🛡️ Security: Implement Zayed Shield v1.0 - Advanced Automation & Neural Scanning

advisories/github-reviewed/2019/07/GHSA-hf23-9pf7-388p/GHSA-hf23-9pf7-388p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hf23-9pf7-388p",
-  "modified": "2025-04-01T16:33:05Z",
+  "modified": "2026-02-24T15:32:32Z",
   "published": "2019-07-26T16:09:47Z",
   "aliases": [
     "CVE-2019-10173"
@@ -25,17 +25,17 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.4.10"
             },
             {
               "fixed": "1.4.11"
             }
           ]
         }
       ],
-      "database_specific": {
-        "last_known_affected_version_range": "<= 1.4.10"
-      }
+      "versions": [
+        "1.4.10"
+      ]
     }
   ],
   "references": [

advisories/github-reviewed/2021/03/GHSA-5mg8-w23w-74h3/GHSA-5mg8-w23w-74h3.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5mg8-w23w-74h3",
-  "modified": "2023-08-18T15:56:36Z",
+  "modified": "2026-02-23T22:45:53Z",
   "published": "2021-03-25T17:04:19Z",
   "aliases": [
     "CVE-2020-8908"
   ],
   "summary": "Information Disclosure in Guava",
-  "details": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\n",
+  "details": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8v38-pw62-9cw2",
-  "modified": "2025-12-20T03:15:43Z",
+  "modified": "2026-02-20T19:56:16Z",
   "published": "2022-02-18T00:00:33Z",
   "aliases": [
     "CVE-2022-0639"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.0.0"
             },
             {
               "fixed": "1.5.7"

advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rqff-837h-mm52",
-  "modified": "2022-02-24T14:00:06Z",
+  "modified": "2026-02-20T19:56:07Z",
   "published": "2022-02-15T00:02:46Z",
   "aliases": [
     "CVE-2022-0512"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "0.1.0"
             },
             {
               "fixed": "1.5.6"

advisories/github-reviewed/2022/05/GHSA-j7j6-7hfx-5522/GHSA-j7j6-7hfx-5522.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j7j6-7hfx-5522",
-  "modified": "2026-01-22T22:34:03Z",
+  "modified": "2026-02-25T14:07:30Z",
   "published": "2022-05-24T17:07:06Z",
   "withdrawn": "2026-01-22T22:34:03Z",
   "aliases": [],
   "summary": "Duplicate Advisory: Inconsistent Interpretation of HTTP Requests in Waitress",
-  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references.\n\n## Original Description\nWaitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.",
+  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-4ppp-gpcr-7qf6. This link is maintained to preserve external references.\n\n## Original Description\nWaitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2025/03/GHSA-j3wr-m6xh-64hg/GHSA-j3wr-m6xh-64hg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j3wr-m6xh-64hg",
-  "modified": "2025-03-21T17:40:52Z",
+  "modified": "2026-02-24T16:08:07Z",
   "published": "2025-03-20T12:32:43Z",
   "aliases": [
     "CVE-2024-12704"
@@ -18,7 +18,7 @@
     {
       "package": {
         "ecosystem": "PyPI",
-        "name": "llama_index"
+        "name": "llama-index-core"
       },
       "ranges": [
         {

advisories/github-reviewed/2025/04/GHSA-pmc3-p9hx-jq96/GHSA-pmc3-p9hx-jq96.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pmc3-p9hx-jq96",
-  "modified": "2026-02-18T23:34:53Z",
+  "modified": "2026-02-20T16:51:12Z",
   "published": "2025-04-23T14:43:44Z",
   "aliases": [
     "CVE-2026-26994"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/refraction-networking/utls/security/advisories/GHSA-pmc3-p9hx-jq96"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26994"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/refraction-networking/utls/issues/181"
@@ -64,6 +68,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-04-23T14:43:44Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-20T03:16:01Z"
   }
 }

advisories/github-reviewed/2025/06/GHSA-8j8w-wwqc-x596/GHSA-8j8w-wwqc-x596.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8j8w-wwqc-x596",
-  "modified": "2025-12-22T18:41:25Z",
+  "modified": "2026-02-20T21:48:11Z",
   "published": "2025-06-02T06:30:32Z",
   "aliases": [
     "CVE-2025-49113"
@@ -99,6 +99,10 @@
       "type": "WEB",
       "url": "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113"
+    },
     {
       "type": "WEB",
       "url": "https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script"

advisories/unreviewed/2025/10/GHSA-87xj-ghmc-c3xq/GHSA-87xj-ghmc-c3xq.json → advisories/github-reviewed/2025/10/GHSA-87xj-ghmc-c3xq/GHSA-87xj-ghmc-c3xq.json

