Publish Advisories

GHSA-v98v-ff95-f3cp
GHSA-4hgg-c4rr-6h7f
GHSA-525j-95gf-766f
GHSA-ch3w-9456-38v3

Author: advisory-database[bot]

advisories/github-reviewed/2025/12/GHSA-v98v-ff95-f3cp/GHSA-v98v-ff95-f3cp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v98v-ff95-f3cp",
-  "modified": "2026-01-09T16:53:15Z",
+  "modified": "2026-03-11T20:39:31Z",
   "published": "2025-12-22T16:19:13Z",
   "aliases": [
     "CVE-2025-68613"
@@ -78,6 +78,14 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/n8n-io/n8n"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platform"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68613"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2026/03/GHSA-4hgg-c4rr-6h7f/GHSA-4hgg-c4rr-6h7f.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4hgg-c4rr-6h7f",
-  "modified": "2026-03-09T17:27:52Z",
+  "modified": "2026-03-11T20:39:09Z",
   "published": "2026-03-09T17:27:52Z",
   "aliases": [
     "CVE-2026-29196"
   ],
   "summary": "Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys",
-  "details": "A user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/{network} or GET /api/nodes/{network}. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without filtering based on the requesting user's ownership.",
+  "details": "A user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/{network} or GET /api/nodes/{network}. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without filtering based on the requesting user's ownership.\n\n> Credits\n> Artem Danilov (Positive Technologies)",
   "severity": [
     {
       "type": "CVSS_V4",

advisories/github-reviewed/2026/03/GHSA-525j-95gf-766f/GHSA-525j-95gf-766f.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-525j-95gf-766f",
-  "modified": "2026-03-09T19:48:12Z",
+  "modified": "2026-03-11T20:40:06Z",
   "published": "2026-03-09T19:48:12Z",
   "aliases": [
     "CVE-2026-30933"
@@ -62,6 +62,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-09T19:48:12Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-10T18:18:53Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-ch3w-9456-38v3/GHSA-ch3w-9456-38v3.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-ch3w-9456-38v3",
-  "modified": "2026-03-09T17:27:49Z",
+  "modified": "2026-03-11T20:39:22Z",
   "published": "2026-03-09T17:27:49Z",
   "aliases": [
     "CVE-2026-29195"
   ],
   "summary": "Netmaker has Privilege Escalation from Admin to Super-Admin via User Update",
-  "details": "The user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the super-admin role.",
+  "details": "The user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the super-admin role.\n\n> Credits\n> Artem Danilov (Positive Technologies)",
   "severity": [
     {
       "type": "CVSS_V4",