Skip to content

Commit f108a4a

Browse files
Advisory Database Sync
1 parent e396f08 commit f108a4a

25 files changed

Lines changed: 1228 additions & 4 deletions

File tree

advisories/github-reviewed/2025/03/GHSA-48g7-3x6r-xfhp/GHSA-48g7-3x6r-xfhp.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-48g7-3x6r-xfhp",
4-
"modified": "2025-03-11T20:07:32Z",
4+
"modified": "2026-06-06T00:30:36Z",
55
"published": "2025-03-11T20:07:32Z",
66
"aliases": [
77
"CVE-2025-1550"
@@ -59,6 +59,14 @@
5959
{
6060
"type": "WEB",
6161
"url": "https://github.com/keras-team/keras/releases/tag/v3.9.0"
62+
},
63+
{
64+
"type": "WEB",
65+
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-122.yaml"
66+
},
67+
{
68+
"type": "WEB",
69+
"url": "https://towerofhanoi.it/writeups/cve-2025-1550"
6270
}
6371
],
6472
"database_specific": {

advisories/github-reviewed/2025/05/GHSA-2544-hpcq-6g27/GHSA-2544-hpcq-6g27.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2544-hpcq-6g27",
4-
"modified": "2025-05-06T18:51:10Z",
4+
"modified": "2026-06-06T00:31:10Z",
55
"published": "2025-05-05T21:31:28Z",
66
"aliases": [
77
"CVE-2025-29573"
@@ -40,6 +40,10 @@
4040
"type": "ADVISORY",
4141
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29573"
4242
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/mezzanine/PYSEC-2025-136.yaml"
46+
},
4347
{
4448
"type": "PACKAGE",
4549
"url": "https://github.com/stephenmcd/mezzanine"

advisories/github-reviewed/2025/05/GHSA-8jhr-wpcm-hh4h/GHSA-8jhr-wpcm-hh4h.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-8jhr-wpcm-hh4h",
4-
"modified": "2025-05-15T16:21:16Z",
4+
"modified": "2026-06-06T00:31:24Z",
55
"published": "2025-05-15T16:21:16Z",
66
"aliases": [
77
"CVE-2025-47783"
@@ -51,6 +51,10 @@
5151
{
5252
"type": "PACKAGE",
5353
"url": "https://github.com/HumanSignal/label-studio"
54+
},
55+
{
56+
"type": "WEB",
57+
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/label-studio/PYSEC-2025-124.yaml"
5458
}
5559
],
5660
"database_specific": {