@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-87xj-ghmc-c3xq",
-  "modified": "2025-10-10T18:31:24Z",
+  "modified": "2026-02-25T19:19:27Z",
   "published": "2025-10-10T18:31:23Z",
   "aliases": [
     "CVE-2025-11580"
   ],
+  "summary": " PowerJob has Missing Authorization in its /user/list file",
   "details": "A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.",
   "severity": [
     {
@@ -14,10 +15,30 @@
     },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "tech.powerjob:powerjob"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "5.1.2"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "affected": [],
   "references": [
     {
       "type": "ADVISORY",
@@ -27,6 +48,10 @@
       "type": "WEB",
       "url": "https://github.com/PowerJob/PowerJob/issues/1127"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/PowerJob/PowerJob"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.327902"
@@ -45,8 +70,8 @@
       "CWE-862"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-25T19:19:27Z",
     "nvd_published_at": "2025-10-10T18:15:37Z"
   }
 }

advisories/github-reviewed/2025/12/GHSA-6h4f-pj3g-q8fq/GHSA-6h4f-pj3g-q8fq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6h4f-pj3g-q8fq",
-  "modified": "2026-01-21T21:20:42Z",
+  "modified": "2026-02-25T20:15:41Z",
   "published": "2025-12-03T21:31:04Z",
   "aliases": [
     "CVE-2024-3884"
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "2.3.21.Final"
+              "fixed": "2.2.39.Final"
             }
           ]
         }
@@ -39,9 +39,41 @@
         "ecosystem": "Maven",
         "name": "io.undertow:undertow-core"
       },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.4.0.Alpha1"
+            },
+            {
+              "fixed": "2.4.0.Beta1"
+            }
+          ]
+        }
+      ],
       "versions": [
         "2.4.0.Alpha1"
       ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "io.undertow:undertow-core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.3.0.Alpha1"
+            },
+            {
+              "fixed": "2.3.21.Final"
+            }
+          ]
+        }
+      ]
     }
   ],
   "references": [
@@ -51,59 +83,79 @@
     },
     {
       "type": "WEB",
-      "url": "https://github.com/undertow-io/undertow/pull/1856"
+      "url": "https://github.com/undertow-io/undertow/pull/1894"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/undertow-io/undertow/pull/1882"
     },
     {
       "type": "WEB",
       "url": "https://github.com/undertow-io/undertow/pull/1860"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:22773"
+      "url": "https://github.com/undertow-io/undertow/pull/1856"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:22775"
+      "url": "https://github.com/undertow-io/undertow/commit/cb854c779b9e2368c3c274ebd7217c8e75d505be"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:22777"
+      "url": "https://github.com/undertow-io/undertow/releases/tag/2.4.0.Beta1"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:3990"
+      "url": "https://github.com/undertow-io/undertow/releases/tag/2.3.21.Final"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:3992"
+      "url": "https://github.com/undertow-io/undertow/releases/tag/2.2.39.Final"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/undertow-io/undertow"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:0383"
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:0384"
+      "url": "https://access.redhat.com/security/cve/CVE-2024-3884"
     },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0386"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/security/cve/CVE-2024-3884"
+      "url": "https://access.redhat.com/errata/RHSA-2026:0384"
     },
     {
       "type": "WEB",
-      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
+      "url": "https://access.redhat.com/errata/RHSA-2026:0383"
     },
     {
-      "type": "PACKAGE",
-      "url": "https://github.com/undertow-io/undertow"
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:3992"
     },
     {
       "type": "WEB",
-      "url": "https://github.com/undertow-io/undertow/releases/tag/2.3.21.Final"
+      "url": "https://access.redhat.com/errata/RHSA-2025:3990"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22777"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22775"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22773"
     }
   ],
   "database_specific": {