github
diff --git a/‎advisories/github-reviewed/2026/04/GHSA-q8h3-jv9v-57qx/GHSA-q8h3-jv9v-57qx.json‎
Lines changed: 19 additions & 19 deletions b/‎advisories/github-reviewed/2026/04/GHSA-q8h3-jv9v-57qx/GHSA-q8h3-jv9v-57qx.json‎
Lines changed: 19 additions & 19 deletions
diff --git a/‎advisories/unreviewed/2022/05/GHSA-hr98-frg6-wvvr/GHSA-hr98-frg6-wvvr.json‎
Lines changed: 13 additions & 1 deletion b/‎advisories/unreviewed/2022/05/GHSA-hr98-frg6-wvvr/GHSA-hr98-frg6-wvvr.json‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2022/05/GHSA-mh8f-5gw2-5wgh/GHSA-mh8f-5gw2-5wgh.json‎
Lines changed: 1 addition & 1 deletion b/‎advisories/unreviewed/2022/05/GHSA-mh8f-5gw2-5wgh/GHSA-mh8f-5gw2-5wgh.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎advisories/unreviewed/2025/11/GHSA-g7mr-vm94-3rv7/GHSA-g7mr-vm94-3rv7.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/11/GHSA-g7mr-vm94-3rv7/GHSA-g7mr-vm94-3rv7.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/03/GHSA-c75f-55f6-f63q/GHSA-c75f-55f6-f63q.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2026/03/GHSA-c75f-55f6-f63q/GHSA-c75f-55f6-f63q.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/03/GHSA-rm92-fj5q-mpj5/GHSA-rm92-fj5q-mpj5.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2026/03/GHSA-rm92-fj5q-mpj5/GHSA-rm92-fj5q-mpj5.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/03/GHSA-wx98-99rr-664q/GHSA-wx98-99rr-664q.json‎
Lines changed: 2 additions & 1 deletion b/‎advisories/unreviewed/2026/03/GHSA-wx98-99rr-664q/GHSA-wx98-99rr-664q.json‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/03/GHSA-xrqh-48jh-pjv2/GHSA-xrqh-48jh-pjv2.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2026/03/GHSA-xrqh-48jh-pjv2/GHSA-xrqh-48jh-pjv2.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/04/GHSA-23m2-3g75-jvc8/GHSA-23m2-3g75-jvc8.json‎
Lines changed: 40 additions & 0 deletions b/‎advisories/unreviewed/2026/04/GHSA-23m2-3g75-jvc8/GHSA-23m2-3g75-jvc8.json‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/04/GHSA-263f-2q4p-95qq/GHSA-263f-2q4p-95qq.json‎
Lines changed: 29 additions & 0 deletions b/‎advisories/unreviewed/2026/04/GHSA-263f-2q4p-95qq/GHSA-263f-2q4p-95qq.json‎
Lines changed: 29 additions & 0 deletions
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q8h3-jv9v-57qx",
-  "modified": "2026-04-14T23:31:38Z",
+  "modified": "2026-04-16T15:32:16Z",
   "published": "2026-04-14T23:31:38Z",
   "aliases": [],
   "summary": "ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing",
@@ -26,7 +26,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -45,7 +45,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -64,7 +64,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -83,7 +83,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -102,7 +102,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -121,7 +121,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -140,7 +140,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -159,7 +159,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -178,7 +178,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -197,7 +197,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -216,7 +216,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -235,7 +235,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -254,7 +254,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -273,7 +273,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -292,7 +292,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -311,7 +311,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -330,7 +330,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
@@ -349,7 +349,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "14.20.0"
+              "fixed": "14.12.0"
             }
           ]
         }