advisories/github-reviewed/2025/07/GHSA-269j-37ww-cmh3/GHSA-269j-37ww-cmh3.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-269j-37ww-cmh3",
4-
"modified": "2025-07-23T19:33:15Z",
4+
"modified": "2026-06-06T00:31:34Z",
55
"published": "2025-07-23T18:30:36Z",
66
"aliases": [
77
"CVE-2025-50481"
@@ -44,6 +44,10 @@
4444
"type": "WEB",
4545
"url": "https://github.com/kevinpdicks/Mezzanine-CMS-6.1.0-XSS"
4646
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/mezzanine/PYSEC-2025-137.yaml"
50+
},
4751
{
4852
"type": "PACKAGE",
4953
"url": "https://github.com/stephenmcd/mezzanine"
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2mcq-gv8w-446w",
4+
"modified": "2026-06-06T00:31:39Z",
5+
"published": "2026-06-06T00:31:39Z",
6+
"aliases": [
7+
"CVE-2026-8893"
8+
],
9+
"details": "The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up to, and including, 1.28.0. This is due to insufficient input sanitization and output escaping on the shortcode attribute value, which is concatenated into an HTML attribute in the rendered output of the register_shortcode() function without being passed through esc_attr() or any other escaping function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8893"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/wp-stripe-express/tags/1.28.0/includes/wp-stripe-shortcodes.php#L31"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/wp-stripe-express/tags/1.28.0/includes/wp-stripe-shortcodes.php#L46"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3553233%40wp-stripe-express&new=3553233%40wp-stripe-express&sfp_email=&sfph_mail="
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a7dbb82-b484-4b86-b8dc-7a1e7291dec2?source=cve"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-79"
42+
],
43+
"severity": "MODERATE",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2026-06-06T00:16:41Z"
47+
}
48+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5vph-83m8-9635",
4+
"modified": "2026-06-06T00:31:39Z",
5+
"published": "2026-06-06T00:31:39Z",
6+
"aliases": [
7+
"CVE-2026-8608"
8+
],
9+
"details": "The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capture_payment() AJAX handler (registered via wp_ajax_nopriv_em_capture_payment) trusting client-supplied payment data — including transaction ID, amount, and payment status — without performing any server-side verification against the PayPal API or any other payment gateway, and without nonce or capability checks. This makes it possible for unauthenticated attackers to forge payment records, mark bookings as Completed, and obtain confirmation emails containing valid QR code tickets without making any actual payment.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8608"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/event-monster/tags/2.0.1/includes/class-event-monster-ajax.php#L844"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/event-monster/tags/2.0.1/includes/class-event-monster-ajax.php#L890"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/event-monster/tags/2.0.1/includes/class-event-monster-ajax.php#L92"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3554570%40event-monster&new=3554570%40event-monster&sfp_email=&sfph_mail="
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/daddfbd2-cff4-4caa-bbdc-9945a635a1d6?source=cve"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-345"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-06-06T00:16:41Z"
51+
}
52+
}
Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,84 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-83v9-496w-54wx",
4+
"modified": "2026-06-06T00:31:39Z",
5+
"published": "2026-06-06T00:31:39Z",
6+
"aliases": [
7+
"CVE-2026-9290"
8+
],
9+
"details": "The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9290"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/WPUserManager/wp-user-manager/pull/445"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.15/includes/functions.php#L955"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.15/includes/permalinks.php#L133"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.15/templates/profile.php#L52"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.15/vendor-dist/brain/cortex/src/Cortex/Router/Router.php#L183"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.15/vendor-dist/gamajo/template-loader/class-gamajo-template-loader.php#L226"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.17/includes/functions.php#L955"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.17/includes/permalinks.php#L133"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.17/templates/profile.php#L52"
57+
},
58+
{
59+
"type": "WEB",
60+
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.17/vendor-dist/brain/cortex/src/Cortex/Router/Router.php#L183"
61+
},
62+
{
63+
"type": "WEB",
64+
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.17/vendor-dist/gamajo/template-loader/class-gamajo-template-loader.php#L226"
65+
},
66+
{
67+
"type": "WEB",
68+
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3554574%40wp-user-manager&new=3554574%40wp-user-manager&sfp_email=&sfph_mail="
69+
},
70+
{
71+
"type": "WEB",
72+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7a5e08d8-c6ef-42a3-9599-28c3bfb35017?source=cve"
73+
}
74+
],
75+
"database_specific": {
76+
"cwe_ids": [
77+
"CWE-22"
78+
],
79+
"severity": "HIGH",
80+
"github_reviewed": false,
81+
"github_reviewed_at": null,
82+
"nvd_published_at": "2026-06-06T00:16:42Z"
83+
}
84+
}
Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8w67-crqv-vpjm",
4+
"modified": "2026-06-06T00:31:39Z",
5+
"published": "2026-06-06T00:31:39Z",
6+
"aliases": [
7+
"CVE-2026-9719"
8+
],
9+
"details": "The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the change_status function. This makes it possible for unauthenticated attackers to change the status of arbitrary invoices — including marking unpaid invoices as paid — without administrator consent via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9719"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.0/lib/controllers/invoices_controller.php#L234"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.0/lib/controllers/invoices_controller.php#L246"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.0/lib/helpers/params_helper.php#L12"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.0/lib/controllers/invoices_controller.php#L234"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.0/lib/controllers/invoices_controller.php#L246"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.0/lib/helpers/params_helper.php#L12"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://plugins.trac.wordpress.org/changeset/3553094/latepoint"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c720fffe-c089-450a-ac5f-1138c1c223d9?source=cve"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-352"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2026-06-06T00:16:42Z"
63+
}
64+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-96xj-rmhf-c584",
4+
"modified": "2026-06-06T00:31:38Z",
5+
"published": "2026-06-06T00:31:38Z",
6+
"aliases": [
7+
"CVE-2026-11431"
8+
],
9+
"details": "A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files (including entire directories returned as archives) to be read from the server filesystem.\n\n\n\n\nBecause the readable files include service configuration and credential material, exploitation can be used to gather information enabling further compromise. The issue can be combined with CVE-2026-11424 to reach the cloud-side endpoint. On multi-tenant Altium 365 deployments, the readable configuration could have exposed credentials shared across services. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 at the service level.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11431"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.altium.com/platform/security-compliance/security-advisories"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-22"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2026-06-05T22:16:47Z"
35+
}
36+
}

0 commit comments

Comments
 (0)