Publish Advisories

GHSA-2vhw-q7vh-7xv2
GHSA-4rh7-jwg9-m28m
GHSA-538c-55jv-c5g9
GHSA-8h88-gxp3-j7pg
GHSA-c65f-x25w-62jv
GHSA-hvc7-763r-4f3h

Author: advisory-database[bot]

advisories/github-reviewed/2026/04/GHSA-2vhw-q7vh-7xv2/GHSA-2vhw-q7vh-7xv2.json

@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vhw-q7vh-7xv2",
+  "modified": "2026-04-01T21:11:59Z",
+  "published": "2026-04-01T21:11:59Z",
+  "aliases": [],
+  "summary": "openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers",
+  "details": "### Summary\n\nThe `/ready` endpoint in `openssl_encrypt_server/server.py` at **lines 159-175** catches database errors and returns the full exception string in the response.\n\n### Affected Code\n\n```python\nexcept Exception as e:\n    return {\"status\": \"not_ready\", \"reason\": str(e)}\n```\n\n### Impact\n\nDatabase exception messages can leak:\n- Database hostnames and IP addresses\n- Connection parameters and port numbers\n- Driver version information\n- Potentially database credentials if included in connection string errors\n\nThis information is available to unauthenticated callers.\n\n### Recommended Fix\n\n- Return a generic error message: `{\"status\": \"not_ready\", \"reason\": \"database unavailable\"}`\n- Log the full exception server-side for debugging\n\n### Fix\n\nFixed in commit `7aa8787` on branch `releases/1.4.x` — replaced str(e) with generic \"database check failed\" message; full exception logged server-side at WARNING level.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "openssl-encrypt"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.4.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/jahlives/openssl_encrypt/security/advisories/GHSA-2vhw-q7vh-7xv2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jahlives/openssl_encrypt/commit/7aa8787f4de2e9a23f58fca067bb16c4c69d28bb"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/jahlives/openssl_encrypt"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-201"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T21:11:59Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/04/GHSA-4rh7-jwg9-m28m/GHSA-4rh7-jwg9-m28m.json

@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4rh7-jwg9-m28m",
+  "modified": "2026-04-01T21:12:19Z",
+  "published": "2026-04-01T21:12:19Z",
+  "aliases": [],
+  "summary": "openssl-encrypt accepts refresh tokens as URL query parameters causing token leakage",
+  "details": "### Summary\n\nRefresh tokens are accepted as URL query parameters in the keyserver and telemetry server routes.\n\n### Affected Code\n\n```python\n# openssl_encrypt_server/modules/keyserver/routes.py:214-215\n# openssl_encrypt_server/modules/telemetry/routes.py:90-91\nasync def refresh_token(\n    request: Request,\n    refresh_token: str = Query(..., description=\"Refresh token\")\n):\n```\n\n### Impact\n\nTokens in URL query parameters are exposed in:\n- Server access logs\n- Proxy/CDN logs\n- Browser history\n- HTTP Referer headers\n- Network monitoring tools\n\nThis creates significant token leakage risk.\n\n### Recommended Fix\n\n- Accept refresh tokens in the request body (POST) instead of query parameters\n- Use `Body(...)` instead of `Query(...)`\n\n### Fix\n\nFixed in commit `4b2adb0` on branch `releases/1.4.x` — moved refresh token from Query parameter to POST body via RefreshRequest Pydantic model.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "openssl-encrypt"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.4.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/jahlives/openssl_encrypt/security/advisories/GHSA-4rh7-jwg9-m28m"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jahlives/openssl_encrypt/commit/4b2adb05cde8a7ee03cdd271755da3b377c68011"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/jahlives/openssl_encrypt"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-598"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T21:12:19Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/04/GHSA-538c-55jv-c5g9/GHSA-538c-55jv-c5g9.json

@@ -0,0 +1,74 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-538c-55jv-c5g9",
+  "modified": "2026-04-01T21:10:52Z",
+  "published": "2026-04-01T21:10:52Z",
+  "aliases": [
+    "CVE-2026-34445"
+  ],
+  "summary": "ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.",
+  "details": "### Summary\nThe ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. The problem? It didn’t check if the \"keys\" in the file were valid. Because it blindly trusted the file, an attacker could craft a malicious model that overwrites internal object properties.\n\n### Why its Dangerous\n**Instant Crash DoS**: An attacker can set the length property to a massive number like 9 petabytes. When the system tries to load the model, it attempts to allocate all that RAM at once, causing the server to crash or freeze Out of Memory.\n\n**Access Bypass**: By setting a negative offset -1, an attacker can trick the system into reading parts of a file it wasn't supposed to touch.\n\n**Object Corruption**: Attackers can even inject \"dunder\" attributes like __class__ to change the object's type entirely, which could lead to more complex exploits.\n\n**Fixed**: https://github.com/onnx/onnx/pull/7751 object state corruption and DoS via ExternalDataInfo attribute injection",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "onnx"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.21.0"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 1.20.1"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34445"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/onnx/onnx/pull/7751"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/onnx/onnx"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20",
+      "CWE-400",
+      "CWE-915"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T21:10:52Z",
+    "nvd_published_at": "2026-04-01T18:16:30Z"
+  }
+}