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hr98-frg6-wvvr",
-  "modified": "2023-03-29T21:30:22Z",
+  "modified": "2026-04-16T15:31:26Z",
   "published": "2022-05-24T22:00:36Z",
   "aliases": [
     "CVE-2019-5481"
@@ -23,6 +23,18 @@
       "type": "WEB",
       "url": "https://curl.haxx.se/docs/CVE-2019-5481.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mh8f-5gw2-5wgh",
-  "modified": "2022-05-24T17:27:38Z",
+  "modified": "2026-04-16T15:31:26Z",
   "published": "2022-05-24T17:27:38Z",
   "aliases": [
     "CVE-2020-1968"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g7mr-vm94-3rv7",
-  "modified": "2026-04-16T12:31:39Z",
+  "modified": "2026-04-16T15:31:26Z",
   "published": "2025-11-18T21:32:31Z",
   "aliases": [
     "CVE-2025-61662"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:7243"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7239"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:6492"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c75f-55f6-f63q",
-  "modified": "2026-03-19T15:31:22Z",
+  "modified": "2026-04-16T15:31:27Z",
   "published": "2026-03-19T15:31:21Z",
   "aliases": [
     "CVE-2026-4424"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/libarchive/libarchive/pull/2898"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:8492"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-4424"
 
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rm92-fj5q-mpj5",
-  "modified": "2026-04-07T18:31:30Z",
+  "modified": "2026-04-16T15:31:27Z",
   "published": "2026-03-20T15:31:14Z",
   "aliases": [
     "CVE-2026-4519"
   ],
   "details": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open().",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
 
@@ -34,7 +34,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-306"
+      "CWE-306",
+      "CWE-434"
     ],
     "severity": "CRITICAL",
     "github_reviewed": false,
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xrqh-48jh-pjv2",
-  "modified": "2026-04-09T21:31:25Z",
+  "modified": "2026-04-16T15:31:26Z",
   "published": "2026-03-13T21:31:51Z",
   "aliases": [
     "CVE-2026-4111"
@@ -47,6 +47,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:7106"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7239"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:7329"
 
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-23m2-3g75-jvc8",
+  "modified": "2026-04-16T15:31:32Z",
+  "published": "2026-04-16T15:31:32Z",
+  "aliases": [
+    "CVE-2026-4160"
+  ],
+  "details": "The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submission_id' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and ownership validation on a user controlled key in the Stripe SCA confirmation AJAX endpoint. This makes it possible for unauthenticated attackers to modify payment status of targeted pending submissions (for example, setting the status to \"failed\").",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4160"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3496638/fluentform"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/154fc656-3a33-4783-a941-10bb848244b3?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-16T14:16:18Z"
+  }
+}
@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-263f-2q4p-95qq",
+  "modified": "2026-04-16T15:31:32Z",
+  "published": "2026-04-16T15:31:32Z",
+  "aliases": [
+    "CVE-2026-37339"
+  ],
+  "details": "SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37339"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-3.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-16T15:17:36Z"
+  }
+}
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-q8h3-jv9v-57qx",`
`4`		`- "modified": "2026-04-14T23:31:38Z",`
	`4`	`+ "modified": "2026-04-16T15:32:16Z",`
