Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2025/09/GHSA-95h4-w6j8-2rp8/GHSA-95h4-w6j8-2rp8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-95h4-w6j8-2rp8",
-  "modified": "2026-01-09T00:30:27Z",
+  "modified": "2026-03-05T21:30:23Z",
   "published": "2025-09-02T15:31:08Z",
   "aliases": [
     "CVE-2025-9784"
@@ -69,15 +69,15 @@
     },
     {
       "type": "WEB",
-      "url": "https://github.com/undertow-io/undertow/pull/1778"
+      "url": "https://github.com/undertow-io/undertow/pull/1803"
     },
     {
       "type": "WEB",
       "url": "https://github.com/undertow-io/undertow/pull/1802"
     },
     {
       "type": "WEB",
-      "url": "https://github.com/undertow-io/undertow/pull/1803"
+      "url": "https://github.com/undertow-io/undertow/pull/1778"
     },
     {
       "type": "WEB",
@@ -107,6 +107,18 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-9784"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3892"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3891"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3889"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0386"

advisories/github-reviewed/2025/12/GHSA-6h4f-pj3g-q8fq/GHSA-6h4f-pj3g-q8fq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6h4f-pj3g-q8fq",
-  "modified": "2026-02-25T20:15:41Z",
+  "modified": "2026-03-05T21:30:24Z",
   "published": "2025-12-03T21:31:04Z",
   "aliases": [
     "CVE-2024-3884"
@@ -125,6 +125,18 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2024-3884"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3892"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3891"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3889"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0386"

advisories/github-reviewed/2026/01/GHSA-gv94-wp4h-vv8p/GHSA-gv94-wp4h-vv8p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gv94-wp4h-vv8p",
-  "modified": "2026-01-08T21:14:12Z",
+  "modified": "2026-03-05T21:30:25Z",
   "published": "2026-01-08T06:31:32Z",
   "aliases": [
     "CVE-2026-0707"
@@ -40,6 +40,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0707"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3947"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3948"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-0707"

advisories/github-reviewed/2026/01/GHSA-j382-5jj3-vw4j/GHSA-j382-5jj3-vw4j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j382-5jj3-vw4j",
-  "modified": "2026-03-05T15:30:33Z",
+  "modified": "2026-03-05T21:30:25Z",
   "published": "2026-01-07T18:30:25Z",
   "aliases": [
     "CVE-2025-12543"
@@ -88,10 +88,22 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0386"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3889"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:3890"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3891"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3892"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-12543"

advisories/github-reviewed/2026/03/GHSA-573f-x89g-hqp9/GHSA-573f-x89g-hqp9.json

@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-573f-x89g-hqp9",
+  "modified": "2026-03-05T21:29:54Z",
+  "published": "2026-03-05T21:29:54Z",
+  "aliases": [
+    "CVE-2026-3419"
+  ],
+  "summary": "Fastify's Missing End Anchor in \"subtypeNameReg\" Allows Malformed Content-Types to Pass Validation",
+  "details": "# Description\n\nFastify incorrectly accepts malformed `Content-Type` headers containing trailing characters after the subtype token, in violation of [RFC 9110 §8.3.1](https://httpwg.org/specs/rfc9110.html#field.content-type). For example, a request sent with `Content-Type: application/json garbage` passes validation and is processed normally, rather than being rejected with `415 Unsupported Media Type`.\n\nWhen regex-based content-type parsers are in use (a documented Fastify feature), the malformed value is matched against registered parsers using the full string including the trailing garbage. This means a request with an invalid content-type may be routed to and processed by a parser it should never have reached.\n\n## Impact\n\nAn attacker can send requests with RFC-invalid `Content-Type` headers that bypass validity checks, reach content-type parser matching, and be processed by the server. Requests that should be rejected at the validation stage are instead handled as if the content-type were valid.\n\n## Workarounds\n\nDeploy a WAF rule to protect against this\n\n## Fix\n\nThe fix is available starting with v5.8.1.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "fastify"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "5.7.2"
+            },
+            {
+              "fixed": "5.8.1"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 5.8.0"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/fastify/fastify/security/advisories/GHSA-573f-x89g-hqp9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/fastify/fastify/commit/67f6c9b32cb3623d3c9470cc17ed830dd2f083d7"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/fastify/fastify"
+    },
+    {
+      "type": "WEB",
+      "url": "https://httpwg.org/specs/rfc9110.html#field.content-type"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-185"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-05T21:29:54Z",
+    "nvd_published_at": null
+  }
+}

advisories/unreviewed/2022/05/GHSA-2h24-74j8-q5hx/GHSA-2h24-74j8-q5hx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2h24-74j8-q5hx",
-  "modified": "2022-05-24T17:12:46Z",
+  "modified": "2026-03-05T21:30:23Z",
   "published": "2022-05-24T17:12:46Z",
   "aliases": [
     "CVE-2020-9375"
   ],
   "details": "TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -18,6 +23,10 @@
       "type": "WEB",
       "url": "https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://thewhiteh4t.github.io/blog/cve-2020-9375-tplink"
+    },
     {
       "type": "WEB",
       "url": "https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware"
@@ -28,7 +37,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-772"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2022/05/GHSA-3jm5-8qwr-jvwm/GHSA-3jm5-8qwr-jvwm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3jm5-8qwr-jvwm",
-  "modified": "2022-05-13T01:52:48Z",
+  "modified": "2026-03-05T21:30:23Z",
   "published": "2022-05-13T01:52:48Z",
   "aliases": [
     "CVE-2018-5383"
@@ -70,6 +70,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-325",
       "CWE-347"
     ],
     "severity": "MODERATE",

advisories/unreviewed/2022/05/GHSA-82r9-7ww3-jr86/GHSA-82r9-7ww3-jr86.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-82r9-7ww3-jr86",
-  "modified": "2024-12-27T21:30:30Z",
+  "modified": "2026-03-05T21:30:22Z",
   "published": "2022-05-17T00:13:28Z",
   "aliases": [
     "CVE-2017-7921"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7921"
+    },
     {
       "type": "WEB",
       "url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20170314"

advisories/unreviewed/2022/05/GHSA-pvh9-p4pw-h78q/GHSA-pvh9-p4pw-h78q.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pvh9-p4pw-h78q",
-  "modified": "2022-05-24T17:43:33Z",
+  "modified": "2026-03-05T21:30:23Z",
   "published": "2022-05-24T17:43:33Z",
   "aliases": [
     "CVE-2021-22681"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22681"
     }
   ],
   "database_specific": {

advisories/unreviewed/2024/01/GHSA-58c3-hjfx-2gmq/GHSA-58c3-hjfx-2gmq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-58c3-hjfx-2gmq",
-  "modified": "2025-11-04T21:31:03Z",
+  "modified": "2026-03-05T21:30:23Z",
   "published": "2024-01-11T00:30:25Z",
   "aliases": [
     "CVE-2023-41974"
@@ -19,13 +19,21 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41974"
     },
+    {
+      "type": "WEB",
+      "url": "https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit"
+    },
     {
       "type": "WEB",
       "url": "https://support.apple.com/en-us/HT213938"
     },
     {
       "type": "WEB",
       "url": "https://support.apple.com/kb/HT213938"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974"
     }
   ],
   "database_specific": {