ -33,8 +58,8 @@
3358
"CWE-89"
3459
],
3560
"severity": "MODERATE",
36-
"github_reviewed": false,
37-
"github_reviewed_at": null,
61+
"github_reviewed": true,
62+
"github_reviewed_at": "2025-06-18T19:41:41Z",
3863
"nvd_published_at": "2025-06-12T16:15:22Z"
3964
}
4065
}

advisories/unreviewed/2025/06/GHSA-px2c-r924-mwcc/GHSA-px2c-r924-mwcc.json renamed to advisories/github-reviewed/2025/06/GHSA-px2c-r924-mwcc/GHSA-px2c-r924-mwcc.json

Lines changed: 33 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,49 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-px2c-r924-mwcc",
4-
"modified": "2025-06-18T15:31:15Z",
4+
"modified": "2025-06-18T19:42:25Z",
55
"published": "2025-06-18T15:31:15Z",
66
"aliases": [
77
"CVE-2025-49015"
88
],
9+
"summary": "Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates",
910
"details": "The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "NuGet",
21+
"name": "CouchbaseNetClient"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
}
30+
]
31+
}
32+
],
33+
"database_specific": {
34+
"last_known_affected_version_range": "< 3.7.1"
35+
}
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49015"
2142
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/couchbase/couchbase-net-client/commit/04d1679b2178f922036be6e595b3d91f972c5ba3"
46+
},
2247
{
2348
"type": "WEB",
2449
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html"
@@ -27,6 +52,10 @@
2752
"type": "WEB",
2853
"url": "https://forums.couchbase.com/tags/security"
2954
},
55+
{
56+
"type": "PACKAGE",
57+
"url": "https://github.com/couchbase/couchbase-net-client"
58+
},
3059
{
3160
"type": "WEB",
3261
"url": "https://www.couchbase.com/alerts"
@@ -37,8 +66,8 @@
3766
"CWE-297"
3867
],
3968
"severity": "MODERATE",
40-
"github_reviewed": false,
41-
"github_reviewed_at": null,
69+
"github_reviewed": true,
70+
"github_reviewed_at": "2025-06-18T19:42:25Z",
4271
"nvd_published_at": "2025-06-18T14:15:44Z"
4372
}
4473
}

0 commit comments

Comments
 (0)