`5`	`5`	`"published": "2026-04-14T23:31:38Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing",`
`@@ -26,7 +26,7 @@`
`26`	`26`	`"introduced": "0"`
`27`	`27`	`},`
`28`	`28`	`{`
`29`		`- "fixed": "14.20.0"`
	`29`	`+ "fixed": "14.12.0"`
`30`	`30`	`}`
`31`	`31`	`]`
`32`	`32`	`}`
`@@ -45,7 +45,7 @@`
`45`	`45`	`"introduced": "0"`
`46`	`46`	`},`
`47`	`47`	`{`
`48`		`- "fixed": "14.20.0"`
	`48`	`+ "fixed": "14.12.0"`
`49`	`49`	`}`
`50`	`50`	`]`
`51`	`51`	`}`
`@@ -64,7 +64,7 @@`
`64`	`64`	`"introduced": "0"`
`65`	`65`	`},`
`66`	`66`	`{`
`67`		`- "fixed": "14.20.0"`
	`67`	`+ "fixed": "14.12.0"`
`68`	`68`	`}`
`69`	`69`	`]`
`70`	`70`	`}`
`@@ -83,7 +83,7 @@`
`83`	`83`	`"introduced": "0"`
`84`	`84`	`},`
`85`	`85`	`{`
`86`		`- "fixed": "14.20.0"`
	`86`	`+ "fixed": "14.12.0"`
`87`	`87`	`}`
`88`	`88`	`]`
`89`	`89`	`}`
`@@ -102,7 +102,7 @@`
`102`	`102`	`"introduced": "0"`
`103`	`103`	`},`
`104`	`104`	`{`
`105`		`- "fixed": "14.20.0"`
	`105`	`+ "fixed": "14.12.0"`
`106`	`106`	`}`
`107`	`107`	`]`
`108`	`108`	`}`
`@@ -121,7 +121,7 @@`
`121`	`121`	`"introduced": "0"`
`122`	`122`	`},`
`123`	`123`	`{`
`124`		`- "fixed": "14.20.0"`
	`124`	`+ "fixed": "14.12.0"`
`125`	`125`	`}`
`126`	`126`	`]`
`127`	`127`	`}`
`@@ -140,7 +140,7 @@`
`140`	`140`	`"introduced": "0"`
`141`	`141`	`},`
`142`	`142`	`{`
`143`		`- "fixed": "14.20.0"`
	`143`	`+ "fixed": "14.12.0"`
`144`	`144`	`}`
`145`	`145`	`]`
`146`	`146`	`}`
`@@ -159,7 +159,7 @@`
`159`	`159`	`"introduced": "0"`
`160`	`160`	`},`
`161`	`161`	`{`
`162`		`- "fixed": "14.20.0"`
	`162`	`+ "fixed": "14.12.0"`
`163`	`163`	`}`
`164`	`164`	`]`
`165`	`165`	`}`
`@@ -178,7 +178,7 @@`
`178`	`178`	`"introduced": "0"`
`179`	`179`	`},`
`180`	`180`	`{`
`181`		`- "fixed": "14.20.0"`
	`181`	`+ "fixed": "14.12.0"`
`182`	`182`	`}`
`183`	`183`	`]`
`184`	`184`	`}`
`@@ -197,7 +197,7 @@`
`197`	`197`	`"introduced": "0"`
`198`	`198`	`},`
`199`	`199`	`{`
`200`		`- "fixed": "14.20.0"`
	`200`	`+ "fixed": "14.12.0"`
`201`	`201`	`}`
`202`	`202`	`]`
`203`	`203`	`}`
`@@ -216,7 +216,7 @@`
`216`	`216`	`"introduced": "0"`
`217`	`217`	`},`
`218`	`218`	`{`
`219`		`- "fixed": "14.20.0"`
	`219`	`+ "fixed": "14.12.0"`
`220`	`220`	`}`
`221`	`221`	`]`
`222`	`222`	`}`
`@@ -235,7 +235,7 @@`
`235`	`235`	`"introduced": "0"`
`236`	`236`	`},`
`237`	`237`	`{`
`238`		`- "fixed": "14.20.0"`
	`238`	`+ "fixed": "14.12.0"`
`239`	`239`	`}`
`240`	`240`	`]`
`241`	`241`	`}`
`@@ -254,7 +254,7 @@`
`254`	`254`	`"introduced": "0"`
`255`	`255`	`},`
`256`	`256`	`{`
`257`		`- "fixed": "14.20.0"`
	`257`	`+ "fixed": "14.12.0"`
`258`	`258`	`}`
`259`	`259`	`]`
`260`	`260`	`}`
`@@ -273,7 +273,7 @@`
`273`	`273`	`"introduced": "0"`
`274`	`274`	`},`
`275`	`275`	`{`
`276`		`- "fixed": "14.20.0"`
	`276`	`+ "fixed": "14.12.0"`
`277`	`277`	`}`
`278`	`278`	`]`
`279`	`279`	`}`
`@@ -292,7 +292,7 @@`
`292`	`292`	`"introduced": "0"`
`293`	`293`	`},`
`294`	`294`	`{`
`295`		`- "fixed": "14.20.0"`
	`295`	`+ "fixed": "14.12.0"`
`296`	`296`	`}`
`297`	`297`	`]`
`298`	`298`	`}`
`@@ -311,7 +311,7 @@`
`311`	`311`	`"introduced": "0"`
`312`	`312`	`},`
`313`	`313`	`{`
`314`		`- "fixed": "14.20.0"`
	`314`	`+ "fixed": "14.12.0"`
`315`	`315`	`}`
`316`	`316`	`]`
`317`	`317`	`}`
`@@ -330,7 +330,7 @@`
`330`	`330`	`"introduced": "0"`
`331`	`331`	`},`
`332`	`332`	`{`
`333`		`- "fixed": "14.20.0"`
	`333`	`+ "fixed": "14.12.0"`
`334`	`334`	`}`
`335`	`335`	`]`
`336`	`336`	`}`
`@@ -349,7 +349,7 @@`
`349`	`349`	`"introduced": "0"`
`350`	`350`	`},`
`351`	`351`	`{`
`352`		`- "fixed": "14.20.0"`
	`352`	`+ "fixed": "14.12.0"`
`353`	`353`	`}`
`354`	`354`	`]`
`355`	`355`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-mh8f-5gw2-5wgh",`
`4`		`- "modified": "2022-05-24T17:27:38Z",`
	`4`	`+ "modified": "2026-04-16T15:31:26Z",`
`5`	`5`	`"published": "2022-05-24T17:27:38Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2020-1968"`