advisories/github-reviewed/2026/04/GHSA-8h88-gxp3-j7pg/GHSA-8h88-gxp3-j7pg.json

@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8h88-gxp3-j7pg",
+  "modified": "2026-04-01T21:11:14Z",
+  "published": "2026-04-01T21:11:14Z",
+  "aliases": [],
+  "summary": "openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys",
+  "details": "### Summary\n\nThe `PublicKeyBundle.from_dict()` method in `openssl_encrypt/modules/key_bundle.py` at **lines 329-361** creates bundles from untrusted data without verifying the signature. The docstring warns to call `verify_signature()` after creation, but the `to_identity()` method (line 363-391) can convert an unverified bundle directly to an `Identity` object.\n\n### Affected Code\n\n```python\n@classmethod\ndef from_dict(cls, data: Dict) -> \"PublicKeyBundle\":\n    \"\"\"\n    SECURITY: Does NOT verify signature. Call verify_signature() after creation.\n    \"\"\"\n    # Creates bundle without verification\n```\n\n### Impact\n\nIf `from_dict()` followed by `to_identity()` is called without an intervening `verify_signature()` call, encryption could be performed against an attacker's public key, leaking secrets. While `key_resolver.py` (lines 146-147) does verify before use, the unguarded API path remains directly callable.\n\n### Recommended Fix\n\n- Add a `verified` flag to `PublicKeyBundle` that must be set before `to_identity()` can be called\n- Or have `to_identity()` automatically call `verify_signature()` and raise on failure\n- Or make `from_dict()` require verification as part of construction\n\n### Fix\n\nFixed in commit `f4a1ba6` on branch `releases/1.4.x` — from_dict() now verifies self_signature by default (verify=True parameter); raises ValueError on verification failure.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "openssl-encrypt"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.4.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/jahlives/openssl_encrypt/security/advisories/GHSA-8h88-gxp3-j7pg"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jahlives/openssl_encrypt/commit/f4a1ba660063cd9e17883829e5272a248525a16b"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/jahlives/openssl_encrypt"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-347"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T21:11:14Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/04/GHSA-c65f-x25w-62jv/GHSA-c65f-x25w-62jv.json

@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c65f-x25w-62jv",
+  "modified": "2026-04-01T21:12:37Z",
+  "published": "2026-04-01T21:12:37Z",
+  "aliases": [],
+  "summary": "openssl-encrypt has CORS wildcard with allow_credentials=True in standalone servers",
+  "details": "### Summary\n\nBoth standalone servers configure CORS with `allow_origins=[\"*\"]`, `allow_credentials=True`, `allow_methods=[\"*\"]`, and `allow_headers=[\"*\"]`.\n\n### Affected Code\n\n```python\n# server/key-server/app/main.py:86-92\n# server/telemetry-server/app/main.py:23-29\napp.add_middleware(\n    CORSMiddleware,\n    allow_origins=settings.cors_origins,  # defaults to [\"*\"]\n    allow_credentials=True,\n    allow_methods=[\"*\"],\n    allow_headers=[\"*\"],\n)\n```\n\nThe docker-compose file (`openssl_encrypt_server/docker-compose.yml:75`) also defaults `CORS_ORIGINS` to `*`, and `.env.example` ships with `CORS_ORIGINS=*`.\n\n### Impact\n\nThis is the most permissive CORS configuration possible, allowing any website to make fully credentialed cross-origin requests to the API. An attacker's website could make authenticated API calls on behalf of any user who visits it.\n\n### Recommended Fix\n\n- Remove wildcard defaults — require explicit origin configuration\n- Never combine `allow_origins=[\"*\"]` with `allow_credentials=True`\n- Update `.env.example` with placeholder domains instead of `*`\n\n### Fix\n\nFixed in commit `809416b` on branch `releases/1.4.x` — changed CORS default from [\"*\"] to [] in both key-server and telemetry-server; added validation rejecting wildcard when debug=False.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "openssl-encrypt"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.4.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/jahlives/openssl_encrypt/security/advisories/GHSA-c65f-x25w-62jv"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jahlives/openssl_encrypt/commit/809416b74d2749cdcffb484cd65b057e1685cc13"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/jahlives/openssl_encrypt"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T21:12:37Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/04/GHSA-hvc7-763r-4f3h/GHSA-hvc7-763r-4f3h.json

@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hvc7-763r-4f3h",
+  "modified": "2026-04-01T21:11:32Z",
+  "published": "2026-04-01T21:11:32Z",
+  "aliases": [],
+  "summary": "openssl-encrypt has no owner verification on key revocation — any client can revoke any key",
+  "details": "### Summary\n\nThe `revoke_key` method in `openssl_encrypt_server/modules/keyserver/service.py` at **lines 195-270** accepts a `client_id` parameter but never verifies that the requesting client is the same as `key.owner_client_id`.\n\n### Impact\n\nAny authenticated client can revoke any other client's key, as long as they provide a valid revocation signature. While the signature requirement mitigates this somewhat (you need the private key to sign), the lack of ownership check is a defense-in-depth gap.\n\n### Recommended Fix\n\n- Add an ownership check: verify `client_id == key.owner_client_id` before allowing revocation\n- Return 403 Forbidden if the requesting client does not own the key\n\n### Fix\n\nFixed in commit `05e45f3` on branch `releases/1.4.x` — added documentation that ML-DSA signature verification IS the cryptographic ownership check; added info-level logging on successful verification.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "openssl-encrypt"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.4.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/jahlives/openssl_encrypt/security/advisories/GHSA-hvc7-763r-4f3h"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jahlives/openssl_encrypt/commit/05e45f393886b5bf7e924d2dd42099a9dd37f91d"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/jahlives/openssl_encrypt"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-01T21:11:32Z",
+    "nvd_published_at": null
+  }
+}