Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-29h3-7qgp-vff3/GHSA-29h3-7qgp-vff3.json

@@ -34,7 +34,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-20"
+      "CWE-20",
+      "CWE-77"
     ],
     "severity": "CRITICAL",
     "github_reviewed": false,

advisories/unreviewed/2022/05/GHSA-c6m9-3wv9-q2mf/GHSA-c6m9-3wv9-q2mf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c6m9-3wv9-q2mf",
-  "modified": "2022-05-24T16:53:38Z",
+  "modified": "2025-05-05T21:31:14Z",
   "published": "2022-05-24T16:53:38Z",
   "aliases": [
     "CVE-2019-8062"
   ],
   "details": "Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-426"
+      "CWE-426",
+      "CWE-427"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2022/11/GHSA-87qx-qrr6-fwpw/GHSA-87qx-qrr6-fwpw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-87qx-qrr6-fwpw",
-  "modified": "2022-11-03T19:00:28Z",
+  "modified": "2025-05-05T21:31:14Z",
   "published": "2022-11-01T19:00:31Z",
   "aliases": [
     "CVE-2022-42317"
@@ -19,6 +19,18 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42317"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"

advisories/unreviewed/2022/11/GHSA-98q5-67c3-cpjc/GHSA-98q5-67c3-cpjc.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-732"
+      "CWE-732",
+      "CWE-863"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2022/11/GHSA-px5j-xw79-w7p8/GHSA-px5j-xw79-w7p8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-px5j-xw79-w7p8",
-  "modified": "2022-11-10T12:01:17Z",
+  "modified": "2025-05-05T21:31:15Z",
   "published": "2022-11-08T12:00:23Z",
   "aliases": [
     "CVE-2022-3872"

advisories/unreviewed/2022/11/GHSA-rgfj-62rr-5vf5/GHSA-rgfj-62rr-5vf5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rgfj-62rr-5vf5",
-  "modified": "2022-11-04T12:00:23Z",
+  "modified": "2025-05-05T21:31:15Z",
   "published": "2022-11-01T19:00:30Z",
   "aliases": [
     "CVE-2022-42327"
@@ -53,7 +53,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-284"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2022/11/GHSA-xxpf-x8mq-p6v4/GHSA-xxpf-x8mq-p6v4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xxpf-x8mq-p6v4",
-  "modified": "2022-11-03T19:00:28Z",
+  "modified": "2025-05-05T21:31:14Z",
   "published": "2022-11-01T19:00:31Z",
   "aliases": [
     "CVE-2022-42316"
@@ -19,6 +19,18 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42316"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ"

advisories/unreviewed/2024/03/GHSA-27hg-5398-wvrh/GHSA-27hg-5398-wvrh.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-352"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/03/GHSA-7ph5-37r4-fwh8/GHSA-7ph5-37r4-fwh8.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-601"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/03/GHSA-ph77-97qp-2vrp/GHSA-ph77-97qp-2vrp.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/03/GHSA-qmw9-5q6h-hjxj/GHSA-qmw9-5q6h-hjxj.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/03/GHSA-qqm8-xpjj-m663/GHSA-qqm8-xpjj-m663.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-352"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/03/GHSA-vmmc-658q-cfx9/GHSA-vmmc-658q-cfx9.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/03/GHSA-w2f5-f39c-297g/GHSA-w2f5-f39c-297g.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w2f5-f39c-297g",
-  "modified": "2024-03-18T21:31:23Z",
+  "modified": "2025-05-05T21:31:16Z",
   "published": "2024-03-18T21:31:23Z",
   "aliases": [
     "CVE-2024-0858"
   ],
   "details": "The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-03-18T19:15:06Z"

advisories/unreviewed/2025/04/GHSA-58gq-7w24-hj3p/GHSA-58gq-7w24-hj3p.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-122"
+      "CWE-122",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/04/GHSA-cw83-5fh9-w7xx/GHSA-cw83-5fh9-w7xx.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-122"
+      "CWE-122",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/04/GHSA-ggqx-jcf7-78x8/GHSA-ggqx-jcf7-78x8.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-122"
+      "CWE-122",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/04/GHSA-j5q7-6x8m-99jx/GHSA-j5q7-6x8m-99jx.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-122"
+      "CWE-122",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/05/GHSA-2544-hpcq-6g27/GHSA-2544-hpcq-6g27.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2544-hpcq-6g27",
+  "modified": "2025-05-05T21:31:28Z",
+  "published": "2025-05-05T21:31:28Z",
+  "aliases": [
+    "CVE-2025-29573"
+  ],
+  "details": "Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the \"View Entries\" feature within the Forms module.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29573"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/stephenmcd/mezzanine"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.squadappsec.com/post/cve-2025-29573-persistent-xss-in-mezzanine-cms-6-0-0-via-malicious-filename"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-05T19:15:55Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-2xjw-5437-xj2x/GHSA-2xjw-5437-xj2x.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2xjw-5437-xj2x",
+  "modified": "2025-05-05T21:31:29Z",
+  "published": "2025-05-05T21:31:29Z",
+  "aliases": [
+    "CVE-2025-1909"
+  ],
+  "details": "The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1909"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.buddyboss.com/resources/buddyboss-platform-pro-releases"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.buddyboss.com/resources/buddyboss-platform-pro-releases/2-7-10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cce9b8b-0589-4b09-b184-a66fc86fcb46?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-288"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-05T20:15:19Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-5g9r-rwq5-h87v/GHSA-5g9r-rwq5-h87v.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5g9r-rwq5-h87v",
+  "modified": "2025-05-05T21:31:30Z",
+  "published": "2025-05-05T21:31:30Z",
+  "aliases": [
+    "CVE-2025-45618"
+  ],
+  "details": "Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45618"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/huangjian888/jeeweb-mybatis-springboot/issues/31"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-05T20:15:21Z"
+  }
